Information on Data Processing

https://shop.julius-k9.com/en/

We aim to ensure that you feel safe on our website, so the protection of your privacy and personal data is important to us. You can rest assured that your data will be processed transparently and fairly, and we will make every effort to handle it carefully and responsibly.

The aim of this Information on Data Processing is to inform you about how we use your personal data, in respect to which we comply with the requirements of Act No. CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter referred to as: Info Act) and the General Data Protection Regulation (GDPR) of the EU.

I. The Controller

JK9 Shop Kft. is the Controller of personal data.

Its registered and postal address: 2310 Szigetszentmiklós, Ipar u. 10-12.
Company registration number: 13-09-205651
Tax number: 27938960-2-13
E-mail address: shop@julius-k9.com
Phone number: +36 24 515 560
Represented by: Zsolt Kerényi and Zsolt Kovács, managers, jointly

JK9 Shop Kft. does not employ a data protection officer because JK9 Shop Kft

  • is not a public entity,

  • does not carry out large-scale or regular surveillance activities,

  • does not process special data in a large amount during its main activity.

II. The principles of data processing

Personal data are managed, processed and used during the activities carried out on the website https://shop.julius-k9.com/en/, including the visit of, registration on and ordering products through the website as well as signing for our newsletter.

Under Regulation (EU) 2016/679 of the European Parliament< and of the Council (hereinafter as: GDPR), personal data include "any information on identified or identifiable natural persons ("data subjects"); identifiable natural persons are persons who can be identified directly or indirectly, especially on the basis of any identification data, including name, number, data identifying location, online ID or one or more aspects relating to the bodily, physiological, genetic, mental, economic, cultural or social identification of the natural person."

We process personal data in a legal and fair manner, in a way that is transparent to the data subject, only for specific purposes and in line with the principle of data minimisation. We only process personal data which are necessary for the achievement of the purposes of data processing and suitable for achieving such purposes. We process personal data only to the extent and for a duration necessary for the achievement of the purposes.

In the course of our data processing activities, we observe the following laws and regulations:

  • REGULATION (EU) (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27th April 2016) on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) – (GDPR),

  • Act C of 2000 on Accounting (Acc Act),

  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (E-comm Act),

  • Act C of 2003 on Electronic Communications (ElComm Act),

  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (CommAdv Act),

  • Act CXII of 2011 on Informational Self-determination and Freedom of Information (Info Act),

  • Act V of 2013 on the Civil Code (Civil Code Act),

  • REGULATION (EU) (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27th April 2016) on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) – (GDPR),

  • Act CLV of 1997 on Consumer Protection (ConProt Act).

III. Data Processing

1. Data processing in connection with newsletters:

  • The data processed: we manage the e-mail address, name and postal code of the person signing up for our newsletters, the date of signing up, the IP address of the device used for signing up, the opening of newsletters and the clicks on the links found in the newsletters.

  • Purpose of data processing: building direct marketing data base, sending commercial advertisements to those signing up for newsletters, informing data subjects of our new offers, special offers and prize games, sending abandoned cart reminders to customers who have signed up for newsletter about products placed in the cart and left there unordered.

  • Legal basis for data processing:

    • consent by the data subject, as specified by Section (1) a) of Article 6 of the GDPR, Section (1) a) of Article 5 of the Info Act.

    • The consent can be withdrawn at any time by e-mail sent to the e-mail address shop@julius-k9.com, by regular mail sent to the postal address JK9 Shop Kft. 2310 Szigetszentmiklós, Ipar u. 10-12 or by phone (+36 24 515 560).

    • it is the Data Controller’s legitimate interest based on Section (1) f) of Article 6 of the GDPR. In such a case, the data subject is entitled to object to the processing of his or her data at any time by e-mail sent to the e-mail address shop@julius-k9.com, by regular mail sent to the postal address of a JK9 Shop Kft. or by phone (+36 24 515 560).

  • Duration of data processing: until deletion requested by the data subject. Each newsletter contains a link for unsubscribing. By clicking on this link, the data subject can unsubscribe immediately. Subscriptions can also be cancelled at the contacts of the Data Controller indicated in Section 1).

  • Automated decision-making and profiling: the data subjects are categorised into customer groups on the basis of their personal data and newsletters tailored to their profiles are sent to them.

2. Registration and placing orders

  • The data processed:

    • during registration: title, surname, first name, phone number, e-mail address, password,

    • when placing the order: delivery option, method of payment, billing address, delivery address.

  • Purpose of data processing: creating and performing contracts, invoicing and claim management in connection with contracts, keeping contact with customers.

  • Legal basis for data processing:

    • performing contracts because data processing is necessary for performing contracts where the data subject acts as one of the parties or data processing in necessary to respond to the data subject’s request before signing the contract; here Section (1) b) of Article 6 of the GDPR applies.

    • if the contract has already been performed, the legal basis for data processing: the legal obligations of the Data Controller; here Section (1) c) of Article 6 of the GDPR applies.

  • Duration of data processing: until a request is received from the data subject to delete the data, or if a contract has been signed, 8 years in accordance with Article 169 (2) of the Acc Act.

3. Complaint management

  1. JK9 Shop Kft., in the case of oral complaints under Article 17/A (2) of the ConProt Act, records the data of the consumer making the phone call in a separate document if the consumer does not agree with the way his or her complaint is managed or the complaint cannot be investigated.

    • The data processed: the consumer’s name, address, e-mail address, phone number; place, date and way of reporting the complaint; a detailed description of the consumer’s complaint, the list of records, documents and other evidence produced by the consumer; the enterprise’s statement on its standpoint on the consumer’s complaint; any other data that is given by the consumer in his or her complaint.

    • Purpose of data processing: complaint management.

    • Legal basis for data processing: consent by the data subject, as specified by Section (1) a) of Article 6 of the GDPR and Section (1) a) of Article 5 of the Info Act. The consent can be withdrawn at any time by e-mail sent to the e-mail address shop@julius-k9.com, by regular mail sent to the postal address JK9 Shop Kft. 2310 Szigetszentmiklós, Ipar u. 10-12 or by phone (+36 20 237 4848). Legal basis for data processing: Sections (3) to (7) of Article 17/A of the ConProt Act.

    • Duration of data processing: 5 years in accordance with Article 17/A (7) of the ConProt Act.

  2. JK9 Shop Kft., in the case of written complaints under Article 17/A (6) of the ConProt Act, processes the personal data of consumers sending e-mails or regular mails.

    • The data processed: any data given on a voluntary basis by the consumer in his or her complaint.

    • Purpose of data processing: complaint management.

    • Legal basis for data processing:

      • consent by the data subject, as specified by Section (1) a) of Article 6 of the GDPR, Section (1) a) of Article 5 of the Info Act. The consent can be withdrawn at any time by e-mail sent to the e-mail address shop@julius-k9.com, by regular mail sent to the postal address JK9 Shop Kft. 2310 Szigetszentmiklós, Ipar u. 10-12 or by phone (+36 20 237 4848). Legal basis for data processing: Sections (6) to (7) of Article 17/A of the ConProt Act.

      • the performance of the contract: if data processing is necessary for performing a contract which one of the parties is involved in or the data processing is necessary for responding to the data subject’s request before concluding the contract; here Section (1) b) of Article 6 of the GDPR applies.

    • Duration of data processing: 5 years in accordance with Article 17/A (7) of the ConProt Act.

5. The Facebook page of JULIUS-K9®

Visitors can leave comments and send messages on the official Facebook page of JULIUS-K9® (https://www.facebook.com/juliusk9/), and within the scope of this they can provide personal data.

  • The data processed: any data that is provided by the data subject on a voluntary basis through his or her comments or messages.

  • Purpose of data processing: managing customer responses, answering questions.

  • Legal basis for data processing: consent by the data subject, as specified by Section (1) a) of Article 6 of the GDPR and Section (1) a) of Article 5 of the Info Act.

  • Duration of data processing: until cancellation at the request of the data subject, with the condition that personal data are deleted by the Data Controller after 5 years the latest.

6. Using YouTube, Instagram and Facebook links

On the website https://shop.julius-k9.com/en/, we have placed links directing visitors to subpages operated by the YouTube, Instagram and Facebook service providers. If the data subject clicks on them, the page of the social media service provider where, following log-in, the subpage of Julius-K9 can be viewed.

8. Other data processing

Regarding data processing not included in this Information on Data Processing, information is provided right before the relevant data are recorded.

IV. Data protection

The protection of personal data is ensured by JK9 Shop Kft. with the help of the following organisational and technical measures:

  • personal data can be accessed only by employees for whom the processing of personal data is essential for performing their duties,

  • the security of personal data stored in an electronic way is ensured by permanent protection against viruses, with the help of a firewall and through logging. With the help of these, access to personal data can also be monitored. These solutions ensure the protection of the IT system against computer-based fraud and hacking,

  • personal data are stored in its internal IT system at its registered office, locations and premises,

  • the physical protection of the servers where personal data are stored is ensured by security and organisational measures.

V. Transfer of personal data to third parties

When transferring your personal data, we ensure that the level of security is always as high as possible, therefore, your data is only transferred to service providers and partners that are carefully selected in advance and bound by contractual obligations. We also only transfer your data to organizations that are established in the European Economic Area and are therefore subject to strict EU data protection legislation, or to organizations that apply equivalent security safeguards. Transfer of data to third countries is not currently carried out or planned.

  • Transfer to JULIUS-K9® Group companies pursuant to Section (1) b) of Article 6 of the GDPR

    We transfer your personal data to companies of our Group in Hungary for the purpose of concluding and performing contracts with respect to deliveries and services on our website, fulfilling warranty/guarantee claims by the manufacturer, and sending manufacturer newsletters, which are e stored in a central database for internal Group-level administrative purposes. This is necessary in order for you to be able to use all of our services.

  • Transfer of data to service provider partners pursuant to Sections (1) b) and f) of Article 6 of the GDPR

    For the operation and optimisation of our website, and for the implementation of contracts, we employ various service providers to carry out certain tasks on our behalf, e.g. to provide central IT services, to process payments and deliver products, or to send manufacturer newsletters. The information collected for such purposes will be transferred to the relevant service provider (e.g. name, address, e-mail address).

    Goods to be delivered will be delivered by a service provider. This service provider will receive information from us, such as the e-mail address specified in your order, so that they can arrange a specific delivery time with you.

    Other than for external data processing, we transfer data to third parties in relation to the implementation of contracts in the following cases, in which cases such parties shall themselves be responsible for using the data:

    • Data relating to the delivery of goods will be transferred to the logistics company or postal service provider specified in the order.

    • Data relating to the payment of the ordered goods will be transferred to the payment service provider specified in the order, or to the financing bank. If payment is made by credit card, a transaction-based security check will be carried out using the payment service provider of OTP Bank to prevent any credit card fraud.

  • We do not collect or store payment information related to payment, such as credit card numbers or account information. These are sent exclusively and directly to the payment service provider concerned. If payment is made by credit card, an exception will be a "pseudo card number." To avoid having to enter your credit card information every time you make a payment, a pseudo card number will be stored in your customer account. This pseudo card number can only be used for making a payment for products and services on our website from your customer account, and it is not the same as your credit card number.

  • Transfer of data to other third parties pursuant to Sections (1) c) and f) of Article 6 of the GDPR Finally, we may transfer your personal data to third parties or administrative bodies in accordance with the applicable data protection legislation, if we are required by law to do so (e.g. by an order of an administrative authority or court), or if we are entitled to do so (e.g. because it is necessary for the investigation of a criminal offence or for asserting and enforcing our rights and interests).

VI. Data Processors

The Data Processor is the organisation/companies listed in the following table, performing the processing of the data subject’s personal data on behalf of JK9 Shop Kft. Data management here means the performance of technical tasks in connection with the processing of the data subject’s personal data.

K9-Sport Kft. (as the manufacturer of JULIUS-K9® products)
Address: 2310 Szigetszentmiklós, Ipar u. 10-12.
E-mail: info@julius-k9.hu
Telephone number: +36 24 515 560
Activity: fulfilment of warranty/guarantee claims by the manufacturer and management of complaints by the manufacturer, development of the webshop, preparation of marketing materials for the webshop and uploading them to the webshop, sending manufacturer newsletters
Processed data: Name, address, e-mail address, telephone number, purchased products

DHL Express Magyarország Kft. (DHL Express Hungary Ltd.)
Address: 1185 Budapest, BUD International Airport, Terminal 1, DHL building 302
E-mail: ugyfelszolgalat.hu@dhl.com
Tel: +36 1 245 4545
Privacy Notice
Activity: provision of courier services
Processed data: name, invoicing address, delivery address, telephone number, e-mail address

PayPal
Registered office: San Jose, California
Privacy Notice
Activity: provisions of online payment services
Processed data: name, card number, purchased products

OTP Mobil Kft. (OTP Mobile Ltd.)
Address: 1143 Budapest, Hungária krt. 17-19.
E-mail: ugyfelszolgalat@simple.hu
Privacy Notice
Activity: provision of online card acceptance services
Processed data: name, card number, purchased products

I acknowledge the following personal data stored in the user account of JK9 Shop Kft. (2310, Szigetszentmiklós, Ipar u. 10-12, HUNGARY) in the user database of https://shop.julius-k9.com/hu/ will be handed over to OTP Mobil Ltd. and is trusted as data processor. The data transferred by the data controller are the following: name, card number, purchased products.

The nature and purpose of the data processing activity performed by the data processor in the SimplePay Privacy Policy can be found at the following link: http://simplepay.hu/vasarlo-aff

Budapest Bank Zrt. (Ltd.) Address: 1138 Budapest, Váci út 193.
Activity: should the customer pay the purchase price of the product by transfer, the transfer is made to the bank account of JK9 Shop Kft. - kept with Budapest Bank Zrt.
Processed data: name, bank account number

VII. The data subjects’ rights and the enforcement of such rights

1. Measures taken by the Data Controller when the data subjects’ rights are exercised

When the data subjects’ rights included in the following sections are exercised, the Data Controller shall, without undue delay, inform the data subject of the measures taken as a result of the request by the data subject no later than within one month of receipt of such request. If necessary, this deadline can be extended by another two months, taking the complexity of the request and the number of requests into consideration. The Data Controller informs the data subject of the extension of the deadline, indicating the reasons for delay, within one month of receipt of the request. If the Data Controller fails to take measures at the data subject’s request, the Data Controller shall inform the data subject without delay but no later than within one month of receipt of the request of the reasons for failing to take the measures and of the fact that the data subject can file a complaint with the supervisory authority and exercise his or her right for legal remedy.

Information is provided and measures are taken by the Data Controller free of charge. If the data subject’s request is clearly ungrounded or – in the case of repetition – exaggerated, the Data Controller, taking into consideration the administrative costs of providing the requested information or taking the requested measure, has the right to charge a reasonable fee or refuse to take measure on the basis of the request. The Data Controller has the burden to prove that the request is clearly ungrounded or exaggerated.

If the Data Controller has justified doubts about the identity of the natural person filing the request, the Data Controller shall have the right to request further information necessary to verify the data subject’s identity.

2. The data subject’s right to access

The data subject shall have the right to receive feedback from the Data Controller with respect to the fact that the processing of his or her personal data is in progress or not. If such processing is in progress, the data subject shall have the right to have access to the personal data and the following information:

  • the purposes of data processing;

  • the categories of the personal data concerned;

  • the recipients or various categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;

  • the duration the personal data are planned to be kept or, if this is not possible, the aspects of determining this period;

  • the data subject’s right to request the Data Controller to correct, delete or restrict the processing of the data and to object to the processing of such personal data;

  • right to file a complaint with any supervisory authority;

  • if the data are not collected from the data subject, any information available in connection with the source of such data;

  • the fact of automated decision-making, including profiling and, at least in such cases, information on the logics used and clearly comprehensible information on the significance of such data processing and the potential consequences for the data subjects.

The Data Controller shall make available all the copies of the personal data being the subject of data processing to the data subject. If the data subject submits his or her request in an electronic way, the information is made available in a widely-used electronic form, unless the data subject requests a different way.

3. The right to correct

The data subject shall have the right to request the Data Controller to correct his or her incorrect personal data without due delay. In view of the purpose of data processing, the data subject shall have the right to request his or her incomplete personal data to be supplemented, for example, via an additional statement.

The Data Controller shall communicate the correction to each recipient to whom the personal data have been disclosed, unless this proves to be impossible or involves disproportionate efforts. At the data subject’s request, the Data Controller shall provide information on the recipients.

4. The right to delete ("the right to be forgotten")

The data subject shall have the right to request the Data Controller to delete his or her personal data without due delay if one of the following criteria is met:

  • the personal data are not needed any more for the purpose they were originally collected for or processed;

  • the data subject withdraws his or her consent serving as a basis for data processing and there are no other legal bases for data processing;

  • the data subject objects to data processing and there are no other prioritized legal grounds for data processing or if the data processing directly involved business acquisition;

  • the personal data have been processed illegally;

  • the personal data must be deleted for compliance with legal obligations applicable to the Data Controller in the EU or the member state;

  • the personal data were collected in connection with rendering services relating to information society.

The requirement above cannot be used, among others, if data processing is necessary:

  • for compliance with obligations under EU or member state laws requiring the Data Controller to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

  • for the establishment, exercise or defence of legal claims.

The Data Controller shall communicate the deletion to each recipient to whom the personal data have been disclosed, unless this proves to be impossible or involves disproportionate efforts. At the data subject’s request, the Data Controller shall provide information on the recipients.

5. The right to restrict data processing

The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or

  • the data subject has objected to processing, for a period pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the Data Controller before the restriction of processing is lifted.

The Data Controller shall communicate any restriction of data processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about those recipients if the data subject requests it.

6. The right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided, where

  • the processing is based on consent or on a contract; and

  • the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

7. The right to object

The data subject shall have the right to object at any time to the processing of personal data if the Data Controller has legitimate interest in the legal basis for this. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

8. Legal remedies

If your rights in connection with data processing are violated, you can apply to the court. Regional courts shall have jurisdiction over the legal proceedings. The legal proceeding, at the preference of the data subject, can be initiated with the regional court of his or her domicile or habitual residence.

For legal remedies, you can contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest Szilágyi Erzsébet fasor 22/c., postal address: 1530 Budapest, Pf.: 5., phone: 0613911400, fax: 0613911410, e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu)

The Data Controller shall reimburse you for any loss or damage caused by the Data Controller or Data Processor by illegitimate data processing or violating the requirements of data protection. If the Data Controller violates your right of privacy by illegitimate data processing or violating the requirements of data protection, you shall have the right to claim compensation.

Szigetszentmiklós, 2nd June 2020