PRIVACY NOTICE

Effective as of 4 May 2020

WAYSDERMA is committed to protecting and safeguarding your personal data, and issues this Notice to provide information on the processing of your personal data. This Privacy Notice provides a summary of what personal data are processed and used by UR TRAVELS Ltd. (WaysDerma is owned by UR TRAVELS KFT) as individual controllers, how and in regard of which data processing operations, and how the controllers protect such data in relation to your browsing of the website, purchases in the webshop and the use of other services provided to you.

Furthermore, this Privacy Notice shall also apply to data processing in connection with the official WaysDerma Facebook, Instagram, Youtube social media platforms (www.hu-hu.facebook.com/WaysDermawww.instagram.com/WaysDerma_official/?hl=hu, https://www.youtube.com/user/WaysDerma).

What are personal data? Personal data means any information or partial information relating to you as a natural person, on the basis of which you can be directly (e.g. based on your name) or indirectly (e.g. through a personal unique identifier) identified. Your personal data include details such as: your first name and surname, home address, email address or phone number.

This Privacy Notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

 

CONTROLLERS’ NAME AND CONTACT DETAILS

In respect of data processing in connection with the use of the information platforms of the www..WaysDerma.com website, browsing the website, services provided to professional users, as well as data processing in relation to the official social media platforms:

CONTROLLER: UR TRAVELS KFT

Registered office: H-1052 Budapest, Piarista utca 4, Hungary
Company registration number: 01-09-923609
Tax number: 14865101-2-41
Intra-Community VAT: HU14865101
Registered and kept on record by: Company Registry Court of Budapest-Capital Regional Court (Hungary)
Email: info@urtravels.net
Website: www.WaysDerma.com

Social media platforms: www.huhu.facebook.com/WaysDerma/ , www.instagram.com/WaysDerma_official/?hl=hu, https://www.youtube.com/user/WaysDerma.

In respect of data processing in relation to the operation of the webshop on the www.WaysDerma.com website and/or purchases in the webshop:

CONTROLLER: UR TRAVELS Kft

Registered office: H-1052 Budapest, Piarista utca 4, Hungary
Company registration number: 01-09-923609
Tax number: 148650101-2-41
Intra-Community VAT: HU14865101
Registered and kept on record by: Company Registry Court of Budapest-Capital Regional Court (Hungary)
Email: in English: customercare@WaysDerma.com

Please note that, for ease of comprehension, the identity of the controller acting as primary controller – i.e. the controller determining the purposes and means of processing, or being responsible for informing you and for answering your data processing enquiries – is also specifically indicated in the case of each data processing operation. 

Regarding certain data processing operations, they jointly determine the purposes and means of processing. The essential provisions of the contract concluded between them can be summarized as follows: Both controllers process your data. The controller indicated at the specific processing operations is responsible for providing the information mentioned in Articles 13 and 14 of the GDPR. The controller indicated at the specific processing operations is responsible for responding to your enquiries sent regarding that specific processing operation. However, you may exercise your rights pursuant to the GDPR in respect of both controllers via the adatvedelem@WaysDerma.com email address or the contact information indicated above. In respect of any damage caused by data processing, the above controllers shall have joint and several liability for the entire damage to provide actual compensation.

Name, address and contact details of the hosting service provider:  “Shopify Contracting Party” means Shopify Inc., a Canadian corporation, with offices located at 150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4., email: info@shopify.com website: www.Shopify.com

DATA PROTECTION ADMINISTRATOR’S NAME AND CONTACT DETAILS

In accordance with the provisions of the GDPR, UR TRAVELS KFT (WaysDerma) did not appoint a Data Protection Officer. However, if you have any question or comment in relation to the data processing operations of either company or wish to exercise your rights, you can do so at the customercare@WaysDerma.com email address, or by a postal letter to UR TRAVELS KFT  to H-1052 Budapest, Piarista utca 4. Hungary.

AMENDMENT OF THE PRIVACY NOTICE

UR TRAVELS KFT (Ways Derma)  reserves the right to unilaterally amend this Privacy Notice. If this Privacy Notice is amended, this fact will be specifically highlighted on the www.WaysDerma.com website. Any amendment to this Privacy Notice shall be effective as of the date of its publication on the website.

 

IF YOU ARE UNDER 18 YEARS OLD – INFORMATION FOR THOSE UNDER 18

Please note that you can only register on the website and/or create a retail or professional (beautician or beautician student) user account or purchase in the webshop individually if you are over 18 years. If you are under 18 years, ask one of your parents to help you use the website. If you are under 16 years old, then, before agreeing to cookies or subscribing to the newsletter, ask your parent to help you use these platforms and complete these platforms with the requested data together.

For parents: The website offers various services. Persons under the age of 18 may not register individually on the website or order products or services in the webshop. Therefore, in the case of underaged children below the age of 18, we request parents to place the order for their children. Furthermore, this section also applies to those who are under the charge of a guardian and have fully or partially limited capacity. Persons over the age of 16 can subscribe to newsletter and agree to the use of cookies, therefore, in the case of underaged children below the age of 16, we request parents to consent to the above on behalf of their children and, if possible, provide the requested data together.

THE CATEGORIES OF PERSONAL DATA PROCESSED; THE PURPOSE AND DURATION OF, AND THE LEGAL BASIS FOR PROCESSING

In the following, you can find a summary table regarding the processing of your personal data, which provides important information on what personal data are collected for what purposes and by which controller in connection with a given operation, what is the legal basis of data processing, and for how long are your personal data stored.

Please be informed that in certain cases the controllers also use processors under contract during their activities; such recipients are bound by secrecy and data protection obligations. The personal data may also be disclosed to further recipients, such as e.g. in the case of enforcement of your legal claims, to the court, consumer protection authority and arbitration board having subject-matter and territorial competence for the case. Personal data may also be disclosed upon request by a public authority, court or other authority. For the ease of comprehension, the processors and recipients to whom your data are transmitted, along with the purpose of transmission, are specifically identified for each data processing operation.

Pursuant to Section 5 (5) of the Privacy Act, we shall review the necessity of mandatory data processing cases based on a legal obligation every 3 years if the relevant law does not specify the duration of processing or a different period of review. In accordance with the same legal provision, we shall retain the documentation on the circumstances and results of the review for ten (10) years following such review.

  1. REGISTRATION

1.1. REGISTRATION FOR RETAIL USERS

The controller in respect of the data relating to retail user registration: UR TRAVELS Ltd.

For what purpose are your personal data processed?

So that you can register as a retail user on the website, and can create a retail user account in the framework of your registration e.g. for purchasing products more easily. Please note that registration is not necessary for webshop purchases; you may freely decide whether you want to register for your purchase and/or to create a user account within the framework of registration to facilitate your future purchases. Data subjects include the retail users who wish to create a retail account.

Which of your personal data do we process:

 

For how long do we process these data:

·         surname

·         first name

·         email address

·         the password chosen and provided by you during registration

 

 

 

On what basis do we process these (legal bases):

 

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to UR TRAVELS Ltd. processing your personal data specified in this Section for the purposes of registration on our website as a retail user. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

For how long do we process these data:

We will process your personal data until the withdrawal of your consent.

We will review our data processing every 3 years, including the updating of data.

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to register and create a retail user account. Your first name and surname are necessary for your identification, your email address for the confirmation of your registration, while the password serves to ensure your subsequent secure login to your user account.

Manner of erasing the data: We will erase your above personal data following withdrawal of your consent. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.

To whom we may transmit your data:  Within the organisation of UR TRAVELS  Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

 

 

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data:

·         surname

·         first name

·         email address

·         the password chosen and provided by you during registration

 

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to UR TRAVELS Ltd. processing your personal data specified in this Section for the purposes of registration on our website as a retail user. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

We will process your personal data until the withdrawal of your consent.

We will review our data processing every 3 years, including the updating of data.

 

 

1.2. REGISTRATION FOR PROFESSIONAL USERS – BEAUTICIANS AND BEAUTICIAN STUDENTS

The controller in respect of the data relating to professional user registration: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

So that you can register as a professional partner (as a beautician or beautician student) on the website if you are one of our partners in your capacity as a beautician or beautician student. Within the framework of professional registration, you receive access to the services offered to our beauticians on our website.  Please note that we will verify your eligibility for registration for the professional platform and it will only become active after approval. Data subjects include the professional users who wish to create a professional user account.

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 bUDAPEST, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to register as a professional user. Your first name and surname are necessary for your identification, your email address for the confirmation of your registration, while the password serves to ensure your subsequent secure login to your user account. The customer card number and, for beautician students, the certification of their legal relationship is necessary so that we can verify their eligibility to register for the professional user platform.

Manner of erasing the data: We will erase your above personal data following withdrawal of your consent. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.

To whom we may transmit your data:  Within the organisation of UR TRAVELS  Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 bUDAPEST, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

 

  1. PROVISION OF A USER ACCOUNT, LOGIN TO THE USER ACCOUNT

 2.1. PROVISION OF A RETAIL USER ACCOUNT, LOGIN TO THE USER ACCOUNT

The controller in respect of the data relating to login to the retail user account and the provision of the retail user account: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

If you are a retail user, so that you can log in to your retail user account created during registration and/or use your retail user account e.g. to facilitate your subsequent purchases e.g. by using the repurchase function. Data subjects include the retail users who have created a retail account.

You may freely decide which data you upload to your user account (except for the data necessary for the performance of your order and for issuing the invoice), and you can freely edit or even delete your uploaded data later.

 

Which of your personal data do we process:

 

On what basis do we process these (legal bases):

For how long do we process these data:

·         surname

·         first name

·         email address

·         your password

In certain cases:

·         phone number

·         your customer ID

·         delivery address

·         invoicing address

 

Your consent.

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to UR TRAVELS KFT. processing your personal data specified in this Section so as to provide a retail user account to you. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

We will process your personal data until the withdrawal of your consent.

 

We will review our data processing every 3 years, including the updating of data.

 

Your current and previous orders and the details thereof (order ID, products ordered, order total – the price of the individual products, the fact of using discounts, method and price of delivery, the fact of personal pickup if that was selected, means of payment, order status)

 

 

 

·         the fact of subscription for newsletter, settings of newsletter subscription

·         coupon code

·         data of personalised product recommendations

·         data of personalised cosmetic reviews

 

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary for displaying your current and previous orders, the details thereof and any discounts in your retail user account and/or for providing this function to you. This data processing also serves the business and economic interests of UR TRAVELS Ltd., the realisation of our envisaged business model, ensuring the high quality of our services and/or for our business development purposes. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: Only a limited number of dedicated employees within our organisation have access to the personal data. 

 

We shall process your personal data until you delete your retail user account and/or until you object to this processing – and where there is no other legal ground for the processing.

 

 

 

We will review our data processing every 3 years, including the updating of data.

 

 

 

 

 

 

We will review our data processing every 3 years, including the updating of data.

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data processing administrator. 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to use your user account and/or certain relating convenience functions. Your first name and surname are necessary for your identification, your email address and your password serves to ensure your secure login to your user account. Your email address, phone number, delivery and invoicing address are necessary for you to be able to use the convenience functions e.g. easier placement of orders, communication. We already have the data of your current and previous orders.

Manner of erasing the data: The data will be erased upon your objection or the withdrawal of your consent, where there is no other legal ground for the processing. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including performing data update; in the framework of that, you may state whether you want to maintain your registration.

To whom we may transmit your data:  Within the organisation of UR TRAVELS Ltd., your data may be accessed by the authorized dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

 

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 bUDAPEST, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

 

2.2. PROVISION OF A PROFESSIONAL USER ACCOUNT, LOGIN TO THE USER ACCOUNT

The controller in respect of the data relating to login to the professional user account and the provision of the professional user account: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

If you are our partner as a beautician or beautician student, we process your data so that you can use the professional user platform, along with the professional and convenience functions thereof, provided to our professional partners on the website (application to trainings and courses, application for professional events, notification on offers, access to the articles and awareness-raising materials prepared for our partners). On the professional user platform, only services ensured for our professional partners are available. Data subjects include the professional users who create a professional user account.

 

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data:

·         surname

·         first name

·         email address

·         the password chosen and provided by you during registration

·         for beauticians: customer card number

·         for beauticians, in certain cases: name of the salon

·         for beauticians, in certain cases: address of the salon

·         for beautician students: certification of the student relationship by the partner vocational school, name and signature of the school’s representative

·         phone number

·         orders

·         courses, name of course applied for

·         name of event applied for

·         memberships

·         invoicing data

·         coupon code

·         data of product recommendations issued

·         data of cosmetic review performed

·         authorization to issue product recommendations

·         authorization to issue coupons

·         data of coupon purchases

·         data of purchases upon product recommendations

·         commission balance

 

Legitimate interest

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can provide professional further training opportunities to our professional partners (beautician and beautician students) and so that they can easily and simply, in their professional user account, receive information about our further trainings, professional programs and events. The data processing also serves the goal that professional users can participate in efficient professional trainings. The beauticians using the professional user account act for purposes which are within their trade or business. For beautician students, data processing is also necessary so that we can perform our obligations to the partner institution.   This data processing also serves the business, economic and financial interests of UR TRAVELS Ltd., the realisation of our envisaged business model – professional partnership (with vocational schools/beautician students) – and/or the creation of close relationships with our professional partners, furthermore, with a view to performing our contractual obligations and for administrative and statistical purposes. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: Only a limited number of dedicated employees within our organisation have access to the personal data.

 

We shall process your personal data until you delete your professional user account and/or until you object to this processing – and where there is no other legal ground for the processing.

We will review our data processing every 3 years, including the updating of data.

 

 

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

Providing the above personal data and/or creating the professional account shall be voluntary; if you do not provide such data to us, you will not be able to use your professional user account. Your first name and surname serve for your identification, while the password serves to ensure your secure login to your user account. Your email address and phone number are processed for effective communication with you, while your eligibility data (e.g. customer card number, the fact of being a beautician student) for the verification of your eligibility. We already have the data of your professional orders and trainings – if any.

Manner of erasing the data: Your above personal data will be erased upon your objection where there is no other legal ground for the processing. Please note that in order to protect our users’ data and to ensure the accuracy of the data, we review our data processing every 3 years, including the deletion of accounts that have been inactive for at least 2 years, on the proviso that before deletion, we request data update; in the framework of that, you may state whether you want to maintain your account.

To whom we may transmit your data:  Within the organization of UR TRAVELS Ltd., your data may be accessed by the authorized dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 bUDAPEST, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

 

 

  1. PURCHASING PRODUCTS IN THE WEBSHOP

The controller with regard to the data in relation to product purchases in the webshop: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

So that you as a retail user can purchase in the webshop. Please note that registration is not necessary for webshop purchases; you may freely decide whether you want to register for your purchase in the webshop and/or to create a user account within that framework to facilitate your future purchases. Retail and professional users can make purchases in the webshop with the same conditions. The legal safeguards of our data processing in connection with purchases on the website and the use of services consists in the authorisation based on Section 13/A (1) and (2) of Act CVIII of 2001 in respect of your identification data as a natural person, address, the date, place and duration of using our service. Data subjects include the persons purchasing and placing orders through the webshop.

 

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data

·         surname

·         first name

·         email address

·         phone number

·         delivery address

·         invoicing data (invoicing name and address)

·         notes provided during the order

·         order ID

·         customer ID

·         the products ordered, their price,

·         the order total,

·         method and price of delivery,

·         the fact of choosing personal pickup, if appropriate,

·         means of payment

·         status of payment

·         coupon code

·         data of personal product recommendations

 

Performance of the contract

Under Article 6(1)(b) of the GDPR

In connection with the performance of the orders placed on the website and in the webshop and the services provided to you. Including the steps leading to contract conclusion, such as placing the order.

The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof.

 

We shall retain these data for 3 years following the termination of the contract.

 

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to make a purchase on the website and/or in the webshop; we need the personal data so that we can perform your order and the services provided to you. Your email address and phone number are necessary for communication and administration regarding the performance of your order, and we need these data to perform the contract. We request the provision of your first name and surname to identify you, and the data of the order and performance (e.g. personal pickup, method of shipment, status and means of payment) in connection with performing the order.

Manner of erasing the data: As a rule, your data are erased upon expiry of the above retention period.

To whom we may transmit your data: Webshop purchases are processed by the dedicated staff member of UR TRAVELS  Ltd. In connection with the performance of your contract, your personal data may be transferred to the following recipients and processors, for the purposes indicated below:

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

 

  1. PLACING ORDERS OR SUBMITTING APPLICATIONS ON THE PROFESSIONAL PLATFORM OF THE WEBSITE

The controller with regard to the data relating to orders and applications (e.g. to trainings) on the professional platform of the website: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

So that you as a professional user can apply to our professional events, and in particular can participate at further trainings and/or courses, events, and also if you as our professional partner conclude a contract with UR TRAVELS Ltd. The legal safeguards of our data processing in connection with using the services on the professional platform of the website and the use of services consists in the authorisation based on Section 13/A (1) and (2) of Act CVIII of 2001 in respect of your identification data as a natural person, address, the date, place and duration of using our service. Data subjects include the professional users who place orders, apply to courses or events, or have used a service on the professional platform of the website.

 

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data:

·         surname

·         first name

·         email address

·         phone number

·         invoicing data

·         name of training applied for

·         name of event applied for

 

Performance of the contract

Under Article 6(1)(b) of the GDPR

In connection with the performance of the orders placed and applications submitted on the website, as well as the services provided to you as a professional partner, e.g. application to a training, event, and ensuring your participation at the same.

The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof (in certain cases, an individual contract concluded with you).

 

We shall retain these data for 2 years following the termination of the contract.

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to place orders/send applications on the website and/or we will not be able to perform our services (events, trainings) to you. Your first name and surname are necessary for your identification, and your email address and in some cases your phone number are required in connection with the performance of the service.

Manner of erasing the data: As a rule, these data are erased after the above deadline.

To whom we may transmit your data: With regard to the orders placed and applications submitted on the professional platform of the website, data are processed by the staff member of UR TRAVELS Ltd. In connection with the performance of your contract, your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

 

  1. PAYMENT AND INVOICING, ISSUE OF ACCOUNTING DOCUMENT

5.1. FOR PRODUCT PURCHASES IN THE WEBSHOP

The controller with regard to the data in relation to product purchases in the webshop, including the issue of the relevant invoice: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

If you make a purchase in the webshop, we process your personal data for the purposes of documenting your purchase and payment, issuing an invoice for the purchase, and fulfilling our accounting obligations. Data beyond the scope of those on the supporting documents for accounting (certain payment data) are also processed based on the contract concluded with us. Data subjects include the persons who have made a purchase through the webshop.

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data:

For payment:

·         means of payment

·         fact of payment and the date of performance of payment

·         amount paid

·         for online payment by bank card:  Visa or Mastercard or Paypal transaction ID, external reference number, amount paid, transaction status, products and/or services, your name, invoicing address, delivery address, email, discount, delivery fee, payment platform (www.waysderma.com)

For invoicing:

·         surname

·         first name

·         name and price of product/service

·         invoice total

·         means of payment

·         date of performance

·         in certain cases: your signature

 

Compliance with a legal obligation

(Article 6(1)(c) of the GDPR)

Processing relating to the documents supporting the accounting records takes place under Section 169 (1) and (2) of the Accounting Act and Section 159 (1) and (2) of the VAT Act.

 

 

 

 

 

Performance of the contract

(Under Article 6(1)(b) of the GDPR)

The legal basis for processing data beyond the scope of those on the supporting documents for accounting (certain payment data) is the contract concluded between you and us. The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof.

 

Accounting documents directly or indirectly supporting the accounting records are retained for 8 years from the date of issue pursuant to Section 169 (2) of the Accounting Act.

 

 

 

 

 

 

 

 

 

 

 

 

 

We shall retain these data for 3 years following the termination of the contract.

 

Processing starts when the first personal data are supplied to us upon entering into contact prior to contract conclusion (order) with a view to contract conclusion (placing the order).

 

 

               

Please be informed that payment on our website takes place through the *** ******************** or through the Paypal system, and data processing related to the use of the SimplePay or Paypal online service is governed by SimplePay’s or Paypal’s privacy notice, which we have no means to influence. We have no access to the card or payment data provided during online payment; you are redirected to the website after the successful transaction. During SimplePay online payment and payment by bank card, the service provider usually requests your following bank card data: name on card, card number, expiry data, issuer bank, CVC/CVV security code. Please always keep your bank card data safe. The following personal data stored by the controller, UR TRAVELS Ltd. (H-1052 Budapest, Piaristca utca 4, Hungary), in the user database of https://en.WaysDerma.com/ will be transmitted to OTP Mobil Kft. (H-1093 Budapest, Közraktár u. 30-32, Hungary) as the processor. The categories of data transferred by the controller: name, email, phone number, invoicing address, delivery address. The type and purpose of the data processing activity performed by the processor can be viewed in SimplePay’s Privacy Notice through the following link: http://simplepay.hu/vasarlo-aff. The service provider as individual data controller usually requests your following data for executing payment for executing payment in the PayPal system: name, postal address, telephone, e-mail address of the account owner, and the account number of the invoice to be paid, registered username and password. Privacy Notice regarding data processing of PayPal is available at: https://www.paypal.com/hu/webapps/mpp/ua/privacy-full#14.).

What happens if you do not provide the data?

The data necessary for invoicing shall be provided under law. If you do not provide us with the legally mandatory data, we will not be able to issue the invoice for the purchase; certain data recorded during payment may also form part of the accounting records. The data requested for payment and kept on record are necessary for performance of the contract based on your contractual obligation (for orders, it is your payment obligation). If you do not provide them, you will not be able to transact your payment and/or fulfil your contractual payment obligation. Certain data relating to payment are typically not provided by you; instead, we get to access them upon processing the order.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit. 

To whom we may transmit your data: The data relating to purchases in the webshop and invoicing are processed by the staff member of UR TRAVELS Ltd. and, with a view to perform our obligations under law, your personal data will be transmitted to the National Tax and Customs Administration of Hungary and/or its competent office. Your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

 

5.2. WITH REGARD TO ORDERS PLACED ON THE PROFESSIONAL PLATFORM OF THE WEBSITE, PROFESSIONAL ORDERS AND USE OF PROFESSIONAL SERVICES

The controller with regard to the data relating to orders and applications (e.g. to trainings) on the professional platform of the website: UR TRAVELS Ltd.

For what purpose are your personal data processed?

If you place an order on the professional platform of the website, we process your personal data to document your order and/or subsequent payment, to issue an invoice for your purchase and/or use of the service and/or to perform our accounting obligations. Data beyond the scope of those on the supporting documents for accounting (certain payment data) are also processed based on the contract concluded with us. Data subjects include the professional partners who have placed orders, made a purchase or used services through the professional platform.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
For payment:

 

  • means of payment
  • fact of payment and the date of performance of payment
  • amount paid
  • for bank transfers: bank transfer data (account holder, account number, comments to the transfer)

For invoicing:

  • surname
  • first name
  • name and price of product/service
  • invoice total
  • means of payment
  • date of performance
  • in certain cases: your signature
 

 

Compliance with a legal obligation

(Article 6(1)(c) of the GDPR)

Processing relating to the documents supporting the accounting records takes place under Section 169 (1) and (2) of the Accounting Act and Section 159 (1) and (2) of the VAT Act.

Accounting documents directly or indirectly supporting the accounting records are retained for 8 years from the date of issue pursuant to Section 169 (2) of the Accounting Act.

 

 

 

 

 

Performance of the contract

 

(Under Article 6(1)(b) of the GDPR)

The legal basis for processing data beyond the scope of those on the supporting documents for accounting (certain payment data) is the contract concluded between you and us. The relevant contract and the steps leading to its conclusion means the General Terms and Conditions of Contract and/or the steps made at your request before the acceptance thereof (in certain cases, an individual contract concluded with you).

We shall retain these data for 2 years following the termination of the contract.

 

 

Processing starts when the first personal data are supplied to us upon entering into contact prior to contract conclusion (order) with a view to contract conclusion (placing the order).

 

The contact persons’ data processed with a view to performance of the contract are also retained by the above deadline.

 

What happens if you do not provide the data?

The data necessary for invoicing shall be provided under law. If you do not provide us with the legally mandatory data, you will not be able to apply and we will not be able to issue the invoice; certain data recorded during payment may also form part of the accounting records. The data requested for payment and kept on record are also necessary for performance of the contract based on your contractual obligation (for orders, it is your payment obligation). If you do not provide them, you will not be able to transact your payment and/or fulfill your relevant contractual payment obligation. Certain data relating to payment are typically not provided by you; instead, we get to access them upon processing the order.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit. 

To whom we may transmit your data: The data relating to purchases in the webshop and/or website and invoicing are processed by the dedicated staff member of UR TRAVELS Ltd. and, with a view to perform our obligations under law, your personal data will be transmitted to the National Tax and Customs Administration of Hungary and/or its competent office. Your personal data will be transferred to the following recipients and processors, for the purposes indicated below:

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

National Tax and Customs Administration of Hungary

H-1054 Budapest, Széchenyi u. 2., Hungary

Performance of the obligation to supply data electronically about the invoices issued, under Act CXXVII of 2007.

 

  1. CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS

6.1. CUSTOMER SERVICE, QUESTIONS RELATING TO THE PRODUCTS OR WEBSITE

In relation to the questions relating to information and services provided on the website (not including enquiries regarding the webshop), products displayed on the website, as well as questions and enquiries relating to professional services, the controller is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

For the purposes so that we can reply to the enquiries sent by you to the info@WaysDerma.com email address or using the online form on www.WaysDerma.com, as well as your questions sent regarding our products and services, your orders and the details thereof. Furthermore, so that you can send us messages, we can receive your messages, can reply to your questions on the merits and, depending on the content of your enquiry, we can contact you in that regard. Please note that, when requesting information and/or contacting our company, you can freely decide about the categories of data you want to provide – certain data, e.g. your email address is necessary so that we can reply to your enquiry. Data subjects shall include the persons who have sent a question or enquiry to the above contact information.

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
For enquiries by email:

 

  • email address
  • first name, surname
  • data in the email (including the subject-matter and content of the enquiry etc.)
  • subject-matter and content of the enquiry

 

For the online form:

  • first name, surname
  • email
  • data in the enquiry (including the subject-matter and content of the enquiry, for professional services your order number, order ID etc.)
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can reply to your enquiries and questions sent in connection with the services provided on the website, and can ensure that you can contact us. Our data processing is also necessary so that we can contact you. This data processing is necessary in the business, economic and financial interests of UR TRAVELS .Ltd, for realising the customer services envisaged by us, for enhancing our competitiveness, for ensuring the high quality of our services, and so that we can effectively reply in respect of complex services. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We have restricted the scope of personal data to the strict minimum. Only a limited number of dedicated employees within our organisation have access to the personal data. 

Data are retained for 3 years from the completion or closure of the customer service process of the case – provided that there is no other legal ground for the processing. If you have objected to data processing, data are processed until the assessment of such objection, except if there is a valid legal basis for further data p

 

 You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

The provision of the data is a prerequisite of processing the inquiries. If you do not provide the data, we will not be able to process or answer your enquirers and/or questions, contact you or communicate with you.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Enquiries and/or questions are processed and answered by the dedicated employees within the organisation of UR TRAVELS Ltd., and your personal data will also be transmitted to the following recipients, processors, for the purposes specified below:

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

 

6.2. WEBSHOP CUSTOMER SERVICE, QUESTIONS

The controller in relation to the questions raised regarding the products and services available, or the orders placed in the webshop: WAYSDERMA Beauty Salon Ltd. 

For what purpose are your personal data processed?

For the purposes so that we can reply to the enquiries sent by you to the  customercare@WaysDerma.com email address in relation to the webshop running on the website and the services thereof, as well as your questions sent regarding our products and services, your orders and the details thereof as well as to provide professional advice about products to you. Furthermore, so that you can send us messages, we can receive your messages, can reply to your question on the merits and, depending on the content of your enquiry, we can contact you in that regard. Please note that, when requesting information and/or contacting our company, you can freely decide about the categories of data you want to provide – certain data, e.g. your email address is necessary so that we can reply to your enquiry. Data subjects shall include the persons who have sent enquiries or questions in relation to the webshop through the above contact information.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
For enquiries by email:

 

  • email address
  • first name, surname
  • data in the email (including the subject-matter and content of the enquiry etc.)
  • subject-matter and content of the enquiry

 

For the online form:

  • first name, surname
  • email
  • data in the enquiry (including the subject-matter and content of the enquiry, your order number, order ID etc.)
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can reply to your enquiries and questions sent in connection with the services provided in the webshop, and can ensure that you can contact us. Our data processing is also necessary so that we can contact you. This data processing is necessary in the business, economic and financial interests of UR TRAVELS Ltd., for realising the customer services envisaged by us, for enhancing our competitiveness, for ensuring the high quality of our services, and so that we can effectively reply in respect of complex services. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We have restricted the scope of personal data to the strict minimum. Only a limited number of dedicated employees within our organisation have access to the personal data.

 

 You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

The provision of the data is a prerequisite of processing the enquiries. If you do not provide the data, we will not be able to process or answer your enquires and/or questions, or provide professional advice about the products, contact you or communicate with you.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Enquiries and/or questions are processed and answered by the dedicated employees within the organisation of UR TRAVELS Ltd., and your personal data will also be transmitted to the following recipients, processors, for the purposes specified below:

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
For enquiries by email:

 

  • email address
  • first name, surname
  • data in the email (including the subject-matter and content of the enquiry etc.)
  • subject-matter and content of the enquiry

 

For the online form:

  • first name, surname
  • email
  • data in the enquiry (including the subject-matter and content of the enquiry, your order number, order ID etc.)
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that we can reply to your enquiries and questions sent in connection with the services provided in the webshop, and can ensure that you can contact us. Our data processing is also necessary so that we can contact you. This data processing is necessary in the business, economic and financial interests of UR TRAVELS Ltd., for realising the customer services envisaged by us, for enhancing our competitiveness, for ensuring the high quality of our services, and so that we can effectively reply in respect of complex services. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We have restricted the scope of personal data to the strict minimum. Only a limited number of dedicated employees within our organisation have access to the personal data.

  

  1. COMPLAINT HANDLING

7.1. COMPLAINT HANDLING IN CONNECTION WITH PURCHASES IN THE WEBSHOP

The controller in connection with the customer complaints received in relation to webshop purchases is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

We process your data so that we can handle and/or investigate the complaints and/or comments of customers or visitors in connection with the webshop and the products offered in the webshop. Furthermore, to identify and/or investigate the complaints relating to orders. Our data processing also serves the purpose to allow you to effectively enforce your consumer rights and/or for the purposes of the relating procedures. The data relating to your complaint are also processed with regard to using the dispute resolution proceedings before arbitration boards and online, and so that we can participate in such proceedings. If your complaint relates to one of our cosmetic products, we also process your data to be able to comply with the complaint handling provisions of the GMP (Good Manufacturing Practice) standards – in such a case, your complaint will be transferred to the product manufacturer within our company group (Apothekers Ltd.) to investigate the complaint. Data subjects include the persons who have submitted a complaint to the controller.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
Data in the complaint report:

 

  • first name, surname
  • your address
  • place, date and means of submitting the complaint
  • detailed description of your complaint or entry
  • list of the documents, data attached to the complaint
  • place and date of drawing up the report
  • the unique ID of your complaint
  • your signature

 

The data in your complaint (email):

  • the data provided by you in addition to the above in connection with your complaint
  • email address
  • order number, if any
Compliance with a legal obligation

 

(Article 6(1)(c) of the GDPR)

Providing you with the possibility to submit complaints verbally or in writing under Section 17/A (2) and (7) of Act CLV of 1997 on Consumer Protection, which act also specifies the data to be recorded in the complaint report. Furthermore, our data processing is based on Section 29 (11) of Act CLV of 1997 on Consumer Protection regarding the mandatory participation of companies in the procedures of arbitration boards, and Regulation (EU) No 524/2013 of the European Parliament and of the Council on online dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC regarding online dispute resolution.

 

Personal data in relation to complaint handling shall be retained for 5 years under Section 17/A (2) and (7) of Act CLV of 1997 on Consumer Protection.
If your complaint is related to a product, then, in addition:

 

(For reasons of GMP compliance):

  • complaint number
  • first name, surname
  • address
  • phone
  • name of the affected product
  • ID of the affected product
  • description of the complaint and/or non-compliance of the product
  • date
  • corrective action
  • responsible for introduction
  • deadline
  • fact of acceptance of corrective action
  • your signature
  • implementation of corrective action
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

During the production, manufacturing and distribution of the WaysDerma cosmetic products, the manufacturer, Apothekers Ltd., follows a Good Manufacturing Practice – GMP that is also governing within the company group. Compliance with the GMP standards ensures the safety, exceptional quality and high standards of the company group’s cosmetic products. Compliance with the GMP standards is also important so that the Apothekers cosmetic products comply with the provisions of Regulation (EC) No 1223/2009 on cosmetic products. The GMP rules also lay down obligations regarding product complaints and their handling, compliance with which serves the legitimate interests of the UR TRAVELS Ltd.  Our data processing is necessary for compliance with the laws on cosmetic products and the GMP standards, for enhancing the safety of Apothekers products, and for enforcing our business and economic interests. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: The categories of data processed are determined by the ‘Complaint Form’ institutionalised by the GMP, and we request no other data in addition to that. Only a limited number of dedicated employees within our organisation have access to the personal data. The data remain within our company group, they are not transferred anywhere.

 

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

If you submit a complaint, you determine which data you provide to us – providing the data is voluntary. The data to be included in the complaint report are specified by the consumer protection act. If you do not supply the relevant data to us, you may not be able to exercise your consumer’s rights, or at least not in a full scope, or we will not be able to contact you. This is because if data are missing, we will only be able to partially investigate and/or fulfill your complaint or not at all, and will not be able to effectively participate in arbitration or online dispute resolution. We already have the data of your orders; however, the provision of data can facilitate easier identification and faster administration. For the purposes of GMP compliance, if your complaint concerns a product, we will have the data for completing the GMP complaint form based on your complaint, in case you do not complete such form. 

The manner of erasing the data: We will erase your personal data upon expiry of the above relevant deadlines. 

To whom we may transmit your data: The dedicated employees of UR TRAVELS Ltd. participate in complaint handling, and your data may be transferred (except in the case of GMP complaint handling) to the authorities with territorial and subject-matter competence, such as arbitration boards and consumer protection authorities. In the event of using the online dispute resolution platform, to the platform and the arbitration board proceeding in the case. Furthermore, the complaints may be transferred – depending on their content – to the attorney performing the legal representation of the UR TRAVELS company (Johaz Gabor Law Firm, H-1027 Budapest, Csalogany utca 55. V/2. Hungary – purpose: legal representation). GMP complaints concerning the products are transferred within the company group to the manufacturer, Apothekers Ltd., for the investigation of complaints on the merits.

 

Name Registered office Purpose of data transmission or transfer
Apothekers Ltd. D-81373 Munchen, Germany Substantial investigation of GMP product complaints, making of corrective decisions regarding the product. In this respect, this company shall qualify as an individual controller.

 

7.2. COMPLAINT HANDLING IN CONNECTION WITH THE WEBSITE, PROFESSIONAL SERVICES, PRODUCTS

The controller in respect of the complaints received regarding the services provided on the website and services provided to professional partners (beautician, beautician student) is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

We process your data so that we can handle and/or investigate and answer the complaints and/or comments relating to our services and products. Furthermore, to identify and/or investigate the complaints relating to orders. Our data processing also serves the purpose to allow you to effectively enforce your consumer rights and/or for the purposes of the relating procedures. The data relating to your consumer complaint are also processed with regard to using the dispute resolution proceedings before arbitration boards and online, and so that we can participate in such proceedings. If your complaint relates to one of our cosmetic products, we also process your data to be able to comply with the complaint handling provisions of the GMP (Good Manufacturing Practice) standards. Data subjects include the persons who have submitted a complaint to the controller or are concerned by the complaint (in regard of the personal data of these persons, the source of the data is the person filing the complaint).  Regarding professional partners, data subjects may include the natural persons representing them, who submit the complaint on the partner’s behalf.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
Data in the consumer complaint report:

 

  • first name, surname
  • your address
  • place, date and means of submitting the complaint
  • detailed description of your complaint or entry
  • list of the documents, data attached to the complaint
  • place and date of drawing up the report
  • the unique ID of your complaint
  • your signature

 

The data in your complaint (email, online form):

  • the data provided by you in addition to the above in connection with your complaint
  • email address
  • order number, if any

 

Compliance with a legal obligation

 

(Article 6(1)(c) of the GDPR)

 

Providing you with the possibility to submit complaints verbally or in writing under Section 17/A (2) and (7) of Act CLV of 1997 on Consumer Protection, which act also specifies the data to be recorded in the complaint report. Furthermore, our data processing is based on Section 29 (11) of Act CLV of 1997 on Consumer Protection regarding the mandatory participation of companies in the procedures of arbitration boards, and Regulation (EU) No 524/2013 of the European Parliament and of the Council on online dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC regarding online dispute resolution.

 

Personal data in relation to consumer complaint handling shall be retained for 5 years under Section 17/A (2) and (7) of Act CLV of 1997 on Consumer Protection.
If your complaint is related to a product (Product complaint), then, in addition:

 

(For reasons of GMP compliance):

  • complaint number
  • first name, surname
  • address
  • phone
  • name of the affected product
  • ID of the affected product
  • description of the complaint and/or non-compliance of the product
  • date
  • corrective action
  • responsible for introduction
  • deadline
  • fact of acceptance of corrective action
  • your signature

 

If you are a professional client and your complaint relates to a service:

 

  • your name and contact information (e.g. email address, address)
  • your signature, if the complaint is submitted in hard copy
  • complaint content, name of the service concerned
Product complaint, other than by consumers

 

Legitimate interest

(Article 6(1)(f) of the GDPR)

 

During the production and manufacturing of cosmetic products, Apothekers Ltd. follows a Good Manufacturing Practice – GMP. Compliance with the GMP standards ensures the safety and high standards of our cosmetic products. Compliance with the GMP standards is also important so that our cosmetic products comply with the provisions of Regulation (EC) No 1223/2009 on cosmetic products. The GMP rules also lay down obligations for us regarding product complaints and their handling, compliance with which serves our legitimate interests. Our data processing relating to product complaints is necessary for compliance with the laws on cosmetic products and the GMP standards, enhancing the safety of our products, for product development, introducing new products and phasing out the old ones, ensuring the special excess safeguards regarding complaint handling as required by the GMP, for maintaining our business and economic interests and the good repute of our products, and also for enforcing our established manufacturing policy. In the case of all other complaints filed by professional customers, data processing is based on the legitimate interests of Apothekers Ltd., consisting in being able to investigate, answer and remedy the complaints of its customers, being able to provide high-quality services to its professional customers and establish long-term relationships with them. In the case of both product complaints and professional customer complaints, data are also processed so that we can provide substantiated answers to the complaints concerning products and services, and keep contact with you in connection with the complaint. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: In the case of product complaints, the categories of data processed are determined by the ‘Complaint Form’ institutionalised by the GMP, and we request no other data in addition to that. In the case of professional complaints, the content of your complaint determines which categories of data we process; in addition, we process your contact information for keeping contact with you, and your name and the data of the product/service for identification purposes. Only a limited number of dedicated employees within our organisation have access to the personal data. The data regarding product complaints remain within our company group; as a rule, they are not transferred anywhere.

 

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

If you submit a complaint, you determine which data you provide to us – providing the data is voluntary. The data to be included in the complaint report are specified by the consumer protection act. If you do not supply the relevant data to us, you may not be able to exercise your consumer’s rights, or at least not in a full scope, and we will not be able to contact you and communicate with you. This is because if data are missing, we will only be able to partially investigate and/or fulfill your complaint or not at all, and will not be able to effectively participate in arbitration or online dispute resolution. We already have the data of your orders; however, the provision of data can facilitate easier identification and faster administration.  For the purposes of GMP compliance, if your complaint concerns a product, we will have the data for completing the GMP complaint form based on your complaint. 

The manner of erasing the data: We will erase your personal data upon expiry of the above relevant deadlines. 

To whom we may transmit your data: The dedicated employees of UR TRAVELS Ltd. participate in complaint handling, and your data may be transferred (except in the case of GMP complaint handling) to the authorities with territorial and subject-matter competence, such as arbitration boards and consumer protection authorities. In the event of using the online dispute resolution platform, to the platform and the arbitration board proceeding in the case. Furthermore, the complaints may be transferred – depending on their content – to the attorney performing our legal representation.

 

Name Registered office Purpose of data transmission or transfer
Apothekers Ltd. D-81373 Munchen, Germany It notifies the complainant based on the result of the GMP complaint – if such complaint has been filed in relation to purchases in the webshop – and implements the envisaged measure

 

  1. NEWSLETTER

8.1. RETAIL NEWSLETTER

The controller in respect of the data relating to retail newsletters is: UR TRAVELS Ltd.

For what purpose are your personal data processed?

If you are a retail user and has subscribed to our newsletter, we process your personal data so that we can send you newsletters, direct marketing messages by electronic means in connection with our novelties, products, discounts and promotions. Data subjects include the persons subscribing to the retail newsletter.

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • email address (for newsletter, electronic marketing message)
  • in certain cases: your signature – if you subscribe to the newsletter other than online
Your consent.

 

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you consent to ILCSI Beauty Salon Ltd. contacting you for its own marketing purposes and/or by way of its newsletter, contacting you with advertising and promotional offers in its own name and on behalf of its intra-group partner, UR TRAVELSLtd.

By checking the relevant checkbox, you consent to your specified personal data being transferred to our intra-group partner, Apothekers Ltd.

 

You have the right to withdraw your consent and unsubscribe from the newsletter at any time. If the consent was given by a person under the age of 16 (or his/her legal representative on his/her behalf), the represented person may also withdraw his/her consent upon coming of lega

 

What happens if you do not provide the data?

The provision of any data is voluntary; if you do not provide the relevant data to us, we will not be able to send you newsletters or offers. Your email address is necessary so that we can send you the message. If you subscribe to our newsletter other than online, we will process your signature so that we can prove that you consented to the sending of the newsletter. The data of newsletter subscribers are processed in line with Section 6 (5) of Act XLVIII of 2008 on Business Advertising Activities.

The manner of erasing the data: You can unsubscribe from our newsletter any time and/or can express that you no longer want to receive messages regarding our news and novelties; you can do that via the relevant link in the newsletter, by clicking the ‘Unsubscribe from newsletter’ button on the www.WaysDerma.com website, via one of the contact information in the ‘Controller’s name and contact details’ chapter, or by notifying our data protection administrator of your decision to unsubscribe. In the event you request erasure, we will erase your relevant data upon processing the request. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

To whom we may transmit your data: We will transfer your data to the service provider participating in the compilation, sending and displaying of the newsletters. Otherwise, your data may only be accessed by the dedicated authorised employees within the internal organisation of UR TRAVELS Ltd. Your personal data will be transmitted to the following processors, recipients, for the purposes specified below:

Name Registered office Purpose of data transmission or transfer
UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4., Hungary For the purposes of promoting Apothekers products among retail users.

 

8.2. PROFESSIONAL NEWSLETTER

The controller as regards the processing of data in relation to professional newsletters (content for beauticians and beautician students) is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

If you are a professional user and has subscribed to our newsletter, we process your personal data so that we can send you professional newsletters, direct marketing messages by electronic means in connection with our novelties, products, discounts and promotions, professional offers and services. Data subjects include the persons subscribing to the professional newsletter.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • email address (for newsletter, electronic marketing message)
  • in certain cases: your signature – if you subscribe to the newsletter other than online
  • customer card number
Your consent.

 

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you consent to Ilcsi Beautifying Herbs Organic Skin Care Ltd. contacting you for its own marketing purposes and/or by way of its newsletter, contacting you with advertising and promotional offers for professional partners in its own name. You have the right to withdraw your consent and/or unsubscribe from the newsletter at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

As long as the newsletter or direct marketing service is provided, or until you request the erasure of data or unsubscribe from the newsletter, direct marketing service, provided there is no other legal ground for processing.

 

 

Please note that we will request data updates from you every 3 years. If you do not reply to our enquiry, we will delete you from the newsletter subscribers list.

 

What happens if you do not provide the data?

The provision of any data is voluntary; if you do not provide the relevant data to us, we will not be able to send you newsletters or professional offers to your contact information. Your email address is necessary so that we can send you the message. If you subscribe to our newsletter other than online, we will process your signature so that we can prove that you consented to the sending of the newsletter; and your customer card number to verify your eligibility for the professional newsletter. The data of newsletter subscribers are processed in line with Section 6 (5) of Act XLVIII of 2008 on Business Advertising Activities.

The manner of erasing the data: You can unsubscribe from our newsletter any time and/or can express that you no longer want to receive messages regarding our news and novelties; you can do that via the relevant link in the newsletter, by clicking the ‘Unsubscribe from newsletter’ button on the www.WaysDerma.com website, via one of the contact information in the ‘Controller’s name and contact details’ chapter, or by notifying our data protection administrator of your decision to unsubscribe. In the event you request erasure, we will erase your relevant data upon processing the request. If you have a professional user account, you can also unsubscribe from the newsletter in your account. In the event you request erasure, we will erase your relevant data upon processing the request. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

To whom we may transmit your data: We will transfer your data to the service provider participating in the compilation, sending and displaying of the newsletters. Otherwise, your data may only be accessed by the dedicated authorised employees within the internal organisation of ur travels Ltd.

 

Name Registered office Purpose of data transmission or transfer
The Rocket Science Group LLC Georgia, 675 Ponce De Leon Ave NE, Suit 5000, Atlanta, Georgia 30308, USA Provides services in connection with the compilation and sending of the newsletters.
Shopify Inc  150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4 Provision of customer management system.
UR TRAVELS Ltd. H-1052 Budapest, Piarista u 4., Hungary Ownwer of Ways Derma

 

  1. DATA PROCESSING IN CONNECTION WITH TRAININGS

The controller in connection with the data relating to trainings (including organisation, implementation) is: UR TRAVELS Ltd.

For what purpose are your personal data processed?

If you are our professional partner, we process your data so that you can participate at our training and you can complete the courses. Furthermore, so that we can certify that you have completed the training, and can issue a certificate to you. Data subjects include the professional partners who have applied to our training.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • surname
  • first name
  • email address
  • phone number
  • means of payment
  • status of payment
  • name of training applied for
Performance of the contract

 

Under Article 6(1)(b) of the GDPR

So that you can attend the training under the contract concluded with us, and we can certify the completion thereof by issuing you a certificate.

 

We shall retain these data for 2 years following the termination of the contract

 

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to attend the training, we will not be able to notify you in relation to the training (e.g. cancellation, new location), and we will not be able to certify your completion of the training by issuing you a certificate.

Manner of erasing the data: Data shall be erased upon expiry of the above retention period.

To whom we may transmit your data: Our dedicated staff member will proceed in connection with ensuring your participation in the training. In connection with the performance of your contract, your personal data will also be transferred to the following recipients and processors, for the purposes indicated below:

UR TRAVELSLtd.

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

 

  1. DATA PROCESSING IN CONNECTION WITH EVENTS

The controller regarding data processing in relation to events (in particular professional events, appearance): UR TRAVELS Ltd. 

For what purpose are your personal data processed?

So that we can ensure your participation in the events we organize free of charge or against payment. In the case of events organised by us, participation is conditional upon application if it is a free event, and upon the payment of the participation fee if there is such a fee. Our events are available for our professional partners. Data subjects include the persons who wish to participate and/or actually participate at our events.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • name (first name and surname)
  • email address
  • phone number

 

Performance of the contract

 

Under Article 6(1)(b) of the GDPR

For the purposes of participation at the event organised by UR TRAVELS Ltd.

 

What happens if you do not provide the data?

The provision of the data is voluntary; if you do not provide the data to us, you will not be able to participate at the event. We ask for your name and contact information (email address, phone number) so that we can identify you and/or can provide you information in relation to the event. 

Manner of erasing the data: Data shall be erased upon expiry of the above retention period.

To whom we may transmit your data and/or who may access your data: Your data processed within the framework of contractual performance may be transmitted – if a legal claim arises – to the attorney performing our legal representation (DR Juhaz Gabor Law Firm, H-1027 Budapest, Csalogany u 55. V/2, Hungary – purpose: legal representation) and/or to the authorities with territorial and subject-matter competence. Otherwise, your personal data may be accessed by our dedicated authorized staff members within our internal organisation. Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma

 

10.1. RAFFLES AT EVENTS

The controller regarding data processing in relation to events (in particular professional events, appearance), including data processing in relation to raffles: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

So as to ensure that you can participate at the raffles organised at our events. Data subjects include those who want to participate and/or actually participate at the raffles.

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • name (first name and surname)
  • email address

 

Your consent.

 

Under Article 6(1)(a) of the GDPR

By checking the relevant checkbox, you consent to UR TRAVELS Ltd. processing your personal data for the purpose of your participation at the raffle.  You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

What happens if you do not provide the data?

Providing the data shall be voluntary and is not a prerequisite for participating in the raffle. You may decide to participate at the raffle without providing us your personal data. 

Manner of erasing the data: Data shall be erased upon expiry of the above retention period.

To whom we may transmit your data and/or who may access your data: Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

 

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma

 

  1. REPORTING ON EVENTS

The controller with regard to data processing in relation to events (e.g. those organised by us or which we attend as an exhibitor) is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

In connection with the events organised by us and/or which we attend e.g. as a partner or exhibitor, the purpose is to report on these events and/or to promote the event. Please note that certain events may also be covered by the media independently of us. Data subjects shall include the persons who may appear in the records (as part of the crowd).

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
in certain cases your image or voice that is not presented individually (photo, video and other recordings, your actions at the event) Legitimate interest

 

(Article 6(1)(f) of the GDPR)

So that we can prepare non-individual image recordings about our events in line with the provisions of Section 2:48 (2) of Act V of 2013. The interest of UR TRAVELS Ltd. consists in documenting its activities, promoting it and making it known to the public and potential partners, facilitating its successful operation and promoting its business interests, preparing PR and marketing materials, and using the records for marketing purposes. The data processing also serves the enforcement of our business interests and the improvement of our competitiveness and business reputation.  Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: You will not be pictured on the recordings individually; and they are only prepared and used in a purpose-limited way, in relation to the event.

 

You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

In the case of non-individual recordings, you do not need to provide data; by entering and attending the event, you make it possible for us to process your data. However, you can notify us (verbally at the event or through one of our contact details thereafter) if you object to the processing of the data.

Manner of erasing the data:

In the case of data processing for legitimate interests, data will be erased upon your objection where there is no other legal ground for the processing.

To whom we may transmit your data: To report on the event, your personal data may be published on the official social media platforms of WAYSDERMA, e.g. Facebook, Instagram, Youtube, and so they may be available to the public. Please note that certain events may also be covered by the media; in such cases they act as independent controllers. Within the internal organisation of UR TRAVELS Ltd., the authorised dedicated employees may access the data to the extent necessary for their work (such as for preparing PR materials). Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma
  1. DISPLAY OF ‘WAYSDERMA ’ ON THE WEBSITE, PARTNER CARD, INDIVIDUAL ORDERS THROUGH BUSINESS PARTNER

The controller in regard of data processing in relation to displaying the reference and priority reference beauty salons on the www.WaysDerma.com website and individual orders, or data regarding the sales system is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

If you are our partner as a reference or priority reference beauty salon and the email address you provide to us contains personal data, we process the same in order to display your salon as a reference or priority reference beauty salon on the website. Please note that in order to be displayed as a reference beauty salon on the website, it is not necessary for you to provide such an email address or other contact information that includes personal data; thus, for example, it is not required to contain your full name. In the event the contact information of the reference or priority reference beauty salon under the ‘WaysDerma ’ menu on the website comes from a source other than you, then the source of the data is: the reference or priority reference beauty salon where you engage in your activity (in such a case, your personal data are processed in accordance with this Privacy Notice). Data subjects include the beauticians (sole traders, employees, under other work relationship) of the reference beauty salon.

We process your data in order to get data regarding the sales system and the operation of the sales system of the WAYSDERMA branded products, and so we are able to investigate the fulfillment possibility of an individual order through our business partner (bigger quantity orders, orders violating the rules of sales system) based on storage capacity and rules of such system and provide information about the fulfillment of the order to our sales partner. Further we process some of your data in order to give feedback on your status and agreement of reference beautician or partner beautician to our sales partner for the purpose of creating, extending or renewing a partner card issued by our business partners.  

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
Regarding display on the website:

 

  • email address
  • surname
  • first name
  • phone number
  • salon’s name
  • salon’s address
  • website address
  • equipment: e.g. air conditioning, hairdresser, pedicure-manicure, payment by card etc.

Individual orders through business partner, data regarding sales system and partner card issued by business partner:

  • name of reference beautician
  • monthly turnover data of reference beauticians broken down by beautician and reference beautician
  • partner card traffic data
  • monthly data of customer book
  • status and agreement of WAYSDERMA partner beautician
  • data of individual orders or orders in question  regarding breach of sales system rules such as: date of order, name and address of customer, name and quantity of the product ordered
  • authorisation to issue product recommendations
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that our professional partners (reference and priority reference beauty salons) can appear on the www.waysderma.com website. The opportunity to appear on the website is ensured for our partners who are reference beauty salons; such beauticians/beauty salons act for purposes which are within their trade or business. As a rule, we do not request personal data for such display; however, the email address provided by the beauty salon may contain personal data as the affected persons typically work as sole traders. The data processing is necessary for the operation of the sales system of the Waysderma branded products. This data processing also serves the business, economic and financial interests of UR TRAVELS Ltd., the realisation of our envisaged business model – professional partnership – and/or the creation of close relationships with our professional partners. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. 

Personal data on the website are processed as long as the partnership with the reference beauty salon exists; upon termination, we will erase the data after 3 months. If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing.

 

 

Personal data regarding sales system, and data of individual orders are retained for 3 years following the acquisition of the data or the date of the order or will be processed until the assessment of your objection, except if our legitimate interests allow further processing or there is another legal basis for our data processing.

If you are an employee of, or are in another work-related relationship with, our partner that is a reference beauty salon or priority reference beauty salon, and the data came from a source other than you.

 

  • email address
  • surname
  • first name
  • phone number
  • salon’s name
  • salon’s address
  • website address
  • equipment: e.g. air conditioning, hairdresser, pedicure-manicure, payment by card etc.

 

 

Legitimate interest – in the interest of the reference beauty salon or priority reference beauty salon

 

(Article 6(1)(f) of the GDPR)

Our data processing is necessary so that our professional partners (reference and priority reference beauty salons) can appear on the www.waysderma.com website. This data processing serves the business and economic interests of the reference beauty salons and priority reference beauty salons, and that they can appear on the website so as to allow interested visitors to contact them. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing the interests of a third party. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum.

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

Providing the above personal data on the website shall be voluntary; if you do not provide such data to us, you will not be able to appear on the website. You are not required to provide an email address that contains personal data. If the data were not provided by you, the source of the data is the reference or priority reference beauty salon employing you. Data regarding the sales system or individual orders are not provided by you, we receive these from our business partner who you ordered your partner card from or who (or whose business partner) you placed an order on.

Manner of erasing the data: Your above personal data will be erased after the deadline defined above.

To whom we may transmit your data:  Your data may be accessed by authorised employees within our organisation. Please note that if you provided personal data, such data will be available to the public on the www.WaysDerma.com website. Your data will be transferred to the following recipients and processors, for the purposes indicated below: 

 

Name Registered office Purpose of data transmission or transfer
The Rocket Science Group LLC Georgia, 675 Ponce De Leon Ave NE, Suit 5000, Atlanta, Georgia 30308, USA Provides services in connection with the compilation and sending of the newsletters.
Shopify Inc  150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4 Provision of customer management system.
UR TRAVELS Ltd. H-1052 Budapest, Piarista u 4., Hungary Ownwer of Ways Derma
  1. CUSTOMER SATISFACTION SURVEYS

In the case of purchases in the webshop, regarding the data relating to customer satisfaction surveys, the controller is: UR TRAVELS Ltd. 

Regarding the data relating to satisfaction surveys in connection with the services provided to professional partners, the controller is: UR TRAVELS Ltd. 

Please be informed that each of the above controllers qualifies as an individual controller in terms of its data processing in relation to the above customer surveys; for the purposes of this Section, each shall be referred to as a controller.

For what purpose are your personal data processed?

So that the controller can receive feedback from its customers regarding their satisfaction with the purchased products and services, and what changes or modifications they would recommend. Furthermore, so that the controller can receive feedbacks and opinions that are important for its company group e.g. for the further development of products. Please note that the completion of the satisfaction surveys shall be voluntary. Data subjects include the persons who participate in the customer satisfaction surveys.

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • first name, surname
  • for professional partners, the name of the beauty salon, if any
  • email address
  • opinions regarding our services, products; the content of such opinion
  • survey content
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

So that we can ensure the high quality and continuous renewal of our products and services for our customers and partners. Data processing also serves the controller’s business and economic interests, its interests in maintaining its competitiveness and developing its business, and increasing its business reputation. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: We limited the scope of personal data processed to the minimum. Only dedicated employees within the controller’s organisation have access to the personal data, to the extent necessary for performing their tasks. The data remain within our organisation and their results remain within our company group, they are not transferred anywhere.

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may notify the given controller thereof via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

We already have the above personal data. Completing the survey shall be voluntary.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: The data may be accessed by the authorised dedicated employees within the controllers’ organisation, and the data may also be transferred to the following recipients, processors, for the following purposes:

  

Name Registered office Purpose of data transmission or transfer
The Rocket Science Group LLC Georgia, 675 Ponce De Leon Ave NE, Suit 5000, Atlanta, Georgia 30308, USA Provides services in connection with the compilation and sending of the newsletters.
Shopify Inc  150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4 Provision of customer management system.
UR TRAVELS Ltd. H-1052 Budapest, Piarista u 4., Hungary Ownwer of Ways Derma
  1. STOCK MONITORING SERVICE

Regarding the data relating to the provision of the stock monitoring service (related to the webshop), the controller is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

So that we can send you a notification of product availability if it was out of stock. You may freely decide whether you want to be notified of product availability. Data subjects include the persons who use the stock monitoring service.

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

Providing the data shall be voluntary; if you do not provide your email address, we will not be able to notify you if the product is in stock.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Your personal data will be transferred to the following recipients and processors, for the purposes indicated below, in order to provide this service:

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • email address
  • name of the product concerned
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

So that we can ensure the high quality of our services, increase our customers’ satisfaction and enhance our relationships with customers.  Data processing also serves the business and economic interests of UR TRAVELS Ltd., its interests in maintaining its competitiveness and developing its business, and increasing its business reputation. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations, also taking cost efficiency into account.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within our organisation have access to the personal data, to the extent necessary for performing their tasks.

 

  1. DATA PROCESSING IN RELATION TO OUR SOCIAL MEDIA ACCOUNTS

With regard to data processing in relation to the official social media accounts (Instagram, Facebook, Youtube) of the company group, the controller is: UR TRAVELS Ltd. 

For what purpose are your personal data processed?

In order to operate the official social media platforms, so that we can customise our social media platforms according to customers’ demands. We process your data (as a data subject) on our social media platforms if you like or follow us, post comments or opinions or share something on our official social media platforms.

Please note that you have provided your data to the service provider operating the social media platform in question (e.g. Facebook, Instagram, Youtube), and not to us directly. Please note that the processing operations carried out by these social media sites is governed by their own privacy policies. Please remember that the contents posted on any of our official social media platforms may often be publicly available, and so be careful about what personal data you provide. Please also note that our data processing as specified in this Section applies to our official social media platforms – we have no impact on any other social media fan pages or platforms relating to the WAYSDERMA products/brand etc.

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • your social media username
  • as the case may be: the personal data provided by you in your social media profile (name, nickname, photo etc.)
  • subject-matter and content of the opinion or comment
  • your opinion, comment or question on your social media page
  • your feedback on an event
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

So that we can ensure the high quality of our services and enhance our relationships with customers.  Data processing also serves the business and economic interests of UR TRAVELS Ltd., its interests in maintaining and developing its competitiveness, and increasing its business reputation. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests. There is no other way for us to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum.

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

You may freely decide which data you provide on the given social media platform. We do not dispose over the data; you as the user of the given platform provide and dispose over the data. Providing the personal data is not essential for the use of the given social media platform.

The manner of erasing the data: UR TRAVELS Ltd. has no influence on the above data; you can modify and/or delete them in your social media profile.

To whom we may transmit your data: The data relating to your social media activity will become known to the social media platform provider (Facebook, Instagram, Youtube) as well. Social or other content sharing websites: Please note that such social media platforms are governed by their own privacy policies, and UR TRAVELS Ltd. assumes no liability in connection with that.
Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

  

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma
  1. ENQUIRIES RELATING TO PROCESSING

Regarding the enquiries relating to the data processing operations of WaysDerma Beautifying Herbs Organic Skin Care Ltd., the controller is: UR TRAVELS Ltd.

Regarding the enquiries relating to the data processing operations of WAYSDERMA WEBSHOP, the controller is: UR TRAVELS Ltd. 

Please be informed that each of the above controllers qualifies as an individual controller in terms of their processing operations relating to data processing enquiries; for the purposes of this Section, each shall be referred to as a controller. 

For what purpose are your personal data processed?

So that the controller can provide you the opportunity – in a documented manner – to exercise your rights as described in the ‘Your rights and how to enforce them’ chapter. Furthermore, so that – as regards your rights – we can comply with the principle of accountability required from us under the GDPR. Data subjects: are the users who send enquiries or comments regarding the controller’s processing operations or wish to exercise their rights as data subjects. After the death of a person affected by the controller’s data processing – having regard to the authorisation of recital (27) in the GDPR – in order to ensure the possibility of enforcing rights related to personal data pursuant to Section 25 of the Privacy Act. You may freely decide which personal data you provide to us in your enquiry or while exercising your right; however, if data are missing, we may not be able to fulfill your enquiry or request. Data subjects include the persons sending enquiries in relation to our data processing.

 

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

The provision of the data may be a prerequisite of processing your enquiry, and your name is necessary for identification. If you do not provide these, the controller may not be able to process your enquiry completely, or not at all. In the case of exercising the rights of the deceased person affected by data processing, the data (declaration made to the controller, death certificate, court decision, public deed certifying identity and/or the close relative status) are necessary under Section 25 (1) and (4) of the Privacy Act. Please note that when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Your personal data may be accessed by the controller’s dedicated employees, and the data may be transferred to the competent authority or court, or to the controller’s legal representative (Jambrik Law Firm, H-1095 Budapest, Boráros tér 7. 3. lph. 6/13, Hungary – purpose: legal advisory).
Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

 

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma

 

  1. FULFILMENT OF THE OBLIGATIONS IN RELATION TO PERSONAL DATA BREACHES

Regarding data processing by WaysDerma Beautifying Herbs Organic Skin Care Ltd. in relation to personal data breaches, the controller is: WaysDerma Beautifying Herbs Organic Skin Care Ltd.

Regarding data processing by WAYSDERMA Beauty Salon Ltd. in relation to personal data breaches, the controller is: WAYSDERMA Beauty Salon Ltd.

Please be informed that each of the above controllers qualifies as an individual controller in terms of their processing operations relating to personal data breaches; for the purposes of this Section, each shall be referred to as a controller. 

For what purpose are your personal data processed?

So that if necessary, the controller can notify you of any personal data breach, and can document that such notification has been sent. Data subjects: are the users whose data were affected by the personal data breach detected at the controller. The controller’s notification obligation on the personal data breach is based on Article 34 of the GDPR, according to which the controller shall communicate the personal data breach to the data subject when the personal data breach is likely to result in a high risk to his or her rights and freedoms and/or if the supervisory authority (NAIH – Hungarian National Authority for Data Protection and Freedom of Information) ordered to controller to do so. The notification shall not be required in the cases regulated in Article 34(3) of the GDPR. Furthermore, so that the controller can comply with its obligation to document personal data breaches in accordance with Article 33(5) of the GDPR – the personal data breach records contain your data anonymously (e.g. the approximate number of data subjects, categories of data concerned).

 

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data:

·         data provided in the enquiry

·         name

·         e-mail address or other contact information

·         subject-matter and content of the request

·         in certain cases, signature

·         in the case of exercising rights relating to the data of deceased persons: name and contact information of the person entitled to exercise the rights, the necessary data of the death certificate or court decision, and the public document certifying identity and the close relative status and/or the fact of certifying the close relative status, any declaration or order made to the controller.

 

Legitimate interest

(Article 6(1)(f) of the GDPR)

The personal data are processed by the controller so that it can properly document any data processing enquiries and the measures taken upon them, can defend any legal claims and/or can prove its compliance with the GDPR and the data protection laws upon an authority’s inquiry. Furthermore, the controller’s legitimate interest is also in line with Article 5(2) of the GDPR (the principle of accountability) and documents compliance therewith under Article 12(1) of the GDPR, also having regard to Article 11 (Processing which does not require identification). Furthermore, data processing for this purpose also serves the enforcement of the controller’s business and economic interests and its legally compliant operation (Section 25 of the Privacy Act). Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing the controller’s interests. There is no other way to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within the controller’s organisation have access to the personal data.

 

Data will be retained for 18 months following the date of enquiry, so that we can prove that we have ensured your rights in accordance with the GDPR, and also for the resolution of any legal disputes. If a relevant proceeding has been initiated, we will process your personal data until closure of the proceeding.

If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing.

 

 

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator.

 What happens if you do not provide the data?

There is no need to provide any data; we already have them.

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Your personal data may be accessed by the controller’s dedicated employees, and the data may be transferred to the supervisory authority (NAIH) and/or to the controller’s legal representative (Dr Juhaz Gabor Law Firm, H-1027 Budapest, Csalogany u 55. V/2 Hungary – purpose: legal representation).
Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes:

 

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma
  1. ENFORCEMENT OF LEGAL CLAIMS

Regarding data processing by UR TRAVELS Ltd. in relation the enforcement or defence of legal claims, the controller is: UR TRAVELS Ltd.

Regarding data processing by UR TRAVELS Ltd. in relation the enforcement or defense of legal claims, the controller is: UR TRAVELS Ltd.

Please be informed that each of the above controllers qualifies as an individual controller in terms of their processing operations relating to the enforcement of legal claims; for the purposes of this Section, each shall be referred to as a controller.

For what purpose are your personal data processed?

So that the controller can enforce its legal claims and defend itself against the claims asserted against the controller.  Data subjects include the persons concerned by the relevant legal dispute.

Which of your personal data do we process:

On what basis do we process these (legal bases):

For how long do we process these data:

·         name

·         email address

·         content of the notification on the breach (in particular: the nature of the personal data breach, consequences, remedial actions taken)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

personal data breach records:

·         number of data subjects

·         the categories of personal data concerned

·         facts regarding the personal data breach

 

 

 

 

 

 

 

 

 

 

 

Legitimate interest

Under Article 6(1)(f) of the GDPR

Your personal data are processed by the controller so that it can fulfil its obligations in accordance with Article 33(5) (documentation of personal data breaches) and Article 34 (communication of a personal data breach to the data subject) of the GDPR, can properly document the same, can defend any legal claims and/or can prove its compliance with the GDPR and the data protection laws upon an authority’s inquiry. Furthermore, the controller’s legitimate interest is also in line with Article 5(2) of the GDPR (the principle of accountability) and, under Article 34 of the GDPR, it is mandatory for the controller in order to operate in compliance with the law. Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing the controller’s interests, and it also serves the interests of the data subjects, given that it is also necessary to protect their personal data. There is no other way to carry out these data processing operations.

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

Safeguards: We limited the scope of personal data processed to the minimum. Only a limited number of dedicated employees within the controller’s organisation have access to the personal data.

 

Data will be retained for 18 months following the date of communication of the breach, so that we can prove that we have performed our obligations in accordance with the GDPR, and also for the resolution of any legal disputes. If a relevant proceeding has been initiated, we will process your personal data until closure of the proceeding. If you have objected to data processing, data are processed until the assessment of such objection, except if our legitimate interests allow for further processing or there is another legal ground for processing. 

 

 

 

OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator. 

What happens if you do not provide the data?

You do not need to provide any data, as the controller already has them; we received such data from you or the competent e.g. consumer protection authority, court or other authority in connection with your claim (e.g. consumer complaint, action filed).

The manner of erasing the data: The above data will be erased upon expiry of the specified time limit.

To whom we may transmit your data: Your personal data may be transferred to the competent authority, court, public body or bailiff and/or to the controller’s legal representative (Dr Juhaz Gabor Law Firm, H-1027 Budapest, Csalogany u 55.V/2, Hungary – purpose: legal representation).
Certain data concerning you may be transferred to the member of the group of undertakings for administrative purposes: 

UR TRAVELS Ltd. H-1052 Budapest, Piarista utca 4. Hungary Ownwer of Ways Derma

 

  1. BROWSING, COOKIES

The controller in respect of the data processing in relation to the information society services provided on the www.WaysDerma.com website (including the webshop on the website) is: UR TRAVELS Ltd.

When you visit the www.WaysDerma.com website (including the webshop on the website), the website places cookies – short data files, strings – on your computer. If you want to avoid the application of cookies on your computer or other device used for browsing (e.g. mobile phone, tablet etc.) you have the opportunity to disable the cookies for example through the relevant settings of your browser. For detailed information on cookies, see the ‘COOKIE NOTICE’ chapter of the Privacy Notice.

For what purpose are your personal data processed?

To ensure the proper operation of the www.WaysDerma.com website, the proper display of contents, to properly design the user interface, to continuously develop the website to improve user experience and to ensure data security. Furthermore, in order to identify the users’ browsing habits, as well as to prepare statistics relating to the website, and to collect anonymised personal data for statistical purposes. The data subjects include the visitors of the www.WaysDerma.com websites.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • the IP address, MAC address of your device
  • type of operating system and browser
  • data of error messages
  • website activity data
Legitimate interest

 

(Article 6(1)(f) of the GDPR)

Regarding the cookies that are necessary for ensuring the proper operation and basic functions of the www.waysderma.com website for our users, e.g. navigation on the website, using the basket and ordering function in the webshop, the legitimate interest of UR TRAVELS Ltd. is to be able to operate its website and/or for the cookies to ensure the smooth operation of the webshop running on the website. Data processing also serves the purpose that, regarding UR TRAVELS Ltd., we can ensure that the webshop running on the website can be visited and orders can be placed therein.  Having weighed the affected data subjects’ interests, rights and freedoms to freely dispose of their personal data, we have found that processing the data is necessary for enforcing our interests and the interests of third parties, and it also serves the interests of the data subjects, given that using the website would be impossible without the application of these cookies. There is no other way to carry out these data processing operations and the proper operation of the whole website.

 

YOU HAVE THE RIGHT TO OBJECT TO OUR DATA PROCESSING OPERATIONS CARRIED OUT FOR A LEGITIMATE INTEREST

 

Safeguards: The cookies only process a minimum of personal data, and the cookies we use mostly process data in an anonymised way. 

 

Cookies processed based on legitimate interest (for detailed information see the COOKIE NOTICE):

  • user-input cookies
  • authentication cookies
  • user centric security cookies
 

 

Information in the cookies is stored until the realisation of the purpose (expiry of their validity), in this regard, see the detailed information in the ‘COOKIE NOTICE’ chapter of the Privacy Notice; or we process the data until you disable data processing.

  • the IP address, MAC address of your device

For third party cookies (Google Analytics) and/or anonymously:

  • the number of website visitors
  • referral site
  • the website pages visited, clicks within the website
Your consent.

 

(Under Article 6(1)(a) of the GDPR)

 

For remarketing cookies, cookies displaying advertisements or monitoring user behaviour, displaying general offers, and for statistical cookies, processing is based on your consent. Your identification based on your IP address to navigate you to the language site.

 

You have the right to withdraw your consent at any time.

Information in the cookies is stored until the realisation of the purpose (expiry of their validity), in this regard, see the detailed information in the ‘COOKIE NOTICE’ chapter of the Privacy Notice; or we process the data until you disable data processing.

 

 OBJECTION: You shall have the right to object at any time to processing based on our legitimate interests as above; you may do so via the contact information in the ‘Controller’s name and contact details’ chapter or by notifying it to our data protection administrator.

What happens if you do not provide the data?

The data are not provided by you, instead we collect them about you, and the data are automatically logged by the system. Such information in itself is not suitable for personal identification, we do not merge these data with other personal data; we use the data for analyzing trends, making statistics on the use of the site, administering the services, analyzing and meeting users’ demands, all of which contribute to the development of the quality of our services and our website. The individual cookies are essential for the operation of the website. 

The manner of erasing the data: Cookies are automatically deleted when their validity expires. You can also delete the cookies from your own computer and/or you can disable them in your browser. Cookies can usually be managed in the ‘Settings’ menu of the browser, but this may vary by browser. These are available through the following links (for the most popular browsers):

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB

Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Microsoft Edge: https://support.microsoft.com/hu-hu/help/4027947/windows-delete-cookies 

To whom we may transmit your data: the following persons contribute to making it possible to use, browse and display our website:

 

Name Registered office Purpose of data transmission or transfer
UR TRAVELS Kft. H-1052 Budapest, Piarista utca 4, Hungary Operates the webshop and the website for us.

 

 

SHOPIFY INC 150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4 Provides web hosting services for us for the webshop and the website.
Google LLC. 1600 Amphitheatre Parkway

 

Mountain View, California 94043

USA

Provides web analytics services in relation to the website.
Hotjar Ltd. Level 2, St Julians Business Centre,

 

3, Elia Zammit Street St Julians STJ 1000, Malta

 

Provides the cookie collecting visitors’ behaviours.
Optimizely Inc. 631 Howard Street, Suite 100

 

San Francisco, CA 94105, USA

Provides the cookie collecting visitors’ behaviours.
UR TRAVELS kft. H-1052 Budapest, Piarista utca 4, Hungary group of undertakings

 

  1. CONSULTATION

The controller in respect of the data relating to consultation is: UR TRAVELS Ltd. 

Please note that the chat consultation is provided not by WaysDerma, and WaysDerma is solely responsible for making available the chat platform. Consultation is provided by the beautician professional providing the answers, who qualifies as an individual controller. We have no influence whatsoever on the personal data processing by such beautician professional. We recommend you seek information as to personal data processing by the beautician professional prior to using the service. 

For what purpose are your personal data processed?

On the Website, WaysDerma makes available consultations in connection with the products offered in the Webshop; processing takes place with a view to participation in the consultation and the provision of such consultation. Data subjects include the users initiating such consultation and/or participating in the same.

 

Which of your personal data do we process: On what basis do we process these (legal bases): For how long do we process these data:
  • data provided in the framework of consultation
  • name, in some cases
  • email address, in some cases
  • data for/of cosmetic review, recommended products or product groups, in some cases
Your consent.

 

(Article 6(1)(a) of the GDPR)

By checking the relevant checkbox, you expressly consent to UR TRAVELS Ltd. processing your personal data specified in this Section for the purposes of consultation on our website. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

 

Based on your explicit consent,

(Article 9(2)(a) of the GDPR)

 

we process your data falling into special categories of personal data in case you provide such data and if such data are necessary for the consultation.

By checking the relevant checkbox, you expressly consent to UR TRAVELS Ltd. processing your personal data specified in this Section for the purposes of consultation on our website. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed before the withdrawal of such consent.

What happens if you do not provide the data?

Providing the above personal data shall be voluntary; if you do not provide such data to us, you will not be able to participate in our consultation service. Processing of the data provided in the framework of consultation is necessary for provision of the consultation service. Your name and email address are necessary for communication.

Manner of erasing the data: We will erase your above personal data upon expiry of the above deadline.

To whom we may transmit your data:  Within the organisation of WAYSDERMA Beauty Salon Ltd., your data may be accessed by the authorised dedicated employees; your personal data may be transferred to the following processors, for the purposes specified below:

 

Name

Registered office

Purpose of data transmission or transfer

Shopify Inc

150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4

Provides web hosting services for us for the webshop and the website.

UR TRAVELS KFT

H-1052 Budapest, Piarista utca 4, Hungary

Owns and Operates the webshop and the website

 

 

Provides the Payment gateway service for us

Fedex Express Hungary Kft

H-2220 Vecses, Lorinci ut 59, Hungary

Provides logistics and home delivery services

Clear Admin Software Kft

H-1108 Budapest, Gozmozdany utca 14 Hungary

Invoicing

LINKS TO OTHER WEBSITES

Please note that for your convenience and to provide you more comprehensive information we may include links and/or menus to other websites. These websites and blogs operate independently of us, they have their own privacy policies for data processing, and we have no influence on these. You are recommended to also read the privacy notices of any such website you visit.

ACCESS TO DATA, DATA SECURITY MEASURES

The controller will do everything in its power to take care of the security of your personal data in compliance with Article 32 of the GDPR. In addition to that, the controller will take the technical and organisational measures and have in place the procedural rules as necessary to comply with the GDPR and other relevant data protection and confidentiality regulations.

The controller guarantees the appropriate level of data security in the following manner: your data are stored in a secure technical environment, they are accessible only by authorised persons (our staff members after appropriate identification), we use encryption for your electronically stored data, the natural persons with access to the personal data may process the personal data only in line with the controller’s instructions; we ensure that data integrity can be certified, we protect your data from unauthorised access and, with a view to that, we apply security measures, for data transfers we use encryption with an appropriate technical solution, and we test, evaluate and correct our security measures.  Personal data breach: If a breach takes place concerning your data, after becoming aware thereof, we will do everything in our power to mitigate the risks. If such an event takes place concerning your data which, in spite of the protection measures taken by the controller (or its processor), is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority thereof without delay (including any steps you can take).

DATA TRANSFER TO A THIRD COUNTRY

Personal data may only be transferred to a third country if the third country in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation. 

PROFILING

Please note that our data processing operations include profiling as defined in this section.

Google as an independent service provide may perform profiling as follows, which may also have an impact on our website, given that we use the Google Analytics service on the website.

Google’s notice on the service: The controller measures the visitation data of our website using Google Analytics, a web analytics service provided by Google, LLC (‘Google’). Google Analytics mainly uses first-party cookies to report on visitor (aka. user) interactions on Google Analytics customers’ websites. The advertising functions of Google Analytics can be activated with the help of Google advertising cookies – such as remarketing – regarding products of the Google Display Network such as AdWords. For information regarding data protection settings and disabling cookies, please check: https://support.google.com/analytics/answer/6004245?hl=en.  Each computer and device connected to the internet receives a unique number called IP address (Internet Protocol address). These numbers are allocated in blocks by countries, and so an IP address can often be used to identify the country, state/county from where the computer connects to the internet. As, due to the working principle of the internet, websites are using IP addresses, website owners can learn their users’ IP address even if they do not use the Google Analytics service. However, Google Analytics only collects the IP addresses of the website users to ensure the security of the service and allow website owners to know in what parts of the world their users are located (this is also called ‘IP geolocation’). Data is stored in an encoded format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering. Google applications run in a multi-tenant, distributed environment. Rather than segregating each customer’s data onto a single machine or set of machines, data from all Google users (consumers, business, and even Google’s own data) is distributed among a shared infrastructure composed of Google’s many homogeneous machines and located in Google’s data centers. For further information about Google’s privacy principles, click here: https://policies.google.com/privacy?hl=en. You can also unsubscribe from Google Analytics tracking in the future by downloading the Google Analytics Opt-out Browser Addon application and installing it to your current browser: tools.google.com/dlpage/gaoptout.

 

YOUR RIGHTS AND HOW TO ENFORCE THEM

You shall have the following rights in connection with your personal data processed by us:

  1. Right of access
  2. Right to rectification
  3. Right to erasure
  4. Right to restriction of processing
  5. Right to data portability
  6. Right to object
  7. Right to withdraw consent

 

 

  1. RIGHT OF ACCESS

You shall have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, about the following: what personal data are processed (in what categories), for what purpose, for how long, and the recipients of such data. Furthermore, you can to request information as to what rights you have in connection with processing i.e. that you may request the erasure, restriction of processing of personal data, the rectification of data, and may object to processing. Furthermore, you shall have the right to file a complaint with the supervisory authority (Hungarian National Authority for Data Protection and Freedom of Information, Nemzeti Adatvédelmi és Információszabadság Hatóság, registered office: H-1024 Budapest, Szilágyi Erzsébet fasor 22/C., website: www.naih.hu, phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu). Where the personal data have not been collected from you, you may request information as to their source.

  1. RIGHT TO RECTIFICATION

You may request that your personal data be rectified, corrected or made accurate, if they have changed or have been wrongly recorded. If your data have been recorded incompletely, you may also request their completion by means of a supplementary statement.

 

  1. RIGHT TO ERASURE

You shall have the right to obtain the erasure of personal data concerning you where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which we have collected or processed them
  • you withdraw consent on which the processing is based, and there is no other legal ground for the processing
  • you object to the processing and there are no overriding legitimate grounds for the processing
  • we have processed the personal data unlawfully
  • the data have to be erased for compliance with a legal obligation
  • in relation to services directly offered to children.

Where we have made the personal data public, we shall take reasonable steps to inform controllers which are processing the personal that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Please note that we will not be able to fulfill your erasure request if the data are necessary for the establishment, exercise or defense of legal claims; the erasure would restrict the exercising of the right of freedom of expression and information; or if a legal obligation applicable to us (or purposes in the public interest, scientific or historical research purposes or statistical purposes) requires us to act contrary to the request.

 

  1. RIGHT TO RESTRICTION OF PROCESSING

You shall have the right to obtain from us restriction of processing where one of the following applies:

  • you do not think that the personal data are accurate; in such a case restriction applies to a period enabling us to verify the accuracy of the personal data
  • the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead
  • we no longer need the personal data, but they are required by you for the establishment, exercise or defence of legal claims
  • you object to processing, in such a case restriction applies pending the verification whether our legitimate grounds override your legitimate grounds

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall inform you about those recipients if you request it.

  1. RIGHT TO DATA PORTABILITY

You shall have the right to receive the personal data we process concerning you, and have the right to transmit (or have us transmit upon your instruction) those data to another controller specified by you, if processing is based on your consent or the performance of a contract, and is carried out by automated means. Portability shall be without prejudice to the rights and freedoms of others, and to the right of erasure (right to be forgotten).

  1. RIGHT TO OBJECT

You shall have the right to separately object to processing of personal data concerning you which is based on the controller’s legitimate interest, public interest, or is carried out in the exercise of official authority, including profiling. Please note that we perform profiling according to “Profiling” section of this Privacy Notice.  In such cases we shall no longer process your personal data unless processing is justified by compelling legitimate grounds which override your interests, rights and freedoms or are necessary for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. After such objection, we may no longer process the data.

 

  1. RIGHT TO WITHDRAW CONSENT

You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Enforcement of rights relating to personal data after the data subject’s death

Pursuant to the Hungarian Privacy Act: Within five years of the death of the data subject, the following rights may be enforced in relation to the data of the deceased person by a person authorised to do so by the data subject in the form of an administrative disposal or a declaration made at the controller and incorporated in a public deed or a private deed of full probative value: right of access, rectification, erasure, restriction and objection. If the data subject has made more than one declaration, the declaration of the later date may be used to enforce the rights. If the data subject has not made an administrative disposal or a declaration at the controller, his or her close relative according to the Civil Code first contacting the controller may demand rectification or object to processing, and – if the processing had already been unlawful in the life of the data subject or if the purpose of processing terminated upon the death of the data subject – demand erasure or the restriction of processing of the deceased person’s data within five years of the death of the data subject. Upon request, the controller shall inform the data subject’s close relative on the measures taken, unless the data subject had prohibited it.

The person enforcing the data subject’s rights shall verify the fact and the date of the data subject’s death with a death certificate or with a court decision, as well as his own personal identification, together with his status as a close relative, with a public deed, in accordance with the law.

The following means of legal enforcement and remedies are available to you in connection with our processing of your personal data:

  1. You may contact us
  2. You may enforce your right to file a complaint
  3. You may turn to court
  4. You may demand compensation

 

  1. you may contact us

If you have a complaint in relation to data processing or wish to exercise your rights, you can use our following contact information for that purpose:

Email: Customercare@WaysDerma.com,

Mailing address: for UR TRAVELS Ltd., H-1052 Budapest, Piarista utca 4., Hungary. 

We shall inform you without undue delay and at the latest within one month of receipt of the request of any measures taken further to your request, or of the reasons for not taking action. That period may be extended by two further months if the request is complex or a high number of requests is received. We will provide the information by electronic means where possible. Information and any actions taken shall be provided free of charge, unless the requests are manifestly unfounded or excessive, in particular because of their repetitive character. In such cases we may charge a reasonable fee or refuse to act on the request. We may request the provision of information necessary to confirm your identity in connection with the request. A copy of your personal data processed by us may also be requested free of charge for the first time; for any further copies, we shall charge a fee corresponding to administrative costs.

  1. RIGHT TO LODGE COMPLAINTS

If you believe that our data processing does not comply with the law, you may lodge a complaint to the supervisory authority; you can also lodge a complaint to the supervisory authority if we fail to act upon your request without delay but within no more than a month of receipt of the request and/or we fail to notify you of the reason of the delay. The main supervisory authority of the controller’s headquarters in Hungary is the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság), with its registered office at: H-1024 Budapest, Szilágyi Erzsébet fasor 22/C., website: www.naih.hu, phone number: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu.

  1. Right to turn to court

You have the right to turn to court: (i) against the binding decision passed by the supervisory authority concerning you, (ii) if we fail to act upon your request without delay but within no more than a month of receipt of the request and/or we fail to notify you of the reason of the delay, (iii) if the supervisory authority neglects your complaint, has rejected your complaint although you think it was justified, or completely fails to notify you of the developments and results regarding your complaint within three (3) months, (iv) without prejudice to your right to complaint, you may turn to court if you believe that your rights under the GDPR have been violated as the processing of your data did not comply with the GDPR. Proceedings against a controller shall be brought before the courts of the Member State where the controller has an establishment (Hungary). Alternatively, such proceedings may be brought before the courts of the Member State where you have your habitual residence.

  1. Right to compensation

If you have suffered material or non-material damage (grievance award) as a result of violation of the GDPR, you are entitled to compensation from the controller or the processor for any damage suffered. We shall be exempt from liability if we prove that we are not in any way responsible for the event giving rise to the damage.

LEGAL BACKGROUND FOR PROCESSING

Data controllers process your personal data under the following laws:

  1. REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCILof 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’)
  2. Hungarian law: Act CXII of 2011 on Informational Self-Determination and Freedom of Information (‘Privacy Act’)
  3. Hungarian law: Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Business Advertising Activities (‘Business Advertising Act’)
  4. Hungarian law: Act V of 2013 on the Civil Code of Hungary (‘Civil Code’)

GOVERNING LAW AND OTHER PROVISIONS

This Privacy Notice shall be governed by the laws of Hungary.

Should the laws in effect in your country impose rules on the parties which are more stringent than those in this Privacy Notice, you shall be obliged to comply with those more stringent rules. You, however, acknowledge and accept that the controller’s liability is based on the laws governing this Privacy Notice, and that, to the greatest extent permissible under the relevant laws and court decisions, it excludes its liability for not complying with the provisions applicable in the user’s country.

The headings herein are for convenience only; in themselves they are not sufficient to understand the details of processing. Should you have any questions not clearly answered in this Privacy Notice, please feel free to notify us thereof via the Customercare@WaysDerma.com email address.

UR TRAVELS Ltd. / Owner of WAYSDERMA webshop /Dr Juhaz Gabor Law Firm