Details of Controller
Name: BioTech USA Limited Liability Company [BioTech USA Korlátolt Felelősségű Társaság]
Registered seat: 1033 Budapest, Huszti út 60.
Company registration number: 01-09-352550
Tax number: 25114681-2-44
Registration authority: Company Registry Court of Budapest - Capital Regional Court [Fővárosi Törvényszék Cégbírósága]
Postal address: 1033 Budapest, Huszti út 60.
E-mail address: webshop@biotechusa.hu
Phone number: +36 1 453 2716
III. Contact details of Controller's Data Protection Officer
Postal address: 1301 Budapest, Pf. 30.
E-mail address: dpo.btu@dnui.hu
Phone number: (1) 788 3035
Controller's data processing activities on both https://biotechusa.life/ and sites https://biotechusa.hu sites
A) Cookie
Anonymous visitor identifiers (cookies) are files or pieces of information that are stored on your computer (or other internet-enabled devices such as your smartphone or tablet) when you visit one of our websites. A cookie usually contains the name of the website it came from, its 'lifetime' (how long it stays on your device) and its value, which is usually a randomly generated unique number.
We use cookies to better tailor our websites to you in the future, to offer you products based on your interests and needs, and to make our sites easier for you to use. Cookies help speed up your future activities and improve your experience when using our sites. Cookies can also be used to generate anonymous, aggregated statistics so we can better understand how people use our sites and improve their structure and content.
In terms of their duration, we distinguish between so-called session cookies and persistent cookies. Session cookies are temporary, i.e., they remain on your device until you leave our website. Permanent cookies stay on your device for much longer, sometimes until you manually delete them.
Other sites also collect information using pixel tags that can be shared with third parties. This directly supports our promotional activities and website development. For example, our visitors' website usage information can be shared with advertising agencies to enable us to more effectively use online advertising on our websites.
Most internet browsers are initially set to enable cookies. You can change the settings to block cookies or request a warning when cookies are enabled on your device. There are several ways to manage cookies. Please consult the browser information or help page to learn more about browser settings and how to change them!
If you disable the cookies we use, it may affect your experience while you are on our website. For example, you may not be able to visit certain parts of the BioTechUSA website or receive personalized information when you visit a BioTechUSA page.
If you use different devices to view and access BioTechUSA websites (e.g., computer, smartphone, tablet, etc.), please make sure that each browser on these devices is set up to meet your cookie needs.
The cookies used on our website are classified into the following categories:
Essential cookies
These cookies allow us to make the website usable by enabling basic functions such as site navigation. The website cannot function properly without these cookies, so accepting them is mandatory.
Legal basis for data processing: Pursuant to Article 6(1)(f) of the GDPR, the Controller has a legitimate interest in the proper functioning of the website.
Purpose of data processing is to ensure the proper and secure operation of the website.
Duration of data processing: Until a date specified in the Cookie Policy.
Preferences cookies
These cookies allow the website to remember information that changes the way the website behaves or looks, such as the language or region you use. Accepting these cookies is optional.
Legal basis for data processing: Pursuant to Article 6(1)(a) of the GDPR, the consent of the website user.
Purpose of data processing is to facilitate the use of the website.
Duration of data processing: Until the withdrawal of consent, but no later than the date specified in the Cookie Policy.
Marketing cookies
These cookies are used to track visitors to the website. The aim is to display ads that are relevant and interesting to the visitor, and therefore more valuable to the advertisers and third-party advertisers. Acceptance of these cookies is optional.
Legal basis for data processing: Pursuant to Article 6(1)(a) of the GDPR, the consent of the website user.
Purpose of data processing is to display ads to website visitors that are relevant and of interest to that visitor.
Duration of data processing: Until the withdrawal of consent, but no later than the date specified in the Cookie Policy.
Other/unclassified cookies
The categorisation of these cookies is in progress, with the help of individual cookie providers. Acceptance of these cookies is optional.
Legal basis for data processing: Pursuant to Article 6(1)(a) of the GDPR, the consent of the website user.
Purpose of data processing: It helps visitors to the website to access relevant information through the optimal operation of the website's features.
Duration of data processing: Until the withdrawal of consent, but no later than the date specified in the Cookie Policy.
Recipients:
Controller's employees and Data Processors involved in the operation of cookies.
For detailed information about the cookies used on the websites, please refer to the Cookie Policy.
The first time you access the website, a window will pop up at the bottom of the screen containing the Cookie Policy, which describes the cookies used on the website, their function and duration.
Cookies can be enabled by clicking on the 'Accept all cookies' button. Click on the 'Cookie settings' button to enable or disable the cookies stored by each group (category).
Cookies can be enabled or disabled in groups (by category), and you can confirm the operation of the corresponding cookies by clicking on the 'Accept' button.
If new cookie(s) are used on the website, they must be enabled and authorised. In this case, the window at the bottom of the screen will pop up again and highlight the cookie groups where changes have been made. The new cookie(s) will be enabled as described above.
It is of course possible to view and change previously enabled cookies at any time. You can do this by clicking on the button below:
If a cookie contains personal data, you will find a warning about this in the description of the cookie.
Emarsys eMarketing Systems GmbH (address: Märzstrasse 1, 1150 Vienna, Austria) is the data processor involved in the processing of the data collected by the cookies.
B) Profiling
Profiling is defined as the evaluation of personal characteristics relating to natural persons in the context of any automated processing of personal data, in particular to analyse and predict the personal preferences or interests, location or movements of the data subject.
Profiling allows the Service Provider to send you targeted, personalised offers and messages based on your previous orders and online behaviour.
The data required for profiling may be obtained by the Service Provider through the following activities:
- fill in a profile extension questionnaire: name, e-mail address, date of birth, gender, purpose (what is your purpose for taking nutritional supplements? e.g.: for toning, diet, weight gain).
- online shopping: purchase details (what, when, how much, where from, payment method).
- website browsing, behaviour: site usage (product page, category page, shopping cart contents, search).
On the basis of the purchase and behavioural data, Emarsys eMarketing Systems GmbH uses artificial intelligence to determine data about the user, which the Service Provider can use to create segments on the basis of which it can run personalized campaigns.
Personal data processed: a) collected from the data subject: name, e-mail address, city, postal code, date of birth, telephone number, gender, purchase data, IP address (from which the registration was received); b) derived data not collected from the data subject (based on prediction, machine learning algorithm): favourite products, favourite categories, time of last web visit, duration; c) in addition, there are other data that the Service Provider can filter and create segments based on: email interaction (open/click/affinity to email categories, from which device, from which city clicked/opened), user's purchase lifecycle, purchase status (based on spend), average spend.
Purpose of data processing: sending targeted, personalised offers and messages.
Legal basis for data processing: Pursuant to Article 6(1)(a) of the GDPR, the data subject's consent. The data processor uses marketing cookies for profiling; thus, consent or non-consent to profiling can be expressed by giving or not giving consent to the use of marketing cookies when accepting the Cookie Policy.
Duration of data processing: Until the withdrawal of the data subject's consent. In order to ensure that the storage of personal data is limited to the necessary period, the controller will delete personal data without withdrawal of consent after 3 years from the date of their provision.
Recipients: data processor Emarsys eMarketing Systems GmbH (address: Märzstrasse 1, 1150 Vienna, Austria).
C) Remarketing
Remarketing allows the Service Provider to display advertisements to people who have previously visited its website or provided their e-mail address.
Personal data processed: e-mail address, purchase data.
The purpose of the processing is to show ads to previous users on Facebook and Google.
Legal basis for data processing: The legitimate interest of the Service Provider (direct marketing) pursuant to Article 6 (1) (f) of the GDPR. The user's e-mail address is transferred to the Service Provider when subscribing to the newsletter, based on the subscriber's consent. In other words, the Controller also processes the e-mail address provided for purposes (remarketing) other than the purpose of data collection (sending the newsletter).
Duration of data processing: the data subject has the right to object at any time to the processing of personal data concerning him or her for remarketing purposes. If the user withdraws his/her consent to receive the newsletter (which he/she is entitled to do at any time), the processing of his/her data for remarketing purposes will also cease. In order to ensure that the storage of personal data is limited to the necessary period, the controller will delete personal data without the need to object or withdraw consent after 3 years from the date of the last newsletter.
Recipients: data processor Emarsys eMarketing Systems GmbH (address: Märzstrasse 1, 1150 Vienna, Austria), who transmits the advertisement to be displayed and the e-mail addresses based on the instructions of the Service Provider to Facebook Ireland Ltd. (address: 4 Grand Canal square, Grand Canal Harbour, D2 Dublin, Ireland; Facebook Ads), and to Google Inc. (address: 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA) (Google AdWords), who, also being data processors, display the advertisement to their registered users whose registered e-mail address is included in the list received from Emarsys.
D) Other
Information about data processing not listed in this notice is provided at the time of collection.
We inform the visitors of the website that the court, the prosecutor's office, the investigating authority, the law enforcement authority, the administrative authority, the Hungarian National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may contact Controller to provide information, to disclose or transfer data, or to provide documents.
Controller shall disclose to the authorities - provided that the authority has indicated the precise purpose and scope of the data - personal data only to the extent and to the extent strictly necessary for the purpose of the request.
Disable, delete cookies
You can restrict or delete cookies in your browser. The way you can do this may vary depending on the type of browser you are using and can be accessed in your browser settings or under 'Help'.
For more information on cookie settings for each browser, please refer to the following links:
Cookie settings in Internet Explorer: Deleting and managing cookies (microsoft.com)
Cookie settings in Microsoft Edge: Deleting cookies in Microsoft Edge
Cookie settings in Chrome: Deleting, enabling and managing cookies in Chrome - Android - Google Chrome Help
Cookie settings in Firefox: Deleting cookies installed by websites from your computer | Firefox Help (mozilla.org)
Cookie settings in Safari: Managing cookies and site data in Safari on your Mac - Apple Support
Rights of visitors and users of the website in relation to data management
You have the following data subjects' rights under the legislation in force, but please note that the exercise of these rights is affected by the technical characteristics of cookies. Accordingly, we recommend that you make use of the options detailed in the previous section of this notice.
Please note that in the case of consent-based processing, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent prior to withdrawal.
Please note that you have the right to object at any time to the processing of your personal data based on the legitimate interests of the Controller or a third party.
You may request free of charge information on the details of the processing of your personal data, as well as request the rectification, erasure, restriction of processing and object to the processing of such personal data. Requests may be submitted to the contact details of the Controller as set out in Section II.
Controller shall inform any recipient (processor) of the rectification, erasure or restriction of processing to whom or with which it has disclosed the personal data, unless this proves impossible or involves a disproportionate effort. We will inform you of these recipients upon request.
Controller will inform you without undue delay, and in any event within one month of receipt of the request, of the action taken in response to the request under paragraphs (a) to (f) below. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months. Controller shall inform you of the extension, stating the reasons for the delay, within one month of receipt of the request.
If you have submitted the request electronically, Controller will provide the information electronically, unless you request otherwise.
If Controller does not act on your request, it will inform you without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility to lodge a complaint with a supervisory authority and exercise your right to judicial remedy.
a) Right of access: you have the right to obtain feedback from the Controller on whether your personal data are being processed and, if such processing is taking place, you have the right to access your personal data and the following information: the purposes of the processing, the categories of personal data concerned, the data processors, the duration of the processing, if the data have not been collected by the Controller from you, any available information on their source.
b) Right to rectification: You have the right to have inaccurate personal data relating to you rectified by Controller at your request without undue delay. Having regard to the purposes of the processing, you have the right to obtain the rectification of incomplete personal data.
c) Right to erasure ('right to be forgotten'): You have the right to obtain from the Controller, at your request, the erasure of personal data relating to you without undue delay, and the Controller has the obligation to erase personal data relating to you without undue delay when the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; you withdraw your consent and there is no other legal ground for the processing; you object to the processing; the personal data have been unlawfully processed; the personal data must be erased in order to comply with a legal obligation under European Union or Member State law to which the Controller is subject.
If the Controller has disclosed the personal data and is required to delete it, it will take reasonable steps to inform the data controllers that you have requested the deletion of the links to or the copies of the personal data.
d) Right to object: You have the right to object at any time to the processing of your personal data based on the legitimate interests of the Controller. In such a case, the Controller may no longer process the personal data unless you can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such purposes, including profiling, where it is related to direct marketing.
e) The right to restriction of processing: you have the right to have the Controller restrict processing at your request if you contest the accuracy of the personal data; the processing is unlawful; the Controller no longer needs the personal data for processing, but you request it for the establishment, exercise or defence of legal claims; you have objected to the processing. If the processing is restricted, such personal data, except for storage, may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.
f) Right to data portability: where the processing is based on consent or on a contract for the performance of a contract and the processing is carried out by automated means, you have the right to receive the personal data you have provided in a structured, commonly used, machine-readable format and to transmit those data to another controller without the controller's interference.
Personal data storage methods, security of data processing
Controller's servers are operated and maintained by contracted companies in case of problems.
Details of the data processing company: Mongouse Kft. (address: 1117 Budapest, Budafoki út 183.)
Details of the data processing company: Servergarden Kft. (address: 1023 Budapest, Lajos utca 28-32.)
Details of the data processing company: Rackforest Zrt. (address: 1132 Budapest, Victor Hugo utca 11., 1.em. B05001.)
Controller uses a server service, which is operated and maintained by a contractor in case of problems: JLM PowerLine Kft. (address: 2111 Szada, Ipari park út 12-14.).
Controller shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the level of risk, taking into account the technological progress and the cost of implementation, the nature, scope, context and purposes of the processing and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
Controller shall take appropriate measures to protect the data against, in particular, unauthorised access, alteration, transmission, disclosure, deletion or destruction, accidental destruction, damage and inaccessibility resulting from changes in the technology used.
Controller's IT system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and attacks leading to denial of service. Controller ensures security through server-level and application-level protection procedures.
Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes or disclosure or modification of information. Controller will take all reasonable precautions to protect against such threats. It monitors systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.
Controller shall keep a record of any data breaches, indicating the facts relating to the data breach, its effects and the measures taken to remedy it.
Complaints
If you are concerned that the processing of personal data concerning you infringes the legal provisions on data protection, you have the right to take the Controller to court and to lodge a complaint with the supervisory authority.
Supervisory authority: Hungarian National Authority for Data Protection and Freedom of Information [Nemzeti Adatvédelmi és Információszabadság Hatóság]
Registered seat: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Telephone number: +36 1 391-1400
Fax: 36 1 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/
Effective as of 10/07/2021
Date: 24/05/2024
BioTech USA Kft.