Data protection statement

Data protection statement

Valid from 1 September 2024

It is important to us that we comply with all applicable data protection rules and laws. Therefore, the following describes in detail the data protection measures taken by the website herbafulvo.eu and MD Vital Ltd. and the processes related to the processing of personal data.

The data is processed by MD Vital Kft., which is responsible for data management.

Full, registered company:
MD Vital Ltd.
E-mail address: info@herbafulvo.eu
Postal address: H-6600 Szentes, Tóth József utca 16/1.

What personal data do we process and why?

Personal data are data that can be used to identify an individual person. On the herbafulvo.eu website, we process the following personal data, indicating the legal basis:

Communication data

This includes messages sent to us through our website, emails, social media notifications or any other form of communication.

This data is processed and stored to enable us to fulfil orders. In the event of legal proceedings, this data may be used as a basis for decision-making.

The legal basis for this administration is the user's demonstrable interest in our activities, as indicated in the messages sent to us.

Customer data

This includes all data that is generated in connection with the purchase of products and services, such as the customer's name, shipping and billing address, email address, telephone number and details of the product purchased.

We process this data to ensure the successful fulfilment of orders and to keep records of purchase transactions in accordance with the law.

The legal basis for the collection of this data is the performance of the sales contract between the customer and MD Vital Kft. resulting from the order.

User data

This includes the data generated during the use of the website, which allows the technical operation of the website, the maintenance of the security of the website, the recording of user activity so that you always have access to the most relevant content.

The legal basis for the processing of data is the demonstrable interest of the user in our activities, for the security of which and for the technical functioning of the website, this storage is necessary.

Technical data

This includes data generated when you use the website, such as IP addresses, login data, browsing data, time spent on each page, page views and navigation paths, number and time of page views, time zones, information about the hardware used to visit the website. This data is generated by our analytics software.

We process this data to analyse users' behaviour on the website, to keep our website secure and to understand the usefulness of our marketing decisions.

The legal basis for the processing of data is the demonstrable interest of the user in our activities, which allows us to process this data in accordance with security requirements and to use it to enhance our business operations for more efficient operation.

Marketing data

This includes user preferences about what marketing content they would like to receive from us.

We process this data to enable you to participate in competitions and to send advertisements about our products/services to users who are interested in them.

We may use the information collected for such purposes from time to time, for example through targeted, relevant advertising on the FacebookTM platform or through various dynamic advertising platforms. We may also use it to measure the effectiveness of our advertising.

The legal basis for processing the data is the user's demonstrable interest in our activities, which allows us to process this data in accordance with security requirements and to use it to enhance our business operations for more efficient operations.

We do not collect sensitive data that could be used to identify ethnic origin, religious beliefs, sexual life and sexual orientation, political opinions and trade union membership, or health, genetic or biometric data.

How is the data collected?

Personal data may be collected by the user providing it to us directly (e.g. by placing an order, registering or sending a message).

Other information is collected automatically when you use the website, for example through so-called cookies or similar technologies. These can only be activated by the user after permission has been granted.

For more information, please read our cookie statement.

We receive certain data from external partners, such as analytics providers like Google (non-EU partner), advertising networks like Facebook (non-EU partner), or partners offering various payment options like PayPal (non-EU partner), Stripe (non-EU partner), Brain Tree (non-EU partner), etc.

Practical steps for data protection

MD Vital Ltd. attaches great importance to the protection of consumer data and compliance with the relevant regulations. Therefore, following a privacy impact assessment of the website, we have compiled a list of the data collected, its necessity and legal basis, and its legal compliance.

To protect the data entered on the forms and generated on the website, we use an SSL certificate (Let's Encrypt Authority X3 certificate) throughout the website.
To protect the website from attacks, we use high quality security software (iThemes Security Pro) to protect the stored data from so-called "brute force" and virus attacks.
Customer and purchase data are stored in encrypted form (pseudonymised) in the data records on the website, so they cannot be read by third parties.
In this privacy statement, users have the opportunity to request information about the processing of their personal data, as well as the possibility to modify or delete their personal data by filling in forms.

From time to time, in order to run our business, we may need to transfer certain data to our service partners (e.g. hosting providers, fulfillment companies, delivery services, newsletter software).

In these cases, we will always select a partner that complies with the requirements of the GDPR regulation and, in the case of a US-based partner, participates in the EU-US Privacy Shield initiative. In addition, we sign a data handling agreement with our partners to ensure responsible data processing.

Marketing Communications

The implementation of marketing communication is essential to the company's activities. The legal basis for processing data in this respect is the interest shown in our services or the express consent of the user.

In accordance with the European Union's Privacy and Electronic Communications Regulations (PECR), we send marketing newsletters to users who have made a purchase from us or have given their explicit consent.

We will always make the withdrawal of this consent and the unsubscription to the newsletter easily accessible. An unsubscribe link is provided at the end of each email. You can request the removal of your data from the database by sending an e-mail to info@herbafulvo.eu. We may continue to send you notifications after you unsubscribe from marketing communications, but only in relation to the fulfilment of orders.

Comments on personal data

In order to maintain normal business operations, it is sometimes necessary to transfer personal data to certain partners. These include:

IT service providers and IT systems troubleshooting and maintenance companies

Sybell Informatika Korlátolt Felelősségű Társaság
Hungary - 1158 Budapest, Késmárk utca 7/B 2. em. 206.
EU VAT number: HU25859502
Phone: +36 1 707 6726
E-mail address: hello@sybell.hu

Our expert partners, such as lawyers, accountants, banks, insurance companies.

K&H Bank Ltd.

Address: 1095 Budapest, Lechner Ödön fasor 9.

Central telephone number: +36 1 328 9000

REVOLUT BANK UAB

Address: Konstitucijos ave. 21B, Vilnius, LT-08130, Lithuania

Jazz-Tax Ltd.

Address: 5540 Szarvas, Kossuth Lajos utca 40.

Government authorities to which we must report our activities
Payment service providers that keep your credit card data secure

Stripe Inc.

510 Townsend Street San Francisco, CA 94103 United States

Phone: 1-888-963-8955

Billing service providers

www.szamlazz.hu

KBOSS.hu Kft

Hungary 1031 Budapest, Záhony utca 7/C.

info@szamlazz.hu

Delivery service providers who deliver orders to the delivery address.

Zásilkovna s.r.o.

Lihovarská 1060/12, 190 00 Praha 9

ID number: 28408306

E-mail: info@packeta.com

DHL International Ltd.

Postal address: Deutsche Post AG, Head Office, 53250 Bonn.

20 Charles-de-Gaulle St.

53113 Bonn Germany

Phone: +49 228 182-0

E-mail: impressum.brief@deutschepost.de

General Logistics Systems B.V.

28-30 Breguetlaan

1438 BC Oude Meer

E-mail: info@gls-holding.com

Fulfilment companies that store and package our products

Webshippy Ltd. and its supplier partners

Logistics centre:

East Gate Business Park C/2.

Fót, HUNGARY, 2151

Phone: +36 1 99 88 099

International data transmission

To maintain business operations, it is sometimes necessary to transfer users' personal data to some of our partners outside the European Economic Area (EEA).

Countries outside the EEA often do not offer an equivalent level of data protection, and European law prohibits data transfers unless the right conditions are met.

In addition to the steps described in section 4, we will always take the following additional steps to ensure data security when transferring personal data outside the EEA:

We will only transfer data to countries that have been assessed by the European Commission as adequate from a data security perspective.
We only use services based in the United States that participate in the EU-US Privacy Shield initiative.

If the above conditions are not met, we will ask our users for their explicit consent to the transfer. This consent may be withdrawn at any time.

Links to third party websites

Our website may occasionally contain links to third-party websites or embedded code snippets that provide third-party services.

Clicking on such links or using embedded systems may allow third parties to collect information about our users.

While we do our best to carefully monitor our partners, we have no control over their privacy policies and we cannot be held responsible for them.

Duration of processing

We will only ever store user data for as long as our legal/accounting/data management obligations require us to do so, or for as long as it is necessary for the operation of the services.

When determining the duration of data processing, we take into account the volume, nature and sensitivity of the data, as well as the potential impact of a possible leak in the event of a data breach.

For tax purposes, we must keep customer billing and purchase data for at least eight years to comply with our legal obligations.

In certain circumstances, we may also use the data in an anonymous form for statistical purposes, in which case the data will be kept without notice for an indefinite period.

Rights of the user

The European Union's General Data Protection Regulation (GDPR) gives website users the following rights:

a, Access to personal data

Website users have the right to request a copy of their personal data held by MD Vital Ltd. This request will normally be granted free of charge within 14 days of the request.

In the event of repeated, annoying, unsubstantiated requests for data, MD Vital Ltd. may charge a reasonable fee for providing the data and may take longer to produce the data.

MD Vital Ltd. will ask for proof of identity before the data is transferred to prevent misuse. To request personal information, please use the contact form below HERE.

b, Changes to personal data

If personal data have been changed or incorrectly provided, users have the right to request rectification. To amend personal data, please contact us via e-mail at info@herbafulvo.eu.

c, Requesting the erasure of personal data

Website users have the right to request the deletion of all their personal data. This request will be granted free of charge within 14 days of the request. After deletion of personal data, the user will not be able to access his/her user account (if any).

MD Vital Ltd. requires proof of identity before deleting data to prevent misuse. To delete personal data, please use the contact form HERE.

d, Request for restriction of processing

Website users have the right to request the restriction of the transfer of their personal data to third parties (service partners) for the processing of their personal data. When submitting the request, they may also specify the specific partners to whom the restriction should apply.

It is important to note that cooperation with certain service partners is essential for the functioning of the website. If such a partner is restricted, certain services of the website may become unavailable to the user.

MD Vital Ltd. will ask for proof of identity before restricting the transfer of personal data in order to prevent misuse. To restrict the transfer of personal data, please use the contact form HERE.

The competent data protection authority in Hungary is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find more information about their data protection rights on the NAIH website.

National Authority for Data Protection and Freedom of Information

Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C

Postal address: H-1530 Budapest, Pf. 5

Phone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.haih.hu

Pseudonymous data and cookies

Cookies and similar technologies used on the herbafulvo.eu website in emails and advertisements on the website, such as tracking code, remarketing identifiers, pixels, are only activated with the user's consent.

These technologies help us to better understand the behaviour and interests of our users to make our work better and more efficient. We aim to make the use of the herbafulvo.eu website as user-friendly and personalised as possible. If the user wishes to prevent the collection of non-personal data by these technologies, the following options are available to him/her: