Privacy Policy

Data Controller: VendingOutlet – International Ltd.

Registered Office: 29 Lovas Street, Szombathely, 9700, Hungary

Company Registration Number: 18-09-109132

Tax ID: 14951349-2-18

Email: operation@vendingoutlet.org

Phone: +36 70 569 4110

Represented by: Anita Németh, Operational Manager

Purpose and Scope of the Information Notice

VendingOutlet International Ltd., as the Data Controller, processes and retains personal data obtained during its activities for purposes defined by law.

The purpose of this notice is to define the lawful order of records maintained by the Data Controller and to ensure the application of the constitutional principles of data protection, the right to informational self-determination, and the requirements of data security. Additionally, this notice aims to record the data protection and data processing principles applied by the Data Controller, acknowledging its data protection and data processing policy as binding.

The purpose of this notice is to ensure that the activities of VendingOutlet International Ltd. in practice comply with legal requirements regarding data protection, guarantee the enforcement of fundamental rights related to the protection of personal data determined in data processing, and ensure compliance with data security requirements.

 

Definitions:

Personal Data:Any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Special Categories of Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.

Data Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Transmission: Making data accessible to a specific third party.

Public Disclosure: Making data accessible to anyone.

Data Erasure: Rendering data unintelligible in such a way that its restoration is not possible.

Register System: Any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or functionally or geographically distributed.

Data Controller: Determines the purposes and means of data processing, alone or jointly with others.

Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller.

Data Subject: Any identified or identifiable natural person based on personal data.

Recipient: A natural or legal person, public authority, agency, or other body to whom or to which the personal data are disclosed, whether a third party or not.

Third PartyA natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the Data Subject: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

E-mail: (Electronic mail) electronic message. Its name refers to the method of writing or transmission, which is entirely electronic and is carried out through computer networks.

Internet: The global network of interconnected computer networks (the so-called metanetwork) that encompasses the entire Earth, linking governmental, military, commercial, business, educational, research, and other institutions, as well as individual users.

Web Page, Website, Web Portal, Homepage: An electronic interface suitable for presentation and information dissemination, typically located on servers connected to the Internet (Webserver). These pages have unique addresses (links) that can be entered into a browser application to navigate to the respective page. The technology of websites allows for forward and backward jumps between individual content elements and links (hypertext).

Cookies: A program component used to create convenience functions on websites. There are two basic types. One is stored on the user's machine, the other on the server side, known as a session cookie. In terms of data processing, the handling of session cookies must be regulated. Visitors to websites should be informed and consent to the use of cookies.

Electronic Newsletter: An electronic message sent to the email addresses of individuals subscribed to a mailing list, typically automatically generated and sent by an application dedicated to this purpose, for transactional, promotional, or other campaign-related information.

Principles of Data Processing

VendingOutlet International Ltd. is committed to protecting the personal data of data subjects and considers it of paramount importance to respect the data subjects' right to self-determination. The recorded personal data is handled confidentially and in compliance with data protection laws. In addition, all technical and organizational measures are taken to ensure the secure preservation of data.

Personal data may only be processed for specific purposes, for the exercise of rights, and for fulfilling obligations. At every stage of data processing, it must comply with the purpose of processing, and the collection and handling of data must be fair and lawful.

Only personal data that is essential for the realization of the purpose of processing, and suitable for achieving that purpose, may be processed. Personal data may only be processed to the extent necessary and for the duration necessary to achieve the purpose.

The personal data retains its quality throughout the data processing until the relationship with the data subject is restorable. The relationship can be restored with the data subject when the data controller possesses the technical conditions necessary for restoration.

Possible Legal Bases and Purposes of Data Processing

Personal data may be processed if at least one of the following applies:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • The processing is necessary for the performance of a contract to which the data subject is a party, or for steps taken at the request of the data subject prior to entering into a contract.
  • The processing is necessary for compliance with a legal obligation to which the data controller is subject
  • The processing is necessary to protect the vital interests of the data subject or of another natural person.
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  • The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Security of Data Processing

The Data Controller is obliged to plan and execute data processing operations in a way that ensures the protection of the privacy of data subjects in the application of laws and other regulations concerning data processing.

The Data Controller, as well as any data processor within its scope of activity, is obliged to ensure the security of data and to take the technical and organizational measures and establish the procedural rules necessary for enforcing legal requirements.

According to the current state of technology and to the best of VendingOutlet International Ltd.'s knowledge, the applied information technology tools and computer systems can be considered protected against unauthorized access, data theft, deletion, alteration, accidental destruction, and unintentional disclosure.

VendingOutlet International Ltd. ensures the protection of data and that, except for legal exceptions, the data cannot be directly linked or attributed to the data subject, in accordance with the available technical level at any given time.

VendingOutlet International Ltd. operates a web interface (website, web page) under its own domain name for the presentation and promotion of its services.

Storage of personal data in connection with the operation of the website:

Hosting and server provider: MediaCenter Hungary Ltd.

Address: 6000 Kecskemét, Erkel Ferenc Street 5.

MediaCenter Hungary Ltd. performs the storage of data and is not authorized to process them

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against becoming inaccessible due to changes in the applied technology.

 

Information regarding the use of cookies

What is a cookie?

The Data Controller uses so-called cookies during the visit of the website. The cookie is an information package consisting of letters and numbers that our website sends to your browser for the purpose of saving certain settings, facilitating the use of our website, and assisting in collecting some relevant, statistical information about our visitors. The cookie does not contain personal information and is not suitable for identifying individual users. The cookie often contains an individual identifier - a secret, randomly generated number - which is stored on your device. Some cookies expire after the browser is closed, while others are stored on your computer for a longer period.

The legal background and basis of the cookie:

The background of data processing is governed by the General Data Protection Regulation (GDPR), Act CXII of 2011 on informational self-determination and freedom of information (Info Act), and Act CVIII of 2001 on certain issues of electronic commerce services and information society services. The legal basis for data processing is generally the consent of the data subject according to Article 6(1)(a) of the GDPR, or in the case of session cookies, Article 6(1)(f) of the GDPR, the legitimate interest of the Data Controller.

The main features of cookies used by the website:

Session cookie: These cookies are temporarily activated while browsing. That is, from the moment the user opens the browser window until it is closed. As soon as the browser is closed, all session cookies are deleted. Session cookies do not store personal data.

The website uses the following cookies, necessary for operation:

  1. cookieyes-consent

Purpose: to record whether the user accepts the use of cookies.

  1. elementor

Purpose: WordPress cookie, allows the website to execute or modify the content of the website in real-time.

Security cookie: We use security cookies for user authentication, to prevent abuse of login information, and to protect user data from unauthorized persons.

Google Analytics cookie Google Analytics is Google's analytics tool that helps website and app owners understand how their visitors engage with their properties. It may use a set of cookies to collect information and report website usage statistics without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the "__ga, _gat, _gid" cookie. In addition to the website usage statistics reports, Google Analytics – together with some advertising cookies described above – can be used to show more relevant ads in Google products (like Google Search) and across the web. (Data Processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.)

_ga: Registers a unique ID used to generate statistical data on how the visitor uses the website. Expiration time: 2 years.

_ga_#: The cookie is used by Google Analytics to gather data on how a user has visited the website, as well as store the time of the first and most recent visit. Expiration time: 2 years

Marketing cookie:

Marketing cookies track visitors on websites. The goal is to display ads that are relevant and engaging for individual users, making them more valuable to publishers and third-party advertisers.

_fbp: Used by Facebook to set up and display advertising products, such as real-time bidding from third-party advertisers. Additional Facebook cookies used: lastExternalReferrer, lastExternalReferrerTime  lastExternalReferrer, lastExternalReferrerTime

Expiration time: 3 months.

_gcl_au: Used by Google AdSense to evaluate the effectiveness of advertisements used on the websites it uses. Expiration time: 3 months.

The data management on https://vendingoutlet.org at any time using your browser. Detailed instructions on how to delete or manage cookies can be found in your browser's help section. You can also use your browser to block cookies or request notification each time the browser receives a new cookie. Blocking cookies may technically hinder the use of our website.

If you do not accept the use of cookies, certain functions will not be available to you. For more information on deleting cookies, you can find it at the following links:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Edge: Settings -> Advanced Settings -> Cookies ("Allow cookies" / "Block all cookies" / "Block only third-party cookies" or: F12 - Debugger - Cookies

Purpose, method, duration of data management:

Data management on the https://vendingoutlet.org website generally takes place based on the voluntary, express consent of users, so that the data communicated during the visit and use of the website is used to maintain continuous contact between the user and the data controller and to conduct public opinion research.

The purpose of data management is to provide services available under the URL on the https://vendingoutlet.org website, operate an informational interface, create statistics, and handle questions received through the website.

The storage of visitor statistics serves exclusively for statistical purposes.

The data controller does not use personal data for purposes other than those specified. The processing of data provided in this way is done with the voluntary consent of the user

Data processed during inquiries, contact, and quotation requests:

You can contact us through any of the contact options available on our website, or send us a message via the form. The personal data provided during contact will be used solely for the purpose of communicating with you and will not be forwarded.

Purpose of data processing: Providing information to interested parties, providing quotations.

Legal basis for data processing:

In case of inquiries and contact, the consent of the data subject under Article 6(1)(a) of the GDPR.

In case of quote requests, the legal basis for data management is Article 6(1)(b) of the GDPR, as the data processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract.

Scope of processed data:

During the contact on our website, we store the following personal data:

  • Name
  • Email address
  • Phone number
  • Message

Duration of data management:

We manage your personal data for different periods depending on the nature of the contact.

In case of inquiries and contact, we do not retain the data after providing the necessary information, unless a legitimate claim can be enforced in connection with the occasional contact. In that case, we may keep it for a maximum of 5 years for the purpose of verification.

In case of providing a quote, the minimum data retention period is the existence of the offer obligation (Section 6:65 of the Civil Code).

In the event of a business relationship, the data will be retained until the end of the accounting data retention period (8 years)

 

During data management, only our employees are entitled to access the data provided by you.

The Data Controller does not verify the data provided by the user for authenticity and suitability; the user is solely responsible for them.

Subscribing to our newsletters:

The data management on https://vendingoutlet.org , the data subject has the opportunity to give consent for VendingOutlet – International Kft. to contact them in the future with offers via email. The consent is given by the data subject voluntarily, by a separate act. VendingOutlet Kft. only processes the data provided by the data subject (email address) in the case of newsletter subscription. If the data subject does not wish to receive newsletters in the future, they can unsubscribe at any time, free of charge. This can be done by email or by clicking the "Unsubscribe" link at the bottom of our newsletters. In the case of unsubscription, we will immediately delete all personal data necessary for sending newsletters and will not contact the data subject in the future with newsletters or offers.

Legal basis for data processing: the data subject's consent based on Article 6(1)(a) of the GDPR.

Duration of data processing: until the withdrawal of consent for sending newsletters.

The Data Controller treats all data and facts concerning users confidentially, using them solely for the development of its services and for its own research and statistics. The publication of reports based on these will only be done in a form that is not suitable for the individual identification of users.

Considering that the provision of data by the User is voluntary and free from external influence, we may process their data until the User expressly prohibits it in writing at the email address contact@vendingoutlet.org. In this case, we will delete it from the records within 48 hours. The same contact details can be used to report data changes, which will also be processed within 48 hours.

General provisions:

The data management on https://vendingoutlet.org is carried out in compliance with the applicable legal requirements and the data protection rules set out in this regulation. The data will only be used for its activities and will not be transferred to any natural or legal person without the data subject's consent, except for data disclosures based on legal obligations or the use of data in aggregated form for statistical purposes, which does not contain the name or any data suitable for the identification of individual users.

If the Data Controller intends to use the provided data for a purpose other than that specified in this Privacy Policy, it shall inform the User appropriately at the given email address and obtain the User's prior and explicit consent, or provide the User with the opportunity to prohibit the different use of the data.

VendingOutlet International Kft. does not assume responsibility for previously deleted but still archived pages that have been archived with the involvement of internet search engines. The removal of these pages must be handled by the operator of the search engine.

Description of rights related to data processing:

 

According to Article 15 of the GDPR, the data subject may request access to their personal data as follows:

The data subject is entitled to receive feedback from the Data Controller as to whether their personal data is being processed, and if such processing is underway, they are entitled to access the personal data and the following information:

  1. a) the purposes of the data processing;
  2. b) the categories of personal data concerned;
  3. c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. f) the right to lodge a complaint with a supervisory authority;
  7. g) where the personal data are not collected from the data subject, any available information as to their source;
  8. h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a widely used electronic format. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

 

According to Article 16 of the GDPR, the data subject is entitled to request the rectification of their personal data from the Data Controller.

If the data subject requests it, the Data Controller is obliged to correct the inaccurate personal data concerning them without undue delay. Taking into account the purpose of the data processing, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

 

According to Article 17 of the GDPR, the data subject is entitled to request the erasure of their personal data from the Data Controller as follows:

The data subject is entitled to request the Data Controller to erase their personal data, and the Data Controller is obliged to erase the personal data concerning the data subject without undue delay if one of the following reasons applies:

  1. a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. b) the data subject withdraws their consent on which the processing is based, and where there is no other legal ground for the processing;
  3. c) the data subject objects to the processing for reasons of public interest, for the exercise of public authority or for the legitimate interests of the data controller (or a third party), and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes;
  4. d) the personal data have been unlawfully processed;
  5. e) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
  6. f) the personal data have been collected in relation to the offer of information society services.

If the Data Controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, taking into account available technology and the cost of implementation, they shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

According to Article 18 of the GDPR, the data subject is entitled to request the restriction of processing of their personal data from the Data Controller as follows:

The data subject is entitled to request the Data Controller to restrict the processing if one of the following applies:

  1. a) the accuracy of the personal data is contested by the data subject, in which case the restriction should be for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or
  4. d) the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

If processing is restricted under the above conditions, such personal data, with the exception of storage, may only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

The Data Controller shall inform the data subject in advance of the lifting of the restriction of processing.

According to Article 21 of the GDPR, the data subject is entitled to object to the processing of their personal data by the Data Controller as follows:

The data subject is entitled to object at any time to processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing. In this case, the Data Controller shall no longer process the personal data for such purposes.

If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, which includes profiling related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

The right to object must be explicitly brought to the attention of the data subject at the latest at the time of the first communication with the data subject, and this information must be presented clearly and separately from any other information.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

If personal data is processed for scientific or historical research purposes or statistical purposes, the data subject shall have the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

Under Article 20 of the GDPR, the data subject has the right to receive their personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format:

The data subject has the right to receive the personal data concerning him/her provided by him/her to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the data controller whose provided the personal data if:

  1. a) the processing is based on consent or on a contract, and
  2. b) the processing is carried out by automated means.

During the exercise of the right to data portability, the data subject is entitled to request, where technically feasible, the direct transmission of their personal data between data controllers.

Exercising the right to data portability shall not prejudice the right to erasure. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

The right to data portability shall not adversely affect the rights and freedoms of others.

Under Article 7(3) of the GDPR, the data subject has the right to withdraw their consent to the processing of their personal data at any time, as follows:

The data subject is entitled to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent can be done in the same simple manner as giving it.

Within five years following the death of the data subject, the rights that the deceased was entitled to during their lifetime, as specified by law, may be exercised by a person authorized by the data subject through testamentary disposition or in an officially authenticated private document, submitted to the data controller.

If the data subject did not make a statement, a close relative according to the Civil Code is entitled to assert certain rights that the deceased was entitled to during their lifetime, in the absence of such a statement.

Remedy

If the Data Subject believes that the Data Controller has violated any legal provision regarding data processing or has not complied with a request, they may initiate proceedings with the National Authority for Data Protection and Freedom of Information (Address: 1055 Budapest, Falk Miksa u. 9-11., Mailing address: 1363 Budapest, Pf.: 9., Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410, Email: ugyfelszolgalat@naih.hu, URL: http://naih.hu) to cease the presumed unlawful data processing.

If the Data Subject's rights are violated or if the Data Controller fails to comply with a request, the Data Subject may also turn to a court against the Data Controller. The court will expedite the proceedings. The jurisdiction for the case falls under the competence of the court. In this case, the Data Subject is free to decide whether to file the lawsuit at the court based on their place of residence (permanent address) or their place of stay (temporary address). You can find the court based on your place of residence or stay on the website http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.