Terms of sevice
Privacy policy
Data controller
- Petrity Limited Liability Company (Petrity LLC)
- HU-1073 Budapest Kertesz street 43.
- info@petrity.com
Your rights
When using our online website/store, you may be required to submit personal data. According to the General Data Protection Regulation (GDPR) you may have certain rights regarding this submitted data. Depending on the legal basis for processing your personal data, you may have some or all of the following rights:
- The right to be informed: You have the right to be informed about the personal data we collect from you, and how we process it.
- The right of access: You have the right to get confirmation that your personal data is being processed and have the ability to access your personal data.
- The right to rectification: You have the right to have your personal data corrected if it is inaccurate or incomplete.
- The right to erasure (right to be forgotten): You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
- The right to restrict processing: You have the right to restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data but forbidden to process it further.
- The right to data portability: You have the right to request and get your personal data that you provided to us and use it for your own purposes. We will provide your data to you within 30 days of your request. To request your personal data, please contact us using the information at the top of this privacy notice.
You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy. For details about your rights under the law, visit [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr].
Definitions
Non-personal data (NPD) is information that is in no way personally identifiable.
Personal data (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data is in many ways the same as Personally Identifiable Information (PII). However, Personal Data is broader in scope and covers more data.
A visitor is someone who merely browses our website. A customer or member is someone who has registered or has placed an order towards us, purchased any of the products listed on this website, thus submitted its personal data. The term user is a collective definition of any of these roles, referring to a visitor, a customer or a member.
Our legal basis for collecting and processing personal data
Our legal basis for collecting and processing your Personal Data when you buy our products or services is based on and the necessity for the performance of a contract or to take steps to enter into a contract. Our legal basis for collecting and processing your Personal Data when you sign up for our newsletter, services, and product information through our website opt-in forms is based on consent.
What happens if you don’t give us your personal data
If you do not provide us with your Personal Data, we may not be able to provide you with all our products and services. However, you can access and use some parts of our website without giving us your Personal Data.
Automatic information collecting
We automatically receive information from your browser or mobile device. The information includes for example the type of browser you are using, its language, operating system information, ip address etc. We might also collect your browsing habits on our website like how much time are you are spending on individual pages, what products you are interested in the most and your general browsing activity on this website. This information is in no way to be linked or associated with your user account or any of your personal data.
When entering and using our website
When you enter and use our website and you agree to accept cookies, some of these cookies may contain your Personal Data.
Communications and emails
When we communicate with you about our website, we will use the email address you provided when you registered as a user or when you made a purchase being a guest. We may also send you emails with promotional information about our website or offers from us or our affiliates unless you have opted out of receiving such information. You can change your contact preferences at any time through your account or by sending us an email with your request to: info@petrity.com.
Legally required releases of information
We may be legally required to disclose your Personal Data if such disclosure is
- required by subpoena, law, or other legal process;
- necessary to assist law enforcement officials or government enforcement agencies;
- necessary to investigate violations of or otherwise enforce our Legal Terms;
- necessary to protect us from legal action or claims from third parties, including you and/or other users or members;
- necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates
Data collection and retention
What personal data is processed?
For us to be able to fulfill your purchase, we require you to submit your full name, email address, phone number, shipment and/or billing information like company name(optional), country, zip/postal code, city, street address.
Information | Reason for collection |
---|---|
Firstname, lastname | Obviously, for us to identify you as a customer we require your full name. This will be later on used to associate your purchase(s) with the rest of your personal information. |
E-mail address | Your e-mail address will be used to keep contact with you. This might include receiving messages from the webstore's owner or staff, receiving messages about the status of your order and general feedback from the system about your purchase. You will not receive any messages about promotions and other newsletter like e-mails unless you directly subscribed and given consent to such actions. We do not sell your e-mail address to third parties for commercial or other purposes under any circumstances. |
Phone number | The reason we require you to submit your phone number is mainly due to delivery purposes. Most delivery companies require phone numbers for the carrier to be able to reach you when your item is being delivered to the given address. We might also use it to contact you in rare occasions, but we mainly use e-mail as the primary form of communication. |
Company name | This information is optional to submit and we use it in case the given address needs clarification, for example when you order your purchase to be delivered to your company's address you work for. Company name submitted under the billing information will be used for the invoice of your order. |
Country | Country name is used for delivery and billing purposes. We might also use them to collect statistics about regional distributions and shopping habits, but that is being done without associating this information with the rest of your personal data. |
Zip/postal code | This information is used for delivery and billing purposes only. |
City | City name is used for delivery and billing purposes. We might also use them to collect statistics about regional distributions and shopping habits, but that is being done without associaing this information with the rest of your personal data. |
Street address | This information is used for delivery and billing purposes only. |
How is that data collected and retained?
Your personal data is being collected through registration or using the guest checkout capability of our website and is being stored in the web server's database hosting this website.
Is the data stored locally, on our servers, or both?
The data is being stored on the website's database.
For how long is data stored, and when is the data deleted?
For registered users the data is stored until the request of its deletion or removal. For guest checkouts, the data will be stored as long as the purchase is complete and a 14 days addition. So when is a purchase complete? It is complete when the product(s) purchased are in the possession of the customer.
Is the data collection and processing specified, explicit, and legitimate?
The collection and processing of the data is specified in this document, every other use of personal data not mentioned in this document is considered a misuse and can have legal consequences.
What is the process for granting consent for the data processing, and is consent explicit and verifiable?
You are required to accept our Privacy Policy and Terms of Service upon registration and every purchase. The consent is being given by selecting a checkbox stating that you understand and accept our Privacy Policy and Terms of Service. Since the purchasing process requires you to give consent about managing your data, no verification of consent needed.
What is the basis of the consent for the data processing?
The basis of the consent for data processing is our Privacy Policy and Terms of Service.
Is the data minimized to what is explicitly required?
Yes, we only collect data strictly necessary to fulfill your purchase. No more, no less.
How are users informed about the data processing?
Users are informed in the form of this document. Should this document change, we'll make sure to notify our users who have already accepted these terms by e-mail.
What controls do users have over the data collection and retention?
Collection of personal data is only being done when the user gives explicit consent. You may chose not to accept our Privacy Policy or Term of Service, preventing the website to collect and process personal data.
Technical security measures
Is the data encrypted?
User passwords are being stored in an encrypted form. Any other data is stored as plain text but requires access to the database that is not public and password protected.
Is the data anonymized?
Upon the request of restriction the data, not necessary for the functioning of the website or our services, is being anonymized. Furthermore, purchases performed without registration are anonymized after the purchase is complete plus 14 days.
Is the data backed up?
No, although the provider of the web server may create backups of the sites hosted on their servers. This backup is only used for data loss prevention purposes.
Personnel
Who has access to the data?
The owner and colleagues tasked with the management of the website.
Subject access rights
How does the data subject exercise their access rights?
Registered users have the ability to access all their data on their profile. Users using the guest checkout functionality have the ability to request an URL access token to access their data. These tokens have a limited time to be used for security reasons, but users can request an unlimited amount of tokens. Only one access token will be available at a time so requesting a new token will invalidate the previously requested one.
How does the data subject exercise their right to data portability?
In order to request your personal data, please send a request to our customer service e-mail address and we will provide you the data within 30 days of your request.
How does the data subject exercise their rights to erasure and the right to be forgotten?
Similarly to the way a user can access their data, registered users have the option to be deleted from the system on their profile page. Customers using the guest checkout functionality have the ability to request an URL deletion token to remove their data. These tokens have a limited time to be used for security reasons, but users can request an unlimited amount of tokens. Only one access token will be available at a time so requesting a new token will invalidate the previously requested one.
How does the data subject exercise their right to restrict?
Similarly to the way a user can access their data, registered users have the option to restrict access and processing of their data on their profile page. Customers using the guest checkout functionality have the ability to request an URL restriction token to restrict their data. These tokens have a limited time to be used for security reasons, but users can request an unlimited amount of tokens. Only one access token will be available at a time so requesting a new token will invalidate the previously requested one.
How does the data subject exercise their right to rectificate?
Registered users have the ability to change their personal data on their profile. Customers using the guest checkout functionality can request their data to be corrected through our customer service e-mail address.