Products Menu
Your are here: > >

Privacy policy

DATA PRIVACY POLICY AND DATA MANAGEMENT

LifeT!lt Food Limited Liability Company

CONTENT

DATA PROTECTION POLICY


1. Purpose of Regulations

This Policy (hereinafter referred to as the "Regulations") defines LifeT!LT UK Ltd., Unit 22, Bulrushes Business Park, Coombe Hill Road, East Grinstead RH19 4LZ, (hereinafter referred to as "LifeT!LT UK LTD." or "Data Controller")’s specified order of operation for records maintained by LifeT!LT UK LTD, ensures data protection and data security, prevents unauthorized access, unauthorized alteration and unauthorized disclosure of data.

LifeT!LT UK LTD. will keep the personal data of the persons concerned confidentially, in accordance with the legal regulations in force, ensures their security, takes technical and organizational measures and establishes the procedural rules necessary to enforce the relevant legal provisions and other recommendations.

2. Scope of the Regulation


2.1. The Regulations will apply to LifeT!LT UK LTD. and will be carried out by the Data Controller, to execute orders placed on websites managed by him, to fulfil food-delivery contracts, as well as data processing for direct marketing purposes.

2.2. The Scope applies to all persons from LifeT!LT UK LTD., who participate in data management and data processing operations carried out by LifeT!LT UK LTD. or are otherwise involved and have access to managed or processed data.

2.3. This Regulation will come into force by 25 May, 2018.

3. Data Controller’s Particulars

Company Name: LIFET!LT UK LTD.

Company Address: Unit 22, Bulrushes Business Park, Coombe Hill Road, East

Grinstead, RH19 4LZ

Company No. 10720451

Tax. No.: GB271 2047 32

4. Customer Service

a) LIFETILTSTORE. CO.UK

Customer Service address: Unit 22, Bulrushes Business Park, Coombe Hill Road, East Grinstead RH19 4LZ

Customer Service Phone No.:

Customer Service e-mail address:

Customer Service opening hours:Workdays 9:00-17:00

b) BERBERINEOFFICIAL.CO.UK


Customer Service address: Unit 22, Bulrushes Business Park, Coombe Hill Road, East Grinstead RH19 4LZ

Customer Service Phone No.:

Customer Service e-mail address: info@berberineofficial.co.uk

Customer Service opening hours:Workdays 9:00-17:00

5. Websites managed by LifeT!LT UK LTD.

http://lifetiltstore.co.uk/
https://berberineofficial.co.uk/


II. DEFINITIONS


Terms referenced in this Regulation have the following meanings:

Regulatory Background: Data Protection Act 2018

GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation);

Data: classified by the Data Protection Act 2018 and GDPR as personal data or special data, in particular any information relating to an identified or identifiable natural person ("concerned"); a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified;

Person Concerned: any identified natural person identifiable directly or indirectly by personal data;

Data supplier: Any natural or legal person or business entity without legal personality, or any natural person acting on their behalf, who, in any form whatsoever provides information of third parties to LifeT!LT UK LTD with or without prior request therefor.

Confidential Information: any information that is not easily accessible, information, other data, and the compilation thereof, which the unauthorized acquisition, exploitation, disclosure or disclosure of any of the Parties would be prejudicial to, or threaten to, the legitimate financial or political interests of either Party.

Data Management Act: Law CXIX of 1995 on the management of name and address data for research and direct business acquisition purposes.

Direct Marketing: the totality of information activities and ancillary services with the direct request method for the purpose of the Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity, which is directly related to the sale, supply or promotion of goods or services (hereinafter referred to as "the CAA" Commercial Advertising Act.) with § 3, d) of the Act transmission of advertising to customers or trading partners (hereinafter referred to as clients).

Exclusion List: The register of names and addresses data of those, who have forbidden or, despite prior request of the direct marketing body, have not consented to use or prohibited usage of their personal data for the contact list or business listing specified in this Regulation, for such purposes.

Regulation on business advertising: Consumer Protection from Unfair Trading Regulations, all rules, guides and codes by the Advertising Standards Authority in effect

Business advertisement: are such means of communication, information or presentation that may be a commercially available, movable property, including money, securities and financial assets, as well as the natural resources that can be utilized in such manner (hereinafter referred jointly to as “product”), services, real estate or intangible assets (hereinafter referred jointly to as "goods"), sale or to promote the use of other means, or in connection with such purposes, promoting the name of business, designation, or the activity thereof, as well as the promotion of the goods or geographical indications (hereinafter referred to as "advertising")

Data management: means the collection or recording of any operation or operations carried out in an automated or non-automated manner in personal data or data files, such as collecting, recording, rendering, compiling, storing, modifying or modifying, retrieving, inspecting, using, communicating, disseminating or otherwise by batch, alignment or interconnection, restriction, deletion or destruction;

Contact list: a list containing at least the customer's name, address, e-mail address or electronic ID, gender, and information on customer’s interest in contacting customers for the purpose of obtaining a consent to the reception of direct marketing deliveries.

Data Manager: a natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by EU or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by the EU or national law;

Filing System: means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

Data Processor: means any natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller;

Addressee: a natural or legal person, a public authority, agency or any other body with whom or with whom personal data is communicated, whether or not it is a third party.

Public authorities which have access to personal data in an individual investigation in accordance with EU or national law shall not be considered recipients; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

Consent of the Person Concerned: a voluntary, explicit and appropriate and informed clear statement of the will of the person concerned by indicating his / her statement or by expressing his / her unambiguous means of affirmation of his consent to the processing of personal data concerning him;

Data Breach: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;

Health Data: personal data relating to the physical or psychological health of a natural person, including data relating to health services provided to a natural person that carries information on the health of a natural person;

Enterprise: a natural or legal person engaged in a business activity, irrespective of its legal form, including partnerships and associations with regular business activities;

Cross-border data management of personal data:

a)         processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or

b)         processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the EU but which substantially affects or is likely to substantially affect data subjects in more than one Member State;

Information Society Service means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);

http://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32016R0679&from=HU

LIFETILTSTORE.CO.UK:

By LifeT!LT UK LTD. via http://lifetiltstore.co.uk

website that is related to healthy lifestyle products, dietary supplements, ordering those, home delivery, where the Customer shall be obliged to pay a fee based on that.

BERBERINEOFFICIAL.CO.UK:

By LifeT!LT UK LTD. via https://berberineofficial.co.uk  website that is related to healthy lifestyle products, dietary supplements, ordering those, home delivery, where the Customer shall be obliged to pay a fee based on that.

III. PRINCIPLES RELATED TO PERSONAL DATA MANAGEMENT


LifeT! LT UK LTD. respects the personal data privacy rights of the persons concerned and ensures in its own discretion that during the data handling procedures carried out, the concerned persons have control over their own personal particulars.

LifeT!LT UK LTD. ensures that the data handled by him are in compliance with  specific legal requisites.

LifeT!LT UK LTD. ensures to process data in compliance with legislations set.

Within the data handling process LifeT!LT UK LTD. ensures that personal data is handled legally and transparently.

LifeT!LT UK LTD. handles the amount and type of data needed to reach the data management goal.

In all cases, data management is based on proper prior information. The information is provided in a simple, transparent and comprehensible way.

LifeT! LT UK LTD. ensures the security of the data and takes the technical and organizational measures and establishes the procedural rules necessary to enforce the data protection rules.

LifeT! LT UK LTD. informs and have the provisions of this Privacy Policy accepted with its employees and other agents acting in his interest.

Recording and managing data can be done in compliance with the principles of fairness and legality.

The duration of the data management based on the voluntary provision may extend to the achievement of the goal.

During data processing, only personal data that is essential for the purpose of the data management should be handled to achieve the purpose.

Be it voluntary or compulsory, disclosure of the data must be described prior to the filing.

In addition to the purpose of data management, clear information should be disclosed on how the data will be handled and processed, including description of the event when a group of recipients is being defined.

Data must be stored in a secure manner in proportion to the period and purpose of the data management necessary.

Data shall be protected against unauthorized access, alteration, disclosure, deletion or damage or destruction.

The person concerned may at any time request information or control the contents of his data, request rectification at any time, in the cases provided for by law or in the event of withdrawal of his voluntary consent, cancellation, limitation and refusal of data protection in cases determined by law.

Consent of the person concerned to data management may be modified or revoked at any time, provided, management of such data is based on his consent.

Data processing is usually done electronically by machine.

At the same time as the purpose of data management is fulfilled, deletion of the data must be done based on legal regulations.

The data may only be forwarded if permitted by law and if the terms of the data processing are met at each transmission for the personal data concerned.

IV. PARTICULAR DATA MANAGEMENT

4.1. Legal Basis for Data Management


Data management of LifeT! LT UK LTD. should be processed in compliance with at least one of the following legal bases:

4.1.1. The consent of the person concerned has been given to handling his / her personal data for one or more specific purposes (voluntary contribution)

4.1.2. Data management is necessary for the performance of such contract, where the person concerned is one contracting party, or it is necessary action at the request of the person concerned prior to the conclusion of the contract (performance of the contract).

4.1.3. Data processing is necessary to fulfil the legal obligation for the Data Controller (fulfilment of a legal obligation).

4.1.4. Data Management is a requisite for LifeT! LT UK LTD. or of a third party to enforce the legitimate interests, unless if priority over those interests are the interests or fundamental rights and freedoms of the person concerned (legitimate interest).


LifeT! LT UK LTD. performs data management related to the following purposes.

4.2. Performing Services

4.2.1. Execution of online orders

The purpose of Data Management:

LifeT! LT UK LTD. through http://lifetiltstore.co.uk and https://berberineofficial.co.uk/, complying with registered user contracts, providing information about products, delivering products, issuing invoices, analysing customer buying habits, and providing better targeted service.

The legal basis for Data Management:

GDPR 6.§. (1) b) –  performance of contract

Scope of Managed Data:

full name, address, delivery address, e-mail address, billing name and address, bank payment, bank account number

4.2.2. Execution of food delivery service contract

Data Transmission and Data Processor:

For delivering products for courier services - SPRINTER Futárszolgálat Kft.

Duration of Data Management:

Not longer than is necessary for the purposes for which data is held

4.2.3. Customer support Data Management

The purpose of Data Management:

Differentiate customers / buyers, handle any customer feedback, handle complaints, handle contract withdrawal issues, provide customer service, financial records, maintain contacts.

The legal basis for Data Management:

GDPR Section 6. (1) c. – Data Protection Act 2018

Scope of Managed Data:

full name, address, delivery address, telephone number, e-mail address

Duration of Data Management:

Regarding the records of the complaint and copies of the replies to the written pleadings, Section 17 / A of the Consumer Protection Act § 7 (5) + 60 days. Two years + 60 days for duplicate entries in buyers' book. Not longer than is necessary for the purposes for which data is held

Data Transmission and Data Processor:

LifeT! LT UK LTD. does not require a data processor for this data management.

4.3. Direct marketing inquiries


4.3.1    Direct marketing inquiries

Purpose of Data Management:          Building a business database, contacting customers, account management, contacting for renewal or renewal of data management, obtaining contact for a purpose other than that for the prior purpose, contacting for obtaining a contribution to a different request, providing information about products, providing new products, forwarding, invitations to participate in promotions.

Legal basis for Data Management:    GDPR Section 6. (1) a) - voluntary consent

Scope of Managed Data:                   Full name address, e-mail address,

Duration of Data Management:         Not longer than is necessary for the purposes for which data is held, however until the withdrawal of the concerned consent + 60 days, but not more than 5 years

4.3.2 Sending Newsletters


Purpose of Data Management:          E-mail sent by electronic means to commercial users for commercial purposes,

Legal basis for Data Management:    GDPR Section 6. (1) a) - voluntary consent

Scope of Managed Data:                               Full name address, e-mail address

Duration of Data Management:                     Withdrawal of the concerned person’s consent (unsubscribe)

LifeT! LT UK LTD. manages the details of those who have consented to the direct marketing inquiries.

The purpose of data management may differ in some data processing.

For direct marketing purposes, only people over the age of 18 may give consent.

Direct marketing data management is based on voluntary contribution.

Telephone number, name and address data collected for the purpose of direct business acquisition are recorded on the contact list prepared by the Data Controller for consents to inquiries in direct business acquisition.

The Data Controller shall not forward the data on the contact list to a third party without the prior consent of the person concerned.

The Data Controller contacts the parties on the contact list by telephone or electronic mail, provided that information is voluntarily provided by the persons concerned.

When contacting customers, the person concerned shall be informed of the source of data from the Data Controller, the purpose and the method, the data and the period of using it. It is also necessary to inform the person concerned about the use of the data processor, any subsequent intention to transmit it, and whether the data supply is voluntary and could be terminated at any time. Subsequently, for the purposes of direct business acquisition, the consent of the person concerned must be requested and he should be informed that such consent can be withdrawn freely at any time without justification.

By direct contact with the person concerned, advertising may only be disclosed and communicated only if the addressee of the advertisement has expressly and explicitly agreed in advance. In case of doubt, consent must be given by the Data Controller.

When making a voice recording, the person concerned must be informed in advance and the consent of the person concerned for making a phonogram is compulsory.

If the person concerned does not agree to the processing of data for direct marketing purposes or has requested the termination of his or her data management for that purpose, the Data Controller shall no longer be in contact with the person concerned. The data of such concerned persons are kept in the data block list (hereinafter referred to as "Robinson List") in order to prevent the data of the data subjects from being recaptured by the Data Controller and not to be contacted by the Data Controller again. The data contained in the prohibition list may be used by the Data Controller to the extent necessary to ensure compliance with the provisions of this section; it may not be combined, transferred, or used for other purposes by any other database.

For the Robinson list, the Data Controller stores the data on the list subsequent to the registration on the prohibition list to justify legitimate data management, after the limitation period, he then arranges for deletion and destruction of documents certifying the legality of the data and related data processing.

V. PROVISIONS FOR DATA MANAGEMENT

5.1. Provision of Information to the Person Concerned
Prior to the implementation of the data processing, it is necessary to make clear and unambiguous information on the method of recording, the purpose and, in the case of volunteering of the data supply, on the voluntary nature, considering the legal requirements.

LifeT!LT UK LTD. expresses as a general principle, that whenever a person wishes to have personal data based on a voluntary contribution from the person concerned, subsequent to reading and interpretation of the necessary information text, the parties concerned are free to decide whether to provide the requested information.

5.1.1. In the event, LifeT!LT UK LTD., directly takes and register data from the person concerned; prior to data registration, LifeT!LT UK LTD.,  informs the person concerned


The information shall include:

a)         the Data Controller and, if there is any, the identity and contact details of the Data Controller's representative;

b)         the contact details of the DPO, if any;

c)         the purpose of the planned management of personal data and the legal basis for data handling;

d)        in the event data management is based on Article 6 (1) (f) of the GDPR, legitimate interests of the Data Controller or third party;

e)         where appropriate, the addressees of the personal data or the categories of recipients, if any;

f)         where appropriate, the fact that the Data Controller wishes to transmit personal data to a third country or to an international organization and the existence or absence of the Commission's conformity decision or to Article 46, 47 or Article 49 (1) of the GDPR, the indication of the appropriate and suitable guarantees and the means of obtaining copies thereof or the reference to their availability.

In addition to the information referred to above, the Data Controller shall inform the person concerned of the following additional information at the time of the acquisition of personal data in order to ensure fair and transparent data management:

a)         the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

b)         the right of the person concerned to request access to, correction, deletion or limitation of the personal data from the Data Controller and to object to the handling of such personal data and the right of the person concerned to the relevant data storage;

c)         the right to withdraw consent at any time in the case of data handling based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR without prejudice to the lawfulness of the data processing carried out on the basis of the consent before withdrawal;

d)        the right to file a complaint addressed to the supervisory authority;

e)         whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract and whether the person concerned is obliged to provide personal data and the possible consequences of the lack of data provision;

f)         the fact of the automated decision making process referred to in Article 22 (1) and (4) of the GDPR, including profiling, and at least in such cases, the logic applied and the intelligible information on the significance of such data handling and any possible consequences that could affect person concerned.

5.1.2.   In the event LIFET!LT UK LTD., is not directly recording data from the person concerned, it shall inform the data subject prior to the data survey::

If the personal information was not obtained from the person concerned, LifeT!LT UK LTD. provides the following information to the concerned:

a)         the identity and contact details of the Data Controller and, if any, of the Data Controller's representative;

b)         the contact details of the DPO, if any;

c)         the purpose of the planned management of personal data and the legal basis for data handling;

d)        the categories of personal data concerned;

e)         the recipients of personal data or the categories of recipients, if any;

f)         where appropriate, the fact that the Data Controller wishes to transmit personal data to a third country or to an international organization and the existence or absence of the Commission's conformity decision or to Article 46, 47 or Article 49 (1) of the GDPR, the indication of the appropriate and suitable guarantees and the means of obtaining copies thereof or the reference to their availability.

5.1.3.   Further information beyond section 5.1.1 and 5.1.2

Beyond those referred to in section 5.1.2, the Data Controller shall provide the data subject with the following additional information necessary to ensure fair and transparent data management for the data subject:

a)        the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

b)         if the data processing is based on Article 6 (1) (f) of the GDPR, on the legitimate interests of the Data Controller or third party;

c)         the right of the person concerned to apply for access, rectification, cancellation or management of personal data relating to the Data Controller and to object to the processing of personal data and his right to data storage;

d)        the right to withdraw consent at any time in the case of data handling based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR without prejudice to the lawfulness of the data processing carried out on the basis of consent prior to the withdrawal;

e)         the right to file a complaint addressed to a supervisory authority;

f)         the source of personal data and, where applicable, whether the data originate from publicly available sources; and

g)         the fact of the automated decision-making process referred to in Article 22 (1) and (4) of the GDPR, including profiling, and, at least in such cases, the logic applied and the understandable information on the significance of such data handling regarding the possible consequences thereof with respect the person concerned.

The above information shall be provided by LIFET! LT UK LTD. as follows:

(a)        taking into account the specific circumstances of the processing of personal data, within a reasonable period of time from the acquisition of personal data but not later than one month;

b)         where personal data are used for keeping contact with the person concerned, at least when contacting the person concerned for the first time; or

c)         if it is expected that the data will be communicated with another addressee, no later than the first time when personal data is communicated.

If LifeT! LT UK LTD. is to perform further data processing for purposes other than the purpose for which they are acquired, prior to further data handling, shall be obliged to inform the person concerned of any relevant additional information referred to the different purpose in the foregoing.

5.2. CONSENT OF THE PERSON CONCERNED


In the event LifeT!LT UK LTD. manages the personal data of the Person Concerned – with the exception of the those defined by the contact list – managing data on the basis of the consent of the person concerned,  based on an informed voluntary declaration of the person concerned, which includes the explicit consent of the persons concerned to use their personal data.

The release of personal data to a third party or authorities, - unless otherwise provided by law, is mandatory - only by virtue of an official decision or in the case of a prior explicit consent of the person concerned.

LifeT!LT UK LTD. shall not verify the personal information entered. Only the person who has entered it shall be responsible for the compliance of the data provided.

The persons concerned should be informed either separately or by referring to this Policy that, when giving their e-mail address, they will be responsible that it is solely them who will be receiving the service from the specified e-mail address. With respect to this responsibility, any liability associated with an entry with the given e-mail address will only be borne by the person who gave the e-mail address.

5.3       CONTENT AND GRANT OF CONSENTS

When entering data electronically, a clear acceptance field on the electronic interface shall mean the understanding and acceptance of the information.

In the absence of personal data necessary for the conclusion and performance of the contract, the contract may not be concluded.

The personal information required to participate in a promotion and/or registration will indicate what data, for what purpose and under what conditions, will be requested by LifeT!LT UK LTD. as "mandatory". The mandatory term does not refer to the compulsory nature of the record, but the fact that there are headings that cannot be completed without the participation in the promotion, registration cannot succeed, so it may lead to refusal of certain fields or failure to fill in incorrect fills.

LifeT! LT UK LTD. shall does not supplement or combine personal or other information provided by the person concerned with any data or information from other sources. An exception to this is the case where, following proper information, the person concerned agrees in advance.

LifeT!LT UK LTD. to ensure the convenience of their buyers will have the majority of their products to be delivered by courier service to the delivery address designated by the buyer, from which the buyer/customer will be informed in the contract at the conclusion of the contract. LifeT!LT UK LTD. shall hand over to the delivery partner, the name, postal address, and the telephone number of the recipient. In doing so, it stipulates that the parcel carrier may not use this data for any other purposes except for delivery.

LifeT! LT UK LTD. shall take all necessary steps to ensure the security of the data. LifeT!LT UK LTD. the data retention and protection functions of the IT infrastructure used by LifeT!LT UK LTD., LifeT!LT Ungarn Kft. will regulate the principles, procedures and security controls contained in the IT Security Policy. Personal data may only be accessed by persons with the relevant job positions - with access controls.

5.4       INFORMATION TECHNOLOGY APPLICATION, COOKIES

Information technology applications, online advertising provisions: Cookie.

LifeT! LT UK LTD.'s certain activities are aimed at managing, analysing, and improving the success of its business, for such purpose builds up self-statistics, collects cookies in order to improve the user's experience, as well as applies the programs detailed in the sections below.

Affected websites, applications where cookies are collected shall be listed in I / 5.

Handling of technical data and cookies

LifeT!LT UK LTD.’s system (or its delegated data processor) automatically records the IP address of the computer of the person concerned, the starting time of the visit, and, in some cases - depending on the computer configuration - the type of browser and operating system. The data thus recorded cannot be linked to other personal data. The data is managed solely for statistical purposes. Cookies allow a website or application to recognize previous visitors. Cookies are supporting LifeT!LT UK LTD. to optimize a website or application to make the website or application services tailored to the needs of the people concerned. Cookies are also suitable to

note the settings so the person concerned does not have to re-record those when browsing to a new page,
recognize the previously entered data, so those do not have to be re-typed,
analysing the use of the website or application in order to maximize the use of the information thus obtained according to the user's expectations, the user can easily find the information sought,
monitor the effectiveness of the ads.
If a website or application displays various content through external web services, it may result in the storage of some cookies that are not part of LifeT!LT UK LTD.’s control, and how these websites or external domains collect data. Information on these cookies may be obtained by the policies that are governing the provided service.

The user can configure his/her web browser to accept all cookies, reject them all, or notify the user when a cookie is received on his computer.

The cookie informs the web server that the user has already visited a particular web site with his browser application. For example, when a user customizes sites or products on a website, subscribing to a site, the created cookies will allow the web server to store relevant information about the user. This simplifies the process of recording personal data (such as billing address or shipping address, etc.). In case of repeated visits, the program will be able to read the user information that was previously provided by the user, so the site's services will become more comfortable.

One can enable or disable cookies, but the person concerned may also decide to have the browser request permission to receive cookies. If some cookies are disabled, some web services are not working properly, and blocking does not mean that the computer's Internet presence is hidden, and even browsing habits will continue to be tracked. After disabling HTTP requests those nevertheless continue to include the starting point (HTTP-based referrer), IP address, browser version number, operating system version, and other information.

The persons concerned may obtain information from the so-called " "Cookie Policy" , which will tell them how and when the website or application collects data of them. The cookie policy usually appears to the person concerned during the first visit to the site and informs him about how the website or application uses cookies.

Disable cookies

If you want to manage or disable cookie settings, you can do this from your own computer in your browser. This option can be found in the Cookies / Cookies / Tracking Placements menu, depending on the browser toolbar, but you can usually set the tracking features that you enable / disable on your computer in Tools> Settings> Privacy.

5.5  MANAGEMENT OF PERSONAL DATA

5.5.1 Data Management Policies


Data Management Policies ensure for LifeT!LT UK LTD that the method of registration and the content of the data are in compliance with applicable laws at all times. LifeT!LT UK LTD. provides for a proper logical separation of data management for different purposes. LifeT!LT UK LTD. manages the electronic registers based on uniform principles, although taking into account the characteristics of the records and the diversity of the data carriers. The principles and obligations under this Policy apply to electronic records.

The register is fragmented in order to distinguish between data managements upon legal basis and data management purpose.

Through the structure of its registry system, the determination of entitlements and other organizational measures LifeT!LT UK LTD. ensures that the data contained within the HR records are only available to those LifeT!LT UK LTD. employees and other persons acting on behalf  of LifeT!LT UK LTD., and  is necessary in order to perform their duties and jobs.

LifeT!LT UK LTD.’s electronic registry is operated by an IT software that meets the requirements of data security. The program ensures that the data may only be accessed for targeted purpose and under controlled conditions by those persons solely who need to access such data to perform their duties. The entries and activities of persons who have access to the data are recorded by the system.

In the event the empowered authorities require by statutory obligations (e.g. suspected criminal offense or official data confiscation decision) LifeT!LT UK LTD. to hand over personal data – then LifeT!LT UK LTD. pass on requested available information, subject to its statutory obligation.

Release of personal data to a third party or authorities, unless otherwise provided by law, is mandatory only solely upon official decision or in the case of a prior explicit agreement of the person concerned.

5.5.2.   Electronic Data Storage

Data that are supplied to LifeT!LT UK LTD., electronically will be  collected, in some cases, stored on its own servers.

5.6.      PERIOD OF DATA STORAGE


In the event the duration of the data storage is determined by law, there is a statutory limit until LifeT! LT UK LTD. stores the data.

If the purpose of data management has ceased, the data must be deleted.

If data management is prohibited, except for the exceptions provided for by law, then such data must be deleted.

If any data is to be deleted, then LifeT!LT UK LTD. shall separate  the data within the original registry file and moves it into the logs for data marked to be deleted. Only the delegated employee from LifeT!LT UK LTD. will have adequate authorization to exercise his functions for the administration of such data and only for a time period which is strictly necessary for the electronic deletion thereof.

If data is deleted, LifeT!LT UK LTD. deletes all personal data or anonymizes those in such a way that the original personal data could no longer be restored.

LifeT!LT UK LTD. shall handle the data withdrawal requested by the person concerned - in so far as the application is legally enforceable – will always carry out and document such removal. LifeT!LT UK LTD., shall, to verify legitimate data processing up to the request for deletion or, in order to avoid future data handling, shall keep it on necessary records.

LifeT!LT UK LTD. ensures that the data is deleted in a verified and justifiable manner.

5.7.     DATA TRANSMISSION


LifeT!LT UK LTD., according to the regulations of paragraph IV, does not transmit personal data to a third country during certain data processing.

The transfer of personal data to a third country may take place when the Commission has decided that a third country, a region of a third country or one or more specific sectors provide an adequate level of protection.

The transmission of data is based on the Commission's compliance decision.

Some compliance decisions are: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

No such permission is required for such data transfer.

5.8. DATA PROCESSING


LifeT!LT UK LTD. in some cases it transfers data to third parties, so

5.8.1. to a subcontractor or subcontractors involved in the performance of a contract

5.8.1.   for a subcontractor or subcontractor involved in the performance of a contract

5.8.2.   in order to fulfil requirements of judicial, official or otherwise legitimate information reporting

LifeT!LT UK LTD. may want to use data processors to enforce contracts or enforce direct marketing goals.

The data processor and any person with access to personal data acting under the control of the data controller or the data processor shall only disclose the data to LifeT! LT UK LTD. unless otherwise provided for by the law of the EU or of the Member States.

LifeT!LT UK LTD, with respect to its business operation, has several data processors. The data processor's availability and the individual data processing activities, the data categories affected by data processing, are described in Section 5.9 of this Policy.

In the event LifeT!LT UK LTD. hands over the data of the person concerned to the data processors he will inform the person concerned thereof, prior to the commencement of data processing.

Each delegated data processor of LifeT!LT UK LTD. shall keep a record of all categories of data management activities on behalf of the data controller; such register shall contain the following information:

a)         the name and contact details of the data processor or data processors and the names and contact details of each and any data controller on whose behalf the data processor is acting, and, where applicable, the name and contact details of the data controller or the data processor's representative and the data protection officer;

b)         categories of data management activities in the name of individual data controllers;

c)         if possible, a general description of the technical and organizational measures taken to ensure data management.

Such records shall be kept in writing, including the electronic format.

 

5.9. DATA PROCESSORS


LifeT!LT UK LTD. has contracted data processors listed below for data processing. Data processing includes all activities concerning data that LifeT!LT UK LTD. performs, however entrusted such data to third parties who are acting in the name of LifeT!LT UK LTD.


5.9.1.1. Data Processors

5.9.1.2. Product delivery (http://lifetiltstore.hu)

Netnor Ltd

Unit 9C - 22. Bulrushes Business Park, Coombe Hill Road, East Grinstead,
West Sussex,
RH19 4LZ


warehousing and parcel delivery services

Category of Data Processed:

name, delivery address, product, phone No., e-mail address

LifeT!LT Food Kft

H-1138 Budapest Népfürdő utca 22 B/15

parcel delivery services


Category of Data Processed:

name, delivery address, product, phone No., e-mail address


SPRINTER Courier Service Ltd


H-1097 Budapest, Táblás utca 39.


parcel delivery services


Category of Data Processed:

name, delivery address, product, phone No., e-mail address

5.9.1.3Sending Newsletters


Scope of Activity:

Sending Newsletters

Category of Data Processed:

Name, e-mail address

5.9.1.4         Other Inquiries with Direct Marketing Purpose


Name:

Address:         

Scope of activity:       Other direct marketing inquiries, advertisements

Managed Data Category:  name, email address

VI. RIGHTS OF THE PERSONS CONCERNED

6.1.          Data Access Rights of the Person Concerned

The person concerned shall have the right to receive feedback from LifeT!LT UK LTD about his/her personal data being processed and, if such processing is in progress, he/she will have right to get access to his/her personal data as well as to the following information:

a)         the purposes of data management;

b)         the categories of personal data concerned;

c)         recipients or the categories of recipients with whom or with which personal data will be communicated or be disclosed to, including in particular third-country addressees or international organizations;

d)        where appropriate, the intended duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

e)         the right of the person concerned to request the data controller to rectify, erase or limit the personal data concerning him or her and may object to the handling of such personal data;

f)         the right to submit a complaint to any relevant authority;

g)         if the data is not collected from the person concerned, all available information about their source;

h)         the fact of the automated decision making process referred to in Article 22 (1) and (4) of the GDPR, including profiling, and at least in such cases the logic used and the understandable information on how such data are relevant and what could be the probable consequences.

If personal data is transferred to any third country or international organisation, the person concerned has the right to be informed about the relevant indemnities on the transfer.

Rectification and Deletion
The person concerned has the right to request LifeT!LT UK LTD. to correct any inaccurate personal data relating to him/her without undue delay. With respect to the purpose of data management, the person concerned shall have the right to request the addition of incomplete personal data, including by means of a supplementary statement.

With respect to the activities, internal business and procedures of LifeT!LT UK LTD,  the data will be corrected by LifeT!LT within 5 working days of receiving the request.

The person concerned shall have the right that upon his request, personal data concerning him be deleted without undue delay, and the data controller shall be obliged to delete the personal data of the person concerned without undue delay if one of the following reasons exists:

a)         personal data are no longer required for the purpose from which they have been collected or otherwise handled;

b)         the person concerned withdraws the consent that has been given to the data controller and thisway, the data controller shall not have any other legal basis for data processing;

c)         the person concerned objects to the processing of data and there is no prior legitimate reason for data handling or the person concerned objects to the processing of data for direct business acquisition;

d)        the personal data have been unlawfully handled;

e)         the personal data will be deleted in order to comply with the legal obligation imposed on the data controller applicable in EU or by local Member States legal regulation;

6.3.Right to Limit Data Management
The person concerned has the right to request LifeT!LT UK LTD. to restrict data management if one of the following applies:

(a)        the person concerned disputes the accuracy of the personal data; in this case, the restriction applies to the period of time that is provided and allows LifeT! LT UK LTD. to check the accuracy of personal data;

(b)       data management is unlawful and the person concerned is opposed to the deletion of the data and, instead, requests that their use to be restricted;

(c)        the data controller no longer needs personal data for data processing, but the person concerned requires them to submit, enforce or protect legal claims; or

(d)       the person concerned objected to the data handling; in this case, the restriction applies to the duration of determining whether the data controller's legitimate reasons prevail over the legitimate grounds of the person concerned.

In the event the processing of data is restricted by the foregoing, such personal data may only be disclosed with the consent of the person concerned or the submission, enforcement or protection of legal claims or other rights of the natural or legal person, or in the public interest of the EU or of a Member State can be handled.

The data controller shall inform the person concerned at whose request the processing of data is restricted, shall inform him about the discontinuation of the restriction of data management.

6.4.Data Portability


The person concerned shall have the right to receive personal data made available to him by a data controller in a fragmented, widely used machine-readable format and shall be entitled to transmit such data to another data controller without this being obstructed by the data controller provided personal information to him when:

a)         data management is voluntarily contributed or the handling of the special data is consented or is contractually based; and

b)         the processing is carried out by automated means

In exercising the right to transfer data as described above, the person concerned shall have the right to request, if technically feasible, direct transfer of personal data between data controllers.

The exercise of the rights referred to above should not violate the right to cancel.

6.5.The right of protest


The person concerned is entitled to object any time, for any reasons relating to his / her own situation on the processing of his personal data on legitimate interest, including profiling.

In this case, LifeT! LT UK LTD. will not be able to handle personal data unless it proves that data processing is justified by legitimate reasons of enforceability that prevail over the interests, rights and freedom of the person concerned, or which relate to the submission, enforcement or protection of legal claims.

If personal data is handled for direct marketing reasons, the person concerned is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct marketing.

In the event a person concerned objects to the personal data being handled for direct marketing purposes, personal data may no longer be handled for that purpose.

The above-mentioned right must be explicitly mentioned in the first contact with the person concerned at the latest and the relevant information must be clearly and separately displayed.

With respect to the use of information society services and by derogation from Directive 2002/58 / EC, the right of objection may be exercised by automated means based on technical specifications.

Notification Obligation


LifeT!LT UK LTD. shall inform all recipients of all corrections, cancellations, or restrictions on data management with whom or with which personal data has been communicated, unless this proves impossible or requires disproportionate effort. At the request of the person concerned, the data controller shall inform him/her of the addressees.

6.7.Legal Remedies


Direct Legal Remedy for LifeT! LT UK LTD.


The person concerned shall have the opportunity to address his observations, complaints and objections directly to LifeT!LT UK LTD., at the contact details defined by this Policy, or, should directly contact LifeT!LT UK LTD.’s. Data Protection Officer and request remedy by him.

The person concerned should turn with data management and data rights related issues, complaints, and notifications to LifeT!LT UK LTD.’s  Customer Support. Customer Support shall ensure that issues, complaints, and notifications reach the appropriate organizational unit and that the person concerned receive answers in due time along with necessary actions taken.

National Data Protection and Information Authority

The person concerned may make a complaint to the Information Comissioner’s Office (hereinafter referred to as ICO) if he or she considers that there is a violation of his / her personal data or there is a direct danger to it, unless a court proceeding is ongoing. The ICO might investigate upon the submitted complaint or initiate administrative proceedings.

ICO details:

https://ico.org.uk/

6.7.3.Judicial Remedy


The person concerned may contact the Data Controller's headquarters or the competent court of the place of residence of the person concerned, in order to protect his / her personal data. The person concerned may contact competent solicitors to make a claim.

6.7.4.Data Privacy Officer - DPO


Given the relevant provisions of GDPR, LifeT!LT UK LTD. is not obliged to designate a Data Protection Officer, since, LifeT!LT UK LTD. is not a public authority or a public body, and nor do its activities include an operation that requires systematic monitoring of the person concerned, and LifeT!LT UK LTD. does not handle any special data or personal data relating to criminal liability and criminal offences.

VII.DATA SECURITY


In compliance with the data security requirement, data management operations must be designed and implemented in such a way as to ensure that the privacy of the persons concerned is protected.

LifeT!LT UK LTD., shall  ensure the security of the data, shall take the technical and organizational measures required to enforce the data and confidentiality rules.

The data is protected by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as the unavailability of accidental destruction and damage and against becoming inaccessible due to modifications of the technique used.

When defining and applying data security measures, the development of relevant technologies needs to be considered. There are several possible data management solutions to choose from, providing for a higher level of protection of personal data unless it is disproportionate or difficult for the Data Controller.

LifeT!LT UK LTD. shall, among the tasks related to information protection, provide for in particular:

Measures to protect against unauthorized access, including protection of software and hardware, and physical protection (access protection, network protection);
Measures to ensure data recovery, including systematic backups and separate, secure management of backups (mirroring, backup);
Protecting files against viruses (virus protection);
Physical protection of data files and their carrying devices, including protection against fire damage, water damage, lightning strike, other damage to the environment, and restoration of damage caused by such events (archiving, fire protection).


VIII.Amendments to the Data Privacy Policy

LifeT!LT UK LTD. reserves the right to modify this Privacy Policy at any time, if it considers that to be reasonable based on experience or if the amendment is required by law.

If the person concerned does not agree with the modifications, then, he/she may notify LifeT!LT UK LTD in writing within 8 days of observing such modification. In this case personal information of the person concerned must be deleted by LifeT!LT UK LTD., unless the deletion of the data is not possible due to fulfilment of a legal obligation.

In the event the person concerned does not object to the amendment within the above-mentioned time-limit, the new data protection rules will enter into force for the personal data of the person concerned.

Budapest, May 25, 2018