Privacy Policy
Dear Customer,
We hereby inform you that we store and process your personal data for invoicing, communication, handling of quality complaints, and other purposes detailed later. In order for you to understand these data processing activities, we have compiled this information sheet listing in detail what and why we do. If you have any further questions or wish to exercise your rights under the General Data Protection Regulation (Articles 12-23) (access, rectification, erasure, etc.), please feel free to contact our designated colleague with confidence!
Data Controller: Bio-Textima Ltd.
Registered Office: 1 Ipar St., Bősárkány 9167, Hungary
Registered at the Company Registry of Gy-M-S.
County Court under number 08-09-003818
Tax Identification Number: 11131841-2-08
Our company may process your personal data in the following cases:
I. Preparation and conclusion of contracts, purchasing in the webshop.
II. Communication.
III. Handling of quality complaints.
IV. When applying for a job offer.
V. Browsing our website.
VI. Participation in events.
VII. Interaction on social media platforms.
At the end of the document, you will find information on the rights related to data processing, where to turn in case of questions or requests, and the supervisory authority responsible for data protection.
I. Management of Data Related to Contracts and Invoicing:
We process the following data to prepare contracts, fulfill them, and issue related invoices. When entering into contracts, we process data for the purpose of contract fulfillment [Legal basis for data processing under GDPR 6) b)]. Invoicing requires data processing as mandated by laws [Legal basis for data processing under GDPR 6) c)].
Scope of Managed Data:
- Your name, address
- Date and time of purchase
- Name, quantity, price, and payment method of purchased product or service
- For individual entrepreneurs, we also store their tax identification number
Data Transfers: For invoicing, we use an online invoicing system. Data is stored on this platform and shared with the service provider. For credit card payments, we share the payer's identification, transaction amount, date, and time with the terminal provider or online payment interface provider. When purchasing from our webshop, data is stored on the servers of the technological service provider and is also shared with the agency operating the webshop.
Storage Period: We retain data for the duration required by accounting laws.
II. Data Management Related to Communication:
To be able to contact you and inform you about any changes, we process your data. This is in the legitimate interest of the company for communication purposes [Legal basis for data processing under GDPR 6) f)]. You have the right to object to the processing of your data at any time. Please contact us in writing to exercise this right.
Scope of Managed Data:
- Your name
- User ID used on social media platforms, if applicable
- Email address, postal address
- Phone number
- Any other personal data provided in the message. If you are an employee of our business partner, we also process the name of the company on whose behalf you are contacted, as well as your position.
Data Transfers: We share the data with the operator of the messaging platform through which we contacted you (e.g., technological service providers for emails). Messages sent regarding marketing and webshop operations are managed through a marketing agency.
Storage Period: We retain the data for a relevant period depending on the content of the message and delete it upon your request (unless prohibited by law).
III. Handling of Quality Complaints:
If you make an entry in the customer complaints log, we process the data contained therein to fulfill our legal obligations [Legal basis for data processing under GDPR 6) c)].
Scope of Managed Data:
- Your name
- Email address, postal address
- Phone number
- Date and nature of the entry
- Any other personal data provided in the entry.
Data Transfers: We do not transfer the data.
Storage Period: We retain the data for the duration prescribed by law.
IV. Data Management in Recruitment:
Data Processing at the Time of Application: During the selection process, we use the data provided in your resume, application, and cover letter to document your application for the vacant position and to enable your participation in the selection procedure. This is in the legitimate interest of the Data Controller for the selection of personnel [Legal basis for data processing under GDPR 6) f)]. You have the right to object to the processing of your data at any time. Please contact us in writing to exercise this right.
Scope of Managed Data:
- Your name
- Email address, permanent and current address
- Phone number
- Place and date of birth, mother's name
- Your qualifications, including the place and date of acquisition
- Any other personal data shared with us during your application.
- We retain a photo of you, your cover letter, and copies of your educational and other qualifications.
Data Transfers: Resumes received via email pass through the servers of the technological service provider.
Storage Period: We process the data for the duration of the recruitment process, after which it is deleted.
Data Management Upon Filling the Advertised Position:
i. After the selection process is completed, our company uses the data of the successful applicant for the preparation of employment contracts [Legal basis for data processing under GDPR 6) b)]. Further data processing after the signing of the employment contract will be communicated to our employees in an internal notice.
Scope of Managed Data: The scope of managed data is the same as listed in the previous point.
Data Transfers: We transmit the data to the company's lawyer and accountant for the preparation of contracts.
Storage Period: We process the data for the duration of the employment, and we store it for the period required by law.
ii. In cases where you were not selected for the advertised position during the selection process, we will continue to manage your resume for further selection processes if you have provided consent [Legal basis for data processing under GDPR 6) a)].
Scope of Managed Data: The scope of managed data is the same as listed in the previous point.
Data Transfers: We store the data on our email servers and occasionally share it with recruitment agencies.
Storage Period: We retain the data for 1 year.
V. Information for Website Visitors:
During website visits, we record personal data in server logs for cybersecurity purposes. This is in the legitimate interest of the company for cybersecurity purposes [Legal basis for data processing under GDPR 6) f)]. You have the right to object to the processing of your data at any time. Please contact us in writing to exercise this right. Information about data processing during purchases in our webshop can be found in the section regarding contracts.
Scope of Managed Data:
- Visitors' IP addresses
- Browser "fingerprint"
Data Transfers: The data is stored on the servers of the website's technological service provider.
Storage Period: We delete these logs after 1 month.
If you contact us through the contact form on our website, your personal data will be processed according to the provisions outlined in section II of this information.
VI. Event Data Management:
You may meet us in person at exhibitions, trade shows, and other events. During these events, we take photographs and videos that we publish on our social media platforms, website, and in our periodic advertising materials. This data processing is for the legitimate interest of informing the public about our company [Legal basis for data processing under GDPR 6) f)]. You have the right to object to the processing of your data at any time. Please contact us in writing to exercise this right.
Scope of Managed Data:
- Video and photo recordings
- Location and time of the recordings
- Participation in the event
Data Transfers: We transmit the data to the technological service providers of our website. Data processing on social media platforms is covered in a separate section.
Storage Period: We delete the data upon objection; otherwise, we retain it without disposal.
VII. Data Management Related to Social Media Platforms:
In relation to our pages created on social media platforms, we jointly ensure the lawful processing of personal data generated by visiting our pages or interacting with them.
Details of the data processing carried out by us can be found in this Privacy Policy. For further information about the service providers' contact details and details of joint data processing, please refer to the following links:
- Facebook Page Insights (provider: Meta Platforms)
https://www.facebook.com/legal/terms/page_controller_addendum - Instagram (provider: Meta Platforms)
https://www.facebook.com/legal/terms/page_controller_addendum
We process data concerning our social media presence based on our legitimate interests [Legal basis for data processing under GDPR 6) f)]. You have the right to object to the processing of your data at any time. Please contact the operator of the relevant platform in writing to exercise this right.
Scope of Managed Data: For questions regarding personal data, the relevant service provider is primarily responsible for providing information. As data controller from our side, we do not have access beyond visible activities (reactions, comments, shares, etc.) on these pages relating to the users, other than for aggregated, anonymized statistical analysis.
Data Transfers: We do not disclose data obtained from the platforms to third parties.
Storage Period: We process the data as long as the user remains on the respective social media platform and interacts with our page.
GDPR Rights: You have the right to request access to, correction, deletion, or restriction of your personal data processed by the Data Controller, as well as the right to object to such processing. Additionally, you can request the transmission of your data in a portable format. For further information, please read Articles 12-23 of the GDPR.
If you have any questions or requests regarding data processing, please contact us! In case of complaints related to data processing, please contact our appointed colleague:
Appointed Name: Gyula Vörös
Email Address: voros.gyula [at] bio-textima.hu
If you wish to file a complaint regarding data processing, you can do so at:
National Authority for Data Protection and Freedom of Information
naih.hu