Privacy Notice

1. Controller

Controller: Béres Szőlőbirtok és Pincészet Korlátolt Felelősségű Társaság 
registered office: H-3932 Erdőbénye, topographical lot number: 085/18
represented by: Melinda Regéczy-Béres, Dávid Regéczy, Managing Directors
email: [email protected] 
website: www.berestokaj.hu, berestokaj.com, berestokaj.hu/en
(hereinafter: Controller)

2. The various data processing operations  

2.1. Wine tasting and estate visits (private and corporate events):

The vineyard also serves as a venue for wine tastings and private or corporate events. Prior to each visit, an advance telephone, personal or email consultation is required, in the course of which your name and contact details (telephone, email) are recorded. In the case of a group visit or event, only the name and contact details of the contact person (group leader) are recorded.

  • Legal basis for processing: 
    In the case of a request for a quote by a private individual, processing necessary for the performance of the contract [Article 6(1)(b) of the GDPR], Provision of data is a condition for the conclusion and performance of the contract.
  • In the case of a request for a quote by a company or other entity, our legitimate interest in the performance of the contract [Article 6(1)(f) of the GDPR]. You may object to the processing at any time using the contact details specified in Section 1. 
  • After the performance of the contract, the retention of contract data is based on our legitimate interest in retaining the data within the time limit for enforcement [Article 6(1)(f) of the GDPR]. You may object to the processing at any time using the contact details specified in Section 1.
  • In respect of personal data (name, address) that may appear in the invoice, the processing and retention of data is justified by compliance with a legal obligation [Article 6(1)(c) of the GDPR], in particular with regard to Section 169(2) of Act C of 2000 on Accounting  . The provision of data is a condition of issuing the invoice and, thus, of the conclusion of the contract.

Purpose of processing: Performance of the contract and, thereafter, the retention of data necessary for enforcement of claims and legal compliance. 

  • Duration of processing: 
  • In the case of a private event, the names of the participants are erased after the visit/wine tasting.
  • After the contract has been performed, contract data are retained for 5 (five) years.
    The retention period for the invoice and any personal data (name, address) on such invoice is 8 (eight) years.

Rights: 

  • For processing necessary for the performance of the contract: 3.2.-3.6.;
  • In the case of legitimate interest: 3.2., 3.3., 3.5., 3.7.
  • In the case of compliance with a legal obligation: 3.2., 3.3., 3.5.

2.2. Facebook and Instagram

We are available on Facebook as Béres Szőlőbirtok and Béres Szőlőbirtok és Pincészet Kft. and on Instagram as Béres Szőlőbirtok.

Visitors can subscribe to the newsfeed posted by the Béres Szőlőbirtok page by clicking on the “like” link, unsubscribe by clicking on the “dislike” link on the same page, or delete unwanted news posts by using post settings. 

Legal basis for processing: Your consent, which you grant by ‘following’. [Article 6(1)(a) of the GDPR]

Purpose of processing: To keep you up to date about the latest information, products, news about our company and to publish informative articles and materials.

Duration of processing: Our news only appear in your feed for as long as you wish, that is until you unsubscribe as detailed above. Consent may, therefore, be withdrawn at any time, however it does not affect the lawfulness of any processing conducted prior to such withdrawal.

Rights: 3.1.-3.6.

The display of advertisements and the use of the page analytics function is provided to the Controller by the operator of the Facebook and Instagram pages. The site analytics function displays aggregated data to help the Controller understand how visitors use the given page and its advertisements and draw conclusions for more effective operation. No personal data are included in statistical analyses. Processing for advertising and statistical purposes on these pages is carried out jointly by the Controller and Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland. Details of the joint controlling agreement are provided in Facebook’s Page Insights Controller Addendum. The addendum is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The companies operating social networking sites are separate controllers in other respects, and you can find information on the processing operations of the given site here: 

Channel    Controller    Privacy Notice
Facebook
Instagram    Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin, Ireland)    https://www.facebook.com/privacy/explanation
https://www.facebook.com/help/instagram/155833707900388/


2.3. When you contact us

You can contact us using any of our contact details (email, Facebook, phone, post). In such cases, your consent to the processing of the personal data you share with us is assumed.

Legal basis for processing: Your consent, which you grant by sending the request. [Article 6(1)(a) of the GDPR] You may withdraw your consent at any time by notifying us using the contact details specified in Section 1, however, this does not affect the lawfulness of any processing conducted prior to such withdrawal.
.
Purpose of processing: Contacting the enquirer and answering or resolving the question/request. Contacting the enquirer and answering or resolving the question/request/observation/other as described below. Once answered, the purpose of retention is retrievability in order to deal with any future requests and feedback.

Duration of processing: Messages and personal data thus received are retained for 2 (two) years after the request or question has been answered or responded to. 

Rights: 3.1.-3.6.

2.4. Processing of the data of company contact persons, representatives
We share the contact details of our contact persons in contractual or non-contractual relationships with our various business partners and we process the names and contact details (position, email address, telephone number) of the contact persons provided by our business partners.

Legal basis for processing: Our legitimate interest in liaising and performing a potential contract. [Article 6(1)(f) of the GDPR] You can object to the processing of your data using the contact details specified in Section 1.

Purpose of processing: Liaising and, in this context, for example: communicating in the interest of performing a contract, sending welcome messages. 

Duration of processing: We process contact person details for the duration of the business relationship until our business partner notifies us of a change of contact person or the data subject objects. 

Rights: 3.2., 3.3., 3.5., 3.7.

The same applies to the processing of the personal data of members of the press.

2.5. Contracts and the personal data contained therein
We sign contracts with our contractual partners, which we retain – as the document forming the basis of the invoice – even after the contract has ended and, as such, the personal data contained in the contracts are also retained. 

Legal basis for processing: Compliance with a legal obligation. After invoicing, retention is necessary for tax and accounting purposes  [Article 6(1)(c) of the GDPR]. The contract cannot be concluded without the provision of data. 

Purpose of processing: Compliance with a legal obligation.

Duration of processing: Signed contracts are retained for 8 (eight) years after the termination of the contract.

Rights: 3.2., 3.3., 3.5.

2.6. Complaints handling report

In the course of the handling of a consumer complaint, if you disagree with how the oral complaint is handled, or if an immediate investigation of the complaint is not possible, the Company shall make a written record of the details of the complaint and its position related thereto.

The report contains the following information:
•    The name and address of the consumer
•    The place, time and form of lodging the complaint
•    The detailed description of the consumer's complaint, a list of the documents, records and other evidence produced by the consumer
•    A statement by the Company on its position on the consumer's complaint, provided an immediate investigation of the complaint is possible
•    The signature of the person drawing up the report and – except in the case of an oral complaint made by telephone or electronically – the signature of the consumer
•    The place, date and time of the drawing up of the report
•    In the case of an oral complaint lodged by telephone or electronically, the unique identification number of the complaint

Legal basis for processing:
Section 17/A(7) of Act CLV of 1997 on Consumer Protection, which makes the above processing mandatory. [Article 6(1)(c) of the GDPR]

Purpose of processing:
Investigation of the complaint and liaising with the complainant.

Duration of processing:
3 years from the drawing up of the report.

Rights: 3.2., 3.3., 3.5.

2.7. Customer Comments Book 
In the shops, a Customer Comments Book with consecutively numbered pages, authenticated by the trade authority, must be displayed in a clearly visible and easily accessible place. Customers can register their complaints and suggestions concerning the operation of the shop and the commercial activities carried out in the shop in the Customer Comments Book. In order to exclude the possibility of other customers accessing personal data entered into the Customer Comments Book, we remove the page containing the complaint or suggestion from the Customer Comments Book immediately after the entry, keep it locked in accordance with the rules on sequential numbering, and make it available at the request of the authority.

Legal basis for processing:
Compliance with a legal obligation. Retention is necessary due to legal provisions on consumer protection. The provision of data is a condition for responding. [Article 6(1)(c) of the GDPR].

Purpose of processing:
Provision of the Customer Comments Book, compliance with a legal obligation.

Duration of processing: 
Entries are retained for 3 years.

Rights: 3.2., 3.3., 3.5.

3. Your rights

In the course of processing, you have the rights detailed in Sections 3.1-3.7. If you wish to exercise any of these rights, please contact us using one of the contact details below:

address: H-3932 Erdőbénye, topographical lot number 085/18
email: [email protected]

Identification
In all cases, we are required to identify you before we can fulfil your request. If we are unable to identify you, unfortunately we cannot fulfil your request. 

Responding to the request
Following successful identification, we provide you with information about your request in writing, electronically or orally at your request. Please note that if you have submitted your request electronically, we will respond electronically. Of course, you also have the option of requesting another form of response in this case as well.

Administration deadline
We inform you of the measures taken in response to your request within 1 (one) month of the receipt of your request at the latest. This period may be extended by 2 (two) additional months where necessary, taking into account the complexity and number of the requests, of which we inform you before the administration deadline. 

We are also obliged to inform you of any failure to take measures before the one-month administration deadline. You can lodge a complaint against this with NAIH (Section 4.1) and exercise your right to judicial remedy (Section 4.2).

Administration fee
The information requested and the measure taken are free of charge. An exception to the above is if the request is clearly unfounded or excessive, in particular because of its repetitive nature. In this case, we may charge a fee or refuse to comply with the request. 

3.1. You may withdraw your consent
In case of processing operations based on your consent, you may withdraw your consent at any time. In such cases, we erase your personal data relating to the given processing operation upon receipt of your notification. 

3.2. You may request information (access)

  • You may request information as to whether or not personal data concerning you are being processed, and, where that is the case:
  • What is the purpose?
  • Exactly what data is processed?
  • To whom do we transfer this data?
  • How long do we retain this data?
  •  What rights and remedies do you have in this regard?
  • Who did we receive your data from?
  • Do we make automated decisions about you using your personal data? In such cases, you may also request information about the logic (method) we use and the significance and likely consequences of such processing.
  • If you have found that we have transferred your data to an international organisation or a third country (non-EU country), you may ask us to show you how we guarantee the fair processing of your personal data.
  • You may request copies of your personal data processed. (For any further copies, we may charge a fee based on administrative costs.)

3.3. You may request rectification
You may ask us to correct or complete your personal data that is inaccurate or incomplete.

3.4. You may request erasure of your personal data (‘right to be forgotten’)
You can ask us to erase your personal data:

  • If the personal data are no longer necessary in relation to the purposes for which they were processed;
  • In case of processing operations based solely on your consent;
  • If your objection is successful;
  • If it is established that the personal data have been unlawfully processed;
  • If stipulated by EU or national law.

Personal data may not be erased, where they are necessary: 

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject to or for the performance of a task carried out in the public interest;
  • for reasons of public interest in the area of public health; 
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

3.5. You may ask us to restrict processing
You may ask us to restrict processing where one of the following applies:

  • You contest the accuracy of the personal data, in which case the restriction applies to a period that enables us to verify the accuracy of such personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; 
  • You have objected to processing, pending the verification whether the legitimate grounds of the Controller override yours.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You will be informed in advance of any lifting of the restriction. 

3.6. You may ask us to transfer your personal data (‘right to data portability’)
You have the right to receive your personal data processed by us in a machine-readable format and the right to have that data transferred to another controller – or at your request – where the processing is based solely on your consent or on a contract concluded with you or on your behalf and is automated. 
This right is applicable if processing is necessary for the performance of a task carried out in the public interest. This right cannot breach the right to erasure or adversely affect the rights and freedoms of others.

3.7. You may object to the processing of your personal data
You may object to the processing of your personal data, if: 

  • Processing is necessary for the performance of a task carried out in the public interest, or 
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
  • The data are processed for direct marketing purposes (in this context, you can also object to profiling);
  • The personal data are processed for scientific or historical research purposes or statistical purposes.

If you object to the processing of your personal data, your personal data will be erased. Exceptions to this are cases where processing is justified by compelling legitimate grounds, including public interest or where processing is necessary for the establishment, exercise or defence of legal claims.

4. Avenues for legal remedy

4.1. You may lodge a complaint with NAIH
If you believe that the processing of your personal data is in breach of the provisions of the General Data Protection Regulation, you have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).

NAIH
president: Dr. Attila Péterfalvi
postal address: H-1363 Budapest, Pf. 9
address: H-1055 Budapest, Falk Miksa utca 9-11
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
web: http://naih.hu
email: [email protected]

4.2. You may turn to the court
If you believe that the processing of your personal data is in breach of the provisions of the General Data Protection Regulation and that your rights under the GDPR have been infringed upon, you have the right to turn to the court. 

The litigation procedure falls within the jurisdiction of the tribunal. The action may also be brought, at the discretion of the data subject, before the regional court with jurisdiction at the data subject’s residence or place of stay. Entities or persons that otherwise have no legal capacity may also be parties to the proceedings. The Authority may intervene in the proceedings in the interest of a ruling in the data subject’s favour.

In addition to the provisions of the GDPR, the court proceedings shall also be governed by the provisions of Title XII of Part Three of Book Two of Act V of 2013 on the Civil Code (Sections 2:51 - 2:54) and other legal provisions applicable to court proceedings.

4.3. Indemnification and compensation
If the Controller causes damage or infringes the personal rights of the data subject by unlawfully processing the data subject's data, the data subject may claim compensation from the Controller. The Controller is exempt from the liability for damages and the obligation to pay compensation for personal rights violations if it is able to prove that the damage was caused or the Data Subject’s personal rights were violated by an inevitable cause beyond the scope of processing.

5. Data security

We make every effort to implement appropriate technical and organisational measures to ensure a level of data security appropriate to the level of risk, taking into account the state of the art, the cost of implementation, the nature of the processing and the risk to the rights and freedoms of natural persons. 

Personal data is always be treated confidentially, with limited access, encryption and by maximising resilience to the greatest possible extent, ensuring recoverability in the event of a problem. Our systems are regularly tested to ensure security. In assessing the appropriate level of security, account is taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

We do our utmost to ensure that persons who have access to personal data under our control process that data only in accordance with our instructions, unless they are required to do otherwise by EU or Member State law.

As physical security measures, we use security equipment, and our logical security measures include firewalls, antivirus and security software. 

6. Other

The Controller is entitled to amend this Privacy Notice at any time. Any potential amendments enter into force concurrently with their publication on the website, and are announced in a pop-up window on the website.

Last updated on: 7 June 2023

Procyon InteliArt Online Marketing
Website development: InteliArt Online Marketing Kft.
All rights reserved 2024 ©