The purpose of this statement is to provide you with the principles regarding data protection, data processing as well as Goodwill Pharma Co.’s (hereinafter „Company”) policy of data protection and data processing.
- „personal data” means any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- „data processing” means any operation or set of operations, performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- „controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- „processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- „consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
2. Our Company’s principles relating to data processing
Our Company data processing principles are the following:
- we process data lawfully, fairly and in a transparent manner in relation to the data subject („lawfulness, fairness and transparency”);
- we collect data for specified, explicit and legitimate purposes only and data are not further processed in a manner that is incompatible with those purposes;
- data collected by us are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed („data minimisation”);
- our Company does everything it can to ensure that data are accurate and, where necessary, kept up to date; our Company takes reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay („accuracy”);
- we make sure that data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures („integrity and confidentiality”).
Our Company processes data:
- based on priorly informing you and asking your consent; we handle the data (collect and store data) only to the required extent and in every case, only for given purposes
- in certain cases, data processing is mandatory and we base such data processing on regulations; if such cases occur, we inform you about it;
- in certain cases, it is in the legal interest of our Company or of a third party to process data, for instance, for ensuring the security or the updating of our webpage or webshop.
3. The controller
Name: Goodwill Pharma Co.
Headquarters and address: Hungary 6724 Szeged, Cserzy Mihály u. 32.
Telephone number: +36 62 443 571
Fax.: +36 62 423 872
Tax number: 11399270-2-06
Corporate registration number: 06-09-004915
Registry Court: Registry Court of Szeged
Our Company’s Data Protection Officer (DPO): firstname.lastname@example.org
Name, address and contact information of the hosting service provider of our webpage:
Nexum Magyarország Ltd.
1134 Budapest XIII., Lehel u. 17BC I. floor
Tel.: +36 1 2888 000
6726 Szeged, Temesvári krt. 15.
Tel.: +36 62 55 88 99
In order to provide quality service to our customers, our Company uses the service of the following processors:
|Goodwill IT Solutions Ltd.||6724 Szeged, Cserzy Mihály u. 32.||IT services|
|Nexum Magyarország Ltd.||1134 Budapest XIII., Lehel u. 17BC I. floor||hosting service provider|
|Magyar Posta Plc.||1138 Budapest, Dunavirág utca 2-6.||delivery services|
|Goodwill Pharma Co.||6724 Szeged, Cserzy Mihály u. 32.||accountancy|
|Goodwill IT Solutions Ltd. and Goodwill Pharma Co.||6724 Szeged, Cserzy Mihály u. 32.||database management, reports|
Direct marketing and/or newsletter related processors:
|Goodwill IT Solutions Ltd.||6724 Szeged, Cserzy Mihály u. 32.||IT services|
|Goodwill Pharma Co.||6724 Szeged, Cserzy Mihály u. 32.||hosting service provider|
|Goodwill Pharma Co. and Goodwill IT Solutions Ltd.||6724 Szeged, Cserzy Mihály u. 32.||database management|
|Goodwill Pharma Co., or external||6724 Szeged, Cserzy Mihály u. 32.||direct marketing|
In case we perform any changes related to our processors, we include these modifications in this statement as well.
4. Data our Company processes
Goodwill Pharma Co. processes data relating to the following webpages, relating to the visitors of the webpages, as well as to those who register and/or shop through these webpages:
cartinorm.eu, cartinorm.hu ,goodwill.hu,goodwillpharma.com,goodwillpharma.hu,hairmina.hu, herbarelax.hu, injekcio.cartinorm.hu, injekcioxlforte.cartinorm.hu, jojart.hu, klorsept.hu, korallmese.hu, lactoflow.hu, loli.hu, makuladegeneracio-amd.hu, nephroxon.hu, porcerosito-porckopas.hu, porckepzes.hu, profertil.hu, rheotin.hu, szemvizsgalat.hu, szent-gyorgyi-albert.hu,vition.hu.
Information relating to data processing:
|Activity and aim of data processing||Legal Base||Processed Data||Duration|
|Visiting of webpage
aim: to ensure the proper
functioning of webpage
the quality of our services
identifying malware of webpage
measuring of visitors
time of visit
data of visited pages
the operation system
and type of browser
used by you
|Registering on webpage
aim: ensuring better
user experience for visitors
informing in case of
shutdown, modification of
our Company contact data
|consent||surname, given name
|until deletion of
withdrawal of consent
|Recourse to the services of webshop
aim: registration and keeping
data base of visitors
management of orders
management of purchases,
management of complaints
analysis of shopping habits
keeping contact with
(GDPR regulation 2016/679)
Act CLXV of 2013 on complaints and public notices
Act C of 2000 on accountancy
|user name of those
data reated to shopping
contract related data
(time, amount, price, product)
data related to paying (payment deadline, creditcard no.)
discounts, delivery data
(delivery address, city, street, zip code)
invoice related data
|stored for 5 years
data stored for 8 years
aim: keeping contact
informing you about
discounts, new products
|consent||name, email address||until you unsubscribe
from receiving newsletters
|Direct marketing service
we send offers tailored
for your needs based on
your shopping habits
we reach you for
we send information of
our products, services
|consent||name, email address||until you unsubscribe
from direct marketing
aim: answering remarks,
|liability||name, email address
|for 5 years|
Your personal data will be asked only in case you register, you log in or if you shop using our webshop.
We do not link the data given via registration or while using the services of our webshop. It is not our aim to indentify our visitors.
For further information related to data processing, please contact us by email: email@example.com or by our postal address. We answer your letter within 3 days (in no more that 1 month period).
5. What are cookies and how do we handle them?
There are some cookies that may not require your prior consent. You receive information about these on your first visit to our webpage (such cookies are for example the multimedia-player, user-centric security cookies).
The moment you visit our webpage, our Company will inform you about those cookies which require your consent – if data processing commences once you visit the webpage – and therefore, will ask your consent.
It is not obligatory to accept cookies, however, our Company does not take responsibility if due to the rejection of cookies, the webpage may not work in the expected way.
What type of cookies do we use?
|Security cookies||wfvt_||no consent||Differenciation of people and robots
Differenciation of administrators and users
Limiting of webpage access
|Safety use of webpage||30 min.|
(third party cookies)
|ga_||no consent required||Identification of new sessions and visitors Google Analytics saves the tracking service. Google Analitics remarketing, Youtube, Facebook||It is linked to third party services (e.g. Google) through visiting the webpage||2 years|
|User assisting cookies||woocommerce_cart_hash||no consent required||For a more convenient use of the webpage||To mark the visitors settings and to increase webpage efficiency||work process|
The Use of Google Analytics and Google Remarketing Programs
The visitors of the Company’s webpage by using the webpage, allow the use of Google Analytics and Google Remarketing and they consent to the tracking of their behaviour. Furthermore, they consent to the placement of cookies by a third party.
However, the user may deactivate the dataprocessing and storing of cookies at any time. You must be informed that the setting and the use of Google Analytics and Google Remarketing programs are in full compliance with the requirements of Data Protection Authority.
As informed by Google Analytics, it observes the visitors’ interactions on the webpage through first party cookies. These cookies store information which by themselves are not capable for identification. The browsers do not share their cookies among the domains. Our Company uses Google Analytics primarily for statistical purposes, among others, it measures with its help the effectiveness of its campaigns. With the use of this program, the Company receives information mainly about the number of the visitors as well as the amount of time they spend using the webpage. The program recognises the IP address of the visitor, that is how it is able to follow the visitor. Similarly, the program may recognise whether it is the first time a visitor visits the website or the visitor is recurrent on the webpage. As a result, the program can trace the path of the visitor while visiting the webpage.
Apart from collecting Google Analytics data, with the assistance of the Google Remarketing program, the Company collects the data of Google Adwords (DoubleClick). Through DoubleClick cookies, the service of remarketing comes into use, which ensures that those visiting the Company’s webpages may encounter Google advertisements on various advertisement platforms. It is to be noted that the Company uses the Remarketing program for its online advertisements.
Google as well as other service providers, renders it possible for the Company’s advertisements to appear on various internet platforms. The Company and service providers such as Google use their own cookies as well as cookies from a third party (e.g. DoubleClick cookies) based on visitors previous visits on the webpage with the scope of offering advertisements to these visitors.
We inform you that with the use of the webpage, you accept the use of the above mentioned cookies. You may deny cookies as described below.
How to prevent the setting of cookies?
6. What else needs to be known about the webshop’s data processing?
You willingly provide us your personal data during registration, shopping or when keeping contact with our Company, that is why we ask you to pay attention to data validity, preciseness; it is within your responsibility to provide them correctly. Incorrect, unprecise data may hinder the use of our services. In case you provide other person’s personal data, we assume that you possess the authorisation to do so.
You may withdraw your consent for data processing at any time:
- by cancelling your registration
- by withdrawing your consent for data processing
- during registration you may withdraw consent of data processing
The withdrawal of your consent regarding data processing will be done within 3 days (due to technical reasons), yet, you must be aware that due to legal obligations, some data must be processed even after the withdrawal (regulations referring to this: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation and Act C of 2000 on accountancy).
In case a visitor provides false data or attacks the Company’s system in any form, the Company will delete the visitor’s data immediately or it keeps the data until, if needed, a penal procedure is finalised.
Other forms of data processing: recording of telephone calls
Our Company maintains a call centre, therefore the calls are being recorded with the scope of being able to reconstruct the telephone calls in case of legal disputes.
Before initiating a telephone call, the Company informs the caller about the recording of the call. With this, the Company leaves the option open for the caller to decide whether he/she consents to the call being recorded or not. If the caller does not consent, he/she has the possibility to end the call and may decidet to contact the Company via email or by post.
The Company stores the telephone call for one month period. If the caller does not consent to the call being recorded, the Company cannot resolve the complaint. If the caller uses inappropriate language, offends the call centre operator or the Company in any way, the Company has the right to end the call immediately.
7. What needs to be known about direct marketing and newsletter related data processing?
During your registration or as a result of modifying your stored personal data (that is by giving your consent), you agree to your data being used for marketing purposes. In this case – until the withdrawal of your consent – we process your data for direct marketing and/or newsletter sending purposes. We send you advertisements, we inform you about about our products, discounts, presents or send you newsletters. (Act XLVIII of 2008 on the conditions and limitations of economic advertisement activities)
You may give your consent regarding direct marketing and newsletters at once or separately and you may at any time revoke your consent.
We regard your decision to unsubsribe as a withdrawal of your consent. However, the withdrawal of of your consent in connection with data processing for direct marketing and/or newsletter purposes does not mean the withdrawal of your consent regarding webshop related data processing.
The withdrawal of your consent regarding data processing will be done within 3 days (due to technical reasons).
8. What needs to be known about prize competitions?
Our company may organise prize competitions for campaign purposes, the conditions of which are comprised in a set of regulations. This set of regulations are to be found on our webpage in the form of a link, located in a visible position on our webpage.
9. Other questions related to data processing
Our data may be forwarded only in compliance with the regulations. Our data processors must sign the terms and conditions in the form of a contract whereby they ensure that they do not use your personal data for purposes other than the ones you have priorly given your consent. Further information on this may be found in part 2. of this statement.
Our company may forward data abroad only in compliance with the GDPR regulations.
The court, the prosecutor’s department and other authorities (e.g. Police, Tax office, The National Authority for Data Protection and Freedom of Information) may solicit data or documents from our Company.
In this case, we must act in conformity with our data providing obligation but only to the extent required by the given purpose.
The Company’s employees whose tasks concern data processing are entitled to handle the data you provide, but only to a priorly determined extent – in compliance with privacy obligations.
We protect your personal data with appropriate technical and other necessary measures as well as we ensure the safety of your data, we protect the data against unauthorised access, any modification, damage or any unauthorised use.
We solicit your help in connection with safety issues and when by using our webpage or our webshop, you provide a password, we ask you to keep it safe and do not share it with anyone.
10. What are your rights and what are your possibilities for legal redress?
The following rights are available to you according to applicable data privacy laws:
- Right of information about your personal data stored by us;
- Right to request the correction, deletion or restricted processing of your personal data;
- Right to object to data processing;
- You may at any time with future effect revoke your consent to the collection, processing and use of your personal data;
- If you wish to lodge a complaint, you may make a legal redress (https://naih.hu/general-information.html).
Authority: National Authority for Data Protection and Freedom of Information
- Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
- Address: 1530 Budapest, Pf.: 5.
- Telephone number: +36 (1) 391-1400
- Fax: +36 (1) 391-1410
- Email address:firstname.lastname@example.org
For your convenience, we provide you with information on:
- the data processed by us
- the source of data processed by us
- the purpose and the legal basis of data processing
- the duration of the data processing or, if this is not possible, we inform about the guidelines which define the duration
- the names, addresses of those who process the given data as well as we provide information regarding activities related to data processing
- our measures done in case of data protection incidents, their circumstances, their effects and measures done in order to prevent such incidents
- in case of transfering your personal data, we provide information about its legal basis as well as information about those who we transfer data to.
We provide further information upon request within 3 days (but in no longer than 1 month time). We provide further information free of charge except in case you have aldready had such a request in the given year. If you have already paid a fee for requesting information, we are ready to return it if we have processed your data in an unappropriate way, in an illicit way or if we had to make corrections with regard to how we processed your data. We may decline to give further information regarding data processing only if this complies with the regulations or if we provide information on legal redress or we inform you about the possibility of exercising your rights by turning to the Authorities.
Our Company informs you about any amendment, locks, delete or marking made. In addition, the Company informs about data transfering except in cases when by not informing you does not violate any regulations.
In case the Company fails to fullfil your request concerning amendment, lock or deleting, we will inform you – with your consent – via email or by post within 3 days (but in no longer than 1 month time) – about the reasons for refusing your request and we further give information about the possibilities to redress and how to turn to the authorities.
If you object against data processing, we will examine this within 3 days (but in no longer than 1 month time) after receiving your request and we will give further information regarding the decision in a written form. If we establish that your objection is grounded, we terminate the data processing and we inform those as well whom the data were transferred to, in order to be able for them to take steps as well.
If we prove that the data processing is done in compliance with the regulations and data processing is legally grounded, which are in priority to your interests, rights and freedom, we will object to fullfill your request concerning data processing. In case you disagree with the Company’s decision, or if we fail to keep the deadline you may turn to court within 30 days after the decision or within 30 days after the last day of the deadline.
The legal proceedings are under the responsibility of the court. A foreign citizen may lodge a complaint at a temporary residence as well.
Before turning to authorities or to court, we ask you to first contact our Company for a quick resolution and settling of the problem.
11. Which are the regulations to follow in case of our activities?
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Act CXII of 2011 on autonomous information right and on the freedom of information
- Act V of 2013 on Civil Code
- Act CVIII of 2001 on questions regarding on questions regarding e-commerce services and services related to information society
- Act C of 2003 on e-communication
- Act CLV of 1997 on consumer protection
- Act CLXV of 2013 on complaints and public notices
- Act XLVIII of 2008 on the conditions and limitations of economic advertisement activities
- Act C of 2000 on accountancy
12. Changes in privacy statement
Our company reserves the right to modify the Privacy Statement. In case of modifications, we provide further information about these changes.
We provide information related to data processing on: