Privacy policy

Data processing notice

Accepted on: February 2, 2021

 

Controller

 

Name: ROCK SAFETY Kft.

Registered office: 5100 Jászberény, Nagykátai út 10.

Mailing address: 5100 Jászberény, Nagykátai út 10.

E-mail: webshop@rocksafety.com

Telephone: +36 57 515 700

Website: https://rocksafety.com

 

Hosting service provider

 

Name: ROCK SAFETY Kft.

Mailing address: 5100 Jászberény, Nagykátai út 10.

E-mail: webshop@rocksafety.com

Telephone: +36 57 515 700

 

Description of processing operations carried out during the operation of the webstore

 

Information on the use of cookies

 

What is a cookie?

 

Controller uses cookies during visits to the website. Cookies are information packages consisting of letters and numbers that our website sends to your browser to save certain settings, in order to make it easier to use our website and to collecting some relevant, statistical information regarding our visitors.

Some cookies do not contain any personal information and are not suitable for identifying the individual users, there are those, however, that contain unique identifiers - a secret, randomly generated numerical sequence - that your device stores and ensures that you can be identified. The description of the relevant cookies contains information as to how long the cookies are in operation.

 

Legal background and legal basis of cookies:

The legal basis of the processing, pursuant to Article 6(1)a) of the Regulation, is your consent.

 

The main properties of the cookies used by the website:

Session cookies: These cookies store the visitor’s location, the language of the browser and the currency of payment. They are stored until the browser is closed or for a maximum of 2 hours.

If you do not accept the use of cookies, certain functions of the website will not be available to you. You can find more information on how to delete cookies at the following links:

 

Data processed for the conclusion and the performance of the contract

More data processing scenarios can be realized to conclude and perform a contract. We would like to inform you in relation to complaints and handling warranties, processing will only be carried out if you exercise any of these rights.

If you do not make a purchase in the webstore, and you are only a visitor to it, the provisions specified under marketing-related processing may apply to you if you have granted us marketing-related consent.

 

Data processing carried out for concluding and performing the contract in more detail:

Establishing contact

If you contact us for example by email, using the contact form, or via the phone in connection with a product.

Contact in advance is not necessary, you may place orders in the webstore at any time.

 

Processed data

The data you provided when establishing contact.

 

Duration of processing

We process the data until contact has been established.

 

Legal basis of processing

Your voluntary consent that you provide by contacting the Controller. [Processing pursuant to Article 6(1)a) of the Regulation]

 

Registration on the website

By storing the data provided at registration, Controller can provide a more convenient service (e.g. it is not necessary to provide the data of the data subject at each subsequent purchase).Registration is not necessary to conclude the contract.

 

Processed data

Controller shall process your name, address, phone number, email address, the properties of the product you purchased and the time of the purchase.

 

Duration of processing

Until your consent is withdrawn.

 

Legal basis of processing

Your voluntary consent that you provide to the Controller by registering [Processing pursuant to Article 6(1)a) of the Regulation].

 

Processing the orders

During the processing of the orders, processing operations are necessary with the purpose of performing the contract.

 

Processed data

Controller shall process your name, address, phone number, email address, the properties of the product you purchased, the number of the order and the time of the purchase.

If you have placed an order in the webstore, providing and processing your data is necessary to perform the contract.

 

Duration of processing

We process the data for five years, pursuant to the limitation period set forth in the Civil Code.

 

Legal basis of processing

Performing the contract. [Processing pursuant to Article 6(1)b) of the Regulation]

 

Issuing the invoice

Processing is conducted for the purpose of issuing invoices complying with the legislation and fulfilling the obligation to preserve accounting documents. Pursuant to Section169(1)-(2) of the Sztv. (Accounting Act), companies must retain accounting documents that directly or indirectly support accounting settlement.

 

Processed data

Name, address, email address, phone number.

 

Duration of processing

Invoices issued must be preserved for a term of 8 years from the issue date of the invoice, pursuant to Section 169(2) of the Sztv.

 

Legal basis of processing

Pursuant to Section 159(1) of Act CXXVII of 2007 on Value Added Tax, issuing invoices is compulsory, and, pursuant to Section 169(2) of Act C of 2000 on Accounting, invoices must be preserved for a term of 8 years [Processing pursuant to Article 6(1)c) of the Regulation].

 

Processing related to the transportation of goods

Processing occurs for the purpose of delivering the goods ordered.

 

Processed data

Name, address, email address, phone number.

 

Duration of processing

Controller processes the data until the goods have been delivered.

 

Legal basis of processing

Performing the contract [Processing pursuant to Article 6(1)b) of the Regulation].

 

Recipients and processors of processing activities related to the transportation of goods

Name of the recipient: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Registered office of the recipient: 2351 Alsónémedi, GLS Európa u. 2.

Recipient’s phone number: 06-29-88-67-00

Recipient’s e-mail: info@gls-hungary.com

Recipient’s website: https://gls-group.eu/HU/hu/home

 

On the basis of an agreement concluded with the Controller, the courier service contributes to the delivery of the product ordered. The courier service shall process the personal data received as included in its data processing notice available on its website.

 

Handling guarantee and warranty claims

For guarantee and warranty claims, we shall follow the rules of Decree 19/2014 (IV.29.) NGM of the Minister for National Economy stipulating also how your claims shall be handled.

 

Processed data

For handling guarantee and warranty claims, we shall follow the rules of Decree 19/2014 (IV.29.) NGM of the Minister for National Economy.

Pursuant to the decree, we have to make a report of your guarantee or warranty claims including:

  1. your name, address and statement that consents to processing your data included in such report as stipulated in the decree,
  2. the name and purchase price of the movable good sold under the contract concluded between you and us,
  3. the date of performance of the contract,
  4. the date of reporting the defect,
  5. the description of the defect,
  6. the right you mean to exercise on the basis of your guarantee or warranty claim, and
  7. the way of settling the guarantee or warranty claim or the grounds for refusing the claim and/or the right meant to be exercised under such claim.

 

If we take the product purchased back from you, we shall issue an acknowledgement of receipt that shall include:

  1. your name and address,
  2. the data necessary for the identification of the thing,
  3. the date of taking the thing over and
  4. the date when you can take the thing repaired over.

 

Duration of processing

The company shall retain the report on the consumer’s guarantee or warranty claim for three years from when it was drawn up and to present it at the supervising authority’s request.

 

Legal basis of processing

The legal basis for data processing is the fulfilment of the legal obligations under [Sections 4(1) and 6(1) of] Decree 19/2014 (IV.29.) NGM of Minister for National Economy [data processing under Article 6(1)c) of the Regulation].

 

Handling other consumer protection complaints

Processing occurs for the purpose of handling consumer protection complaints. If you have lodged a complaint with us, providing and processing your data is required.

 

Processed data

Name, phone number, email address of the buyer, content of the complaint.

 

Duration of processing

Warranty claims are preserved for a term of 5 years, pursuant to the Consumer Protection Act.

 

Legal basis of processing

You may lodge a complaint with us at your discretion, but if you do so, we are required to preserve the complaint for a term of 5 years, pursuant to Section 17/A(7) of Act CLV of 1997 on Consumer Protection [processing pursuant to Article 6(1)c) of the Regulation]

 

Data processed for the purpose of verifying consent

When you register, make an order, subscribe to newsletters, the IT system stores the IT data related to your consent so that it can be used as proof later.

 

Processed data

Time of consent and IP address of data subject.

 

Duration of processing

Due to statutory regulations, consent must be subsequently verifiable, therefore data is stored until the limitation period after the termination of processing lapses.

 

Legal basis of processing

Article 7(1) of the Regulation prescribes this obligation. [Processing pursuant to Article 6(1)c) of the Regulation]

 

Marketing-related processing

Processing related to the sending of newsletters

 

Processed data

Name, address, email address, phone number.

 

Duration of processing

Until the data subject withdraws his or her consent.

 

Legal basis of processing

Your voluntary consent that you provide to Controller by subscribing to the newsletter [Processing pursuant to Article 6(1) a) of the Regulation]

 

Further processing

If Controller intends to conduct further processing, it shall provide prior information of the significant circumstances of the processing (legal background and legal basis of processing, the purpose of processing, scope of processed data, duration of processing).

Please be advised that Controller is required to fulfill the written data requests of authorities that are based on legal authorization. Controller shall keep records of data transmissions pursuant to Section 15(2)-(3) of Infotv. (what personal data was transmitted by Controller to which authority and when) and Controller shall provide information related to its content, unless prohibited by legislation.

 

Recipient of personal data

Processing for the storage of personal data

Name of processor: ROCK SAFETY Kft.

 

Contact details of processor:

Telephone: +36 57 515 700

E-mail: webshop@rocksafety.com

Registered office: 5100 Jászberény, Nagykátai út 10.

Website: https://rocksafety.com

Processor shall store the data on the basis of an agreement concluded with Controller. It is not entitled to access the personal data.

 

Processing activities associated with sending newsletters

Name of the company operating the newsletter sending system: The Rocket Science Group LLC.

Registered office of the company operating the newsletter sending system: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

 

Phone number of the company operating the newsletter sending system:

E-mail of the company operating the newsletter sending system: privacy@mailchimp.com

Website of the company operating the newsletter sending system: mailchimp.com

Processor shall cooperate in sending out the newsletters on the basis of an agreement concluded with Controller. In this context, the Processor processes the data subject’s name and e-mail to the extent necessary for sending out the newsletters.

 

Your rights during processing

As long as your data is processed, you have the following rights in accordance with the provisions of the Regulation:

  • the right to withdraw your consent,
  • access to personal data and the information related to processing,
  • right to rectification,
  • restriction of processing,
  • right to erasure,
  • right to object,
  • right to data portability.

 

If you would like to exercise your rights, it requires your identification, and Controller needs to communicate with you. Therefore, personal data is required for the purpose of identification (but identification can only be based on data that Controller already processes concerning you), and your complaint regarding the processing will be available in Controller’s email account for the period determined in this notice in connection with the complaints. If you were our customer and you would like to identify yourself for the purpose of lodging complaints or warranty claims management, please provide the identification of the order, as well. This enables us to identify you as our customer.

Controller shall reply to complaints related to data processing within 30 days.

 

The right to withdraw your consent

You have the right to withdraw your consent to data processing at any time, in such cases we delete the data that you provided to us from our system. Please be advised, however, that withdrawal in case of orders not yet delivered may lead to us being unable to perform the delivery to you. Also, once the purchase has been made, we are not allowed to delete the invoicing data from our systems due to accounting requirements, and if you have an outstanding debt towards us, we may process your data on the basis of our legitimate interest related to the collection of the claim even after the withdrawal of the consent.

 

Access to the personal data

You have the right to obtain information from the Controller whether personal data concerning you is being processed and if your personal data is being processed, you have the right to:

  • access the personal data being processed and
  • obtain information from the Controller on the following:
  • the purposes of processing;
  • the categories of the personal data processed concerning you;
  • information on the recipient or categories of recipients to whom the Controller has transmitted or will transmit the personal data;
  • the planned duration of the storage of the personal data, or if this is not possible, the criteria based on which this duration is determined;
  • your right to obtain from the Controller the rectification or erasure, or the restriction of the processing of your personal data, and in case of processing based on legitimate interests, you have the right to object to such processing of your personal data;
  • the right to file a complaint to the supervisory authority;
  • if the data was not collected from you, every available information regarding their source;
  • the existence of automated decision-making (if such processes are applied), including profiling, or at least in these cases meaningful information on the logic applied and the significance and the envisaged consequences of such processing for you.

 

The right may be exercised for the purpose of determining and checking whether the processing is lawful, and for this reason, Controller may charge a reasonable fee in exchange for providing the information if it is requested on multiple occasions.

Controller will provide access to the personal data by sending you the personal data and information that is processed in an email after you have been properly identified. If you have a registration, we provide access in a way that you may access and check the personal data that is processed concerning you after you have logged into your account.

Please, let us know in your request whether you would like access to your personal data or to the information related to the processing.

 

Right to rectification

You have the right to obtain from the Controller the rectification of the personal data concerning you that is inaccurate.

 

Right to restrict processing

You have the right to obtain from the Controller the restriction of the processing if any of the following applies:

  • You contest the accuracy of the personal data, in this case the restriction lasts for the period that enables the Controller to verify the accuracy of the personal data, if the accurate data can be determined immediately, no restriction occurs;
  • the processing is unlawful and you oppose the erasure of the personal data for any reason (for example because you need them to pursue a legal claim), and you do not request the erasure of the data but instead you request the restriction of their use;
  • the Controller no longer needs your personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
  • you have objected to the processing but the legitimate interests of the Controller may also provide a legal basis for the processing, in this case, pending the verification whether the legitimate grounds of the Controller override your legitimate interests, processing shall be restricted.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.

Controller shall inform you before the restriction of processing is lifted (at least 3 days prior to the lifting of the restriction).

 

Right to erasure - the right to be forgotten

You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Controller;
  • you withdraw your consent and processing no longer has a legal basis;
  • you object to the processing on grounds of legitimate interests, and there are no overriding legal grounds (i.e. legitimate interest) for the processing;
  • the personal data was processed unlawfully by the Controller and it was proven based on the complaint;
  • the personal data have to be erased in compliance with legal obligation in EU or Member State law to which the Controller is subject.

 

If the Controller has made the personal data public for any legitimate reason and is obliged to erase the personal data for any of the reasons above, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

Erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation of processing required by EU or Member State law to which the Controller is subject (such a case is where processing occurs in the framework of invoicing, since law requires to preserve invoices), and for the performing a task carried out in the public interest or in the exercising of official authority vested in the Controller;
  • for establishing, exercising and defending legal claims (for example if Controller has a claim against you and you have not fulfilled it yet, or there is an ongoing consumer or data processing complaint).

 

Right to object

You have the right to object to the processing of your personal data on grounds relating to your particular situation. In this case the Controller may no longer process your personal data, unless it can demonstrate that processing is justified by such compelling legitimate reasons that override your interests, rights and freedoms, or that are related to the lodging, pursuing and protecting of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data, including profiling to the extent it is related to such direct marketing. Where you object to the processing of your personal data for direct marketing purposes, the personal data can no longer be processed for such purposes.

 

Right to data portability

When processing is carried out by automatized means, or when processing is based on your voluntary consent, you have the right to request the personal data concerning you from Controller, which you have provided to a Controller, which Controller shall make available in xml, JSON or csv format and, if it is technically feasible, you have the right to request to transmit those data to another Controller in the same format.

 

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. In these cases, the Controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and to contest the decision.

 

The above shall not apply if the decision:

  • is necessary for entering into, or performing, a contract between you and the Controller;
  • is authorized by EU or Member State law to which the Controller is subject and which also lays down proper measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

 

Reporting to the data protection registry

Pursuant to the provisions of Infotv., Controller was required to report certain data processing to the data protection registry. This obligation terminated as of May 25, 2018.

NAIH number before May 25, 2018.:

Data protection registration number: NAIH-136980/2018.

 

Data security measures

Controller declares that it has applied appropriate measures to ensure that personal data are suitably protected against unauthorized access, alteration, transmission, disclosure, deletion or destruction, or accidental destruction or damage, and against becoming inaccessible due to a change in the technology applied.

Controller, having regard to the extent of the organizational and technical possibilities, shall make every effort to ensure that its processors apply proper data protection measures when working with your personal data.

 

Legal remedies

If you believe that Controller has infringed any statutory requirement relating to processing, or it has failed to fulfill any of your requests, you have the right to request an investigation by the National Authority for Data Protection and Freedom of Information for the purpose of discontinuing the unlawful processing (postal address: 1363 Budapest, Pf.: 9., e-mail: ugyfelszolgalat@naih.hu).

Please note that in case of a breach of statutory provisions related to data processing, or if Controller failed to fulfill any of your requests, you have the right to file a civil lawsuit against the Controller in court.

 

Modifying the data processing notice

Controller maintains the right to modify this data processing notice in a manner that does not modify the purpose and legal basis of the processing. By using the website after the modification has taken effect, you accept the modified data processing notice.

If Controller intends to carry out further processing of the collected data for purposes that are different from the purposes that they were collected for, it shall notify you of the purposes of such further processing and of the following information in advance:

  • the duration of the storage of the personal data, or if this is not possible, the criteria based on which this duration is determined;
  • your right to obtain from the Controller access to the rectification or erasure of, or the restriction of the processing of your personal data, and in case of processing based on legitimate interests, you have the right to object to the processing of your personal data, and in case of processing based on consent or contractual relation, you may request to exercise your right to data portability;
  • in case of processing based on consent, the fact that you may at any time withdraw your consent;
  • the right to file a complaint to the supervisory authority;
  • the fact that providing personal data is based on legislation or a contractual obligation, or whether it is necessary for entering into a contract, whether you are required to provide the personal data, and also what consequences you will face if you fail to provide such data;
  • the existence of automated decision-making (if such processes are applied), including profiling, or at least in these cases meaningful information on the logic applied and the significance and the envisaged consequences of such processing for you.

 

Processing may only commence after this, and if the legal basis of the processing is your voluntary consent, your consent to processing is also necessary in addition to being informed.

This document contains all of the relevant data processing information that is related to the operation of the webstore pursuant to the General Data Protection Regulation 2016/679 of the European Union and of the Council (hereinafter as “Regulation”, “GDPR”) and Act CXII of 2011 (hereinafter as “Infotv.”).

 

Poste restante and delivery to a Postal Point

Please note that Magyar Posta Zrt. identifies the recipients in accordance with the applicable privacy policy and may, where appropriate, require your personal information to be provided upon delivery to the post or a Postal Point.

 

Drawn up with the GTC generator Fogyasztó Barát ÁSZF. 

„Our Mission: Your Protection.”

ROCK SAFETY® is a PPE supplier that offers a wide range of protective equipment for workers to ensure they return home safely to their families. We believe in safety, family and the generations building our future.

What brand experience does ROCK SAFETY® offer?

  • Personal and professional advice
  • Focus on customers’ needs
  • Friendly and flexible customer service
  • Continous product- and service developement
  • Fast delivery
  • More than 600 years of PPE work experience
  • High customer satisfaction - complaint rate under 0.1%
  • Warehouse capacity of 5.500 m²
  • Serving more than 2.000 customers annually
  • Dynamically growing export markets - active in 24 countries

We are proud of the success of our business partners!

Headquarter / Main site / Personal pickup

ROCK SAFETY - 5100 Jászberény, Nagykátai út 10.

Phone: +36 57 515 700

Show on map >

Site in Érd

ROCK SAFETY - 2030 Érd, Erika utca 18.

Phone: +36 23 369 903

Show on map >

ROCK SAFETY® Workwear Store - (TESCO Store Jászberény)

5100 Jászberény, Nagykátai út 2/a.

Phone: +36 (30) 564-08-66

Show on map >