Data Protection Bulletin
Shop.Builder Web Store
Data Protection Bulletin
The purpose of the websites of Biotech USA Kft. (Registered office: 1033 Budapest, Huszti út 60.) (hereinafter: Service Provider) at domain names shop.builder.hu, body.builder.hu, www.musclebuilder.hu (hereinafter: website) is to serve the needs of the target audience of body builders and body beautifiers, to facilitate communication between those interested in body building and body beautification and to offer an online interface to share experience and create an online body building community.
The current version of the data protection bulletin of the Service Provider is available at the home page.
With regards to the management of personal data, the Service Provider as the data manager hereby informs the users accessing the Website about the personal data managed at the Websites, its principles and practices with regards to personal details, the organisation and technical measures taken for the purpose of protecting personal data and the methods and opportunities of the relevant User to exercise its rights.
The Service Provider manages all recorded personal data confidentially, in compliance with the data privacy laws and international recommendations as well as the provisions herein. The Service Provider is committed to the protection of the personal data of its partners and users, and especially respects the right of informational self-determination of website users. The Service Provider manages all personal data confidentially and takes all security, technical and organisational measures to guarantee data security.
The Service Provider may amend this data protection bulletin unilaterally by previously notifying website users about such changes. The amended provisions shall become effective for Users upon the first use of the website after the publication of the changes.
Should you have any question about this data protection bulletin, please send us an email to email@example.com and our colleague will shortly respond.
By using the Website, the User accepts the provisions of the Data Protection Bulletin and agrees to the management of his personal data as detailed below.
- Data Subject/User: any natural person identified or, directly or indirectly, identifiable based on some specific personal data;
- Personal Data: any data that may be linked to the Data Subject, especially his name, tax number ID or one or more pieces of information of the person’s physical, physiological, mental, economic, cultural or social identity and any conclusion made from the data relevant to the Data Subject;
- Consent: the voluntary and specific statement of the will of the Data Subject based on appropriate information, in which the person provides his unambiguous consent to the comprehensive or operation-specific management of his relevant data;
- Objection: the Data Subject objects to the management of his personal data and requests termination of such data management and removal of the managed data;
- Data Manager/Service Provider:the natural person or legal entity or organisation without legal personality, who/which, either alone or in collaboration with others, determines the purpose of the data management, makes and enforces decisions on data management (including the assets used) or have those carried out by a contracted data processor;
- Data management:regardless of the procedure used, any operation(s) carried out on the data, especially their collection, recording, organisation, storage, change, use, query, transfer, disclosure, synchronisation or linking, blocking, removal and destruction and preventing the use of such data, making photo, audio or video recordings, recording of any physical property suitable for the identification of the person (e.g. finger or palm print, DNS sample, iris image);
- Data processing: performing technical tasks related to data management operations regardless of the method and equipment used for performing the operation, the place of application, and if the technical task is performed on the data;
- Data processor: a natural person or legal entity or organisation without legal personality who (that) performs data processing based on a contract concluded with the Data Manager, including a contract concluded based on the provisions of the law;
- Data transfer: providing access to the data to a specific third party;
- Disclosure: providing access to the data to any person;
- data deletion: making data unidentifiable in a way that they can no longer be restore;
- Blocking of data: assigning an ID to the data to limit its future management permanently or for a specific period of time;
- Destruction of data: the complete physical destruction of the media;
- Third Party: any natural person or legal entity, or organisation without a legal personality who (that) is not identical with the Data Subject, the Data Manager and the Data Processor.
2. The data of the Service Provider as the Data Manager
- Name of the service provider: Biotech USA Kft. (hereinafter: Service Provider)
- Registered office: 1033 Budapest, Huszti út 60.
- Representative: Bálint Lévai (Representative of the company)
- Company register number: 01-09-352550
- Tax number: 25114681-2-44 [EU-VAT: HU25114681]
- Entry No in the authority register: C/002 215/2003.
- Domestic Trade and Tourism Department of the Authorisation and Public Administration Office of the Ministry of Economy and Transportation (1024 Budapest, Margit krt. 85.)
- Entry No in the data protection register: 01098-0001, 01098-0002, 01098-0003, 01098-0004
- Name of the authority making the entry into the register: Court of Csongrád County as Court of Registration (6722 Szeged, Tábor u. 4.)
- Contact of the service provider and its regularly used E-mail address established to keep contact with users: firstname.lastname@example.org
- Telephone number: +36-20-9000-864, +36-62-451-691
- Data management entry no.:01098-0001, 01098-0002, 01098-0003, 01098-0004
3. The scope of personal data, and the purpose, legal title and duration of data management
Personal data may be managed by the Service Provider pursuant to Article 5 (1) a) Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Information Act), i.e. when the data subject has given his consent, and pursuant to Act CVIII of 2001 on certain issues of electronic commerce services and information society.
The Service Provider does not check the authenticity personal data provided as that is the exclusive responsibility of the person providing the data, the User, or the contracting party. By providing his email address, the User assumes responsibility that only he will use the service from the email address provided. With regards to this, the User providing the email address will be exclusively responsible for all actions related to the logins with that specific email address.
For technical reasons and for the purpose of preparing statistics on user behaviours, during each User visit to the website, the Service Provider records the User’s IP address, the starting and ending times of the visit, the title of the page viewed, and the type of the web browser and the operating system of the User. These data are automatically logged by the system and are not linked to any other data entered during registration or use. Only the Service Provider will have access to the data thereby recorded. Such data are stored by the server for 4x24 hours.
The html code of the services include links from and to external servers independent from the Service Provider. External servers help the independent measurements and auditing of the number of visitors and other web analytics data of the Website (Google Analytics). For more information on the management of web analytics data, please consult the Data Manager at
To facilitate customised service, the Service Provider and the specific external service providers store and retrieve a cookie, a small data package on the User’s computer. If the web browser returns a previously stored cookie, the service provider managing the cookie may establish a link between the data stored during the current visits of the User and those store earlier, but only for the purpose of its own content.
Most web browsers have a Help function available from the menu to provide the User with information on how to
- block cookies,
- accept new cookies,
- instruct you web browser to configure a new cookie, or
- turn off other cookies.
If the User does not want Google Analytics to measure the above data in the methods and for the purpose describe above, the User needs to install an addon that blocks it.
The Service Provider uses the following cookie:
- Session cookies: these are automatically deleted after the User’s visit. These cookies are designed to help the Website of the Service Provider function more efficiently and safely; therefore, these are inevitable for the appropriate operation of specific functions or certain applications.
- Persistent cookies: the Service Provider also uses persistent cookies for better user experience (e.g. optimised navigation). These cookies are stored for a longer period of time in the cookie file of the web browser. The exact time period depends on the individual setting of the User’s web browser.
- Cookie used for password protected sessions.
- Cookie needed for the shopping cart.
- Security cookie.
The Website uses the codes of the following websites that (may) store cookies on the visitor’s device:
- Facebook pixel code enabling the Service Provider to display ads for website visitors on Facebook.
- Google Analytics enabling the Service Provider to collect Website statistics on visitors.
- RTB House code enabling the Service Provider to display ads to Website visitors in the RTB House network.
- Scarab code enabling the Service Provider to display customised offers to Website visitors.
- DoubleClick adserver code.
- Visual Website Optimizer, Crazyegg and FindGore codes enabling the Service Provider to analyse browsing behaviour of Website visitors.
The data logged by the Service Provider and the data acquired from the information on user behaviours via cookies are used for statistical purposes only.
3.2. Shop registration
The following data must be submitted to the Service Provider during registration
Under the menu item “Personal and profile data”
- Mobile phone number
- Date of birth (not required)
Under the menu item “Shipping address”
- ZIP code
- Street address
The gender of the User, which is not a required field.
These data are managed by the Service Provider to identify the User and the orders and to deliver the orders. The email address is required for order confirmation and other communications. In addition, a separate shipping address may be specified. The data are required for shipping and billing as well as communication.
The login password is generated and sent to the User in an email by the system. The password may be changed after successful login under the menu item “My Data”. You can change your personal data under My Data.
Personal data are deleted from the system by the Service Provider upon request or after five years of user inactivity.
The provision above does not affect compliance with data retention obligations required by law (e.g. on accounting) and additional data management based on registration or other consent provided by the User.
Users may request their personal data to be deleted via email to email@example.com or firstname.lastname@example.org. Personal data are removed from the system within 5 working days following the receipt of the request.
Users can subscribe to the electronic newsletter generally sent every week under My Data on the Website or via other interfaces provided by the Service Provider on an ad hoc basis.
You can unsubscribe from the newsletters by clicking the link at the end of the newsletter or under My Data of the webshop.
Only registered users can make comments on the forum. When registering, you are required to enter your name and password and the email address.
These data are required to identify certain users and distinguish them from others. Email is also used for communication.
You may enter a public email address and your date of birth, upload an image, prepare a personalised text signature and enter your own website address, occupation, hobbies, home town, availability data (ICQ number) and training specific data (workout aptitude, biceps size, bench press weight, favourite exercise, etc.). You may elect to disclose such data to other registered users. Such data help users get in touch and communicate with each other.
The provisions of 3.6. hereunder also applies to using the forum.
You can change your personal data under the profile menu My Data.
You may request your personal data to be deleted by email to email@example.com. Personal data are deleted from the system by the Service Provider upon request or after five years of user inactivity.
Should you have any question or issue when accessing our services, please contact the Service Provider at the contact information specific in Section 2 above.
The Service Provider agrees to delete all incoming emails with the names and email addresses (and any other voluntarily entered data) of the sender after a maximum period of 90 days following the settlement of the case.
3.6. Content and information sharing
The Service Provider may not be held liable for the content submitted by the User and only stored by the Service Provider. This especially holds true for the disclosure of documents containing personal data (portrait photo, voice recording), or other related data management operations where the User’s prior consent is needed.
Users are responsible for obtaining such consent and for the content disclosed. The Service Provider any and all liability for the lawfulness (e.g. photo) and truthfulness (e.g. classified) of the content disclosed by the Users while using the Service.
If a User deletes his profile or the profile is deleted, the content disclosed is also removed.
4. Data Processing
Primarily the Service Provider and its internal employees are authorised to view the data. However, they will not disclose such data to any third party.
The Service Provider may employ a data processor (e.g. system operator, accountant).
If an order is placed, the name, address, shipping address and phone number entered are transferred along with the order data by the Service Provider to the following Data Managers:
- GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. (2351 Alsónémedi, GLS Európa u. 2.) for shipping purposes, if the User request courier service;
- Consist Kft. (6725 Szeged, Vadmacska u. 10.) for bookkeeping purposes;
- dr. Eva Karsay sole trader (6720 Szeged, Kölcsey u. 4.) for the purpose of performing audit duties as stipulated in Article 43 of Act IV of 2006 on Business Associations.
5. The method of storing personal data and data management security
The Service Provider performs personal data management tasks related to the website primarily at its registered office. The servers are located at the company’s registered office and the Data Centre of Rackforest Kft. (1108 Budapest, Kozma u. 2). The Service Provider stores personal data on dedicated servers under 24/7 security.
The Service Provider ensures protection of the security of data management via technical, administrative and organisational means that offers an appropriate level of protection in line with the risks associated with data management.
The IT system and network of the Service Provider is protected against computer fraud, spying, sabotage, vandalism, fire, flood, computer viruses, computer intrusions and denial of service attacks. The Service Provider guarantees security via server and application level protection procedures.
Regardless of the protocol used (email, web, ftp, etc.), electronic messages transmitted over the Internet are vulnerable to network threats that lead to fraudulent activities, challenging the contract as well as disclosing and changing information. The Service Provider shall make all reasonable efforts to provide protection against such threats. The Service Provider monitors the systems to record all security discrepancies and provide evidence in all security events. In addition, system monitoring provides an opportunity to verify the efficiency of the safety measures employed.
6. User’s rights and remedial options
6.1. The right to be informed
The User may request information on the personal data managed by the Service Provider and relevant to the User by email sent to firstname.lastname@example.org or by regular mail.
Upon a request by the User, the Service Provider will provide information on the user-relevant data it manages, the purpose and legal grounds for data management, its duration and the parties that receive(d) such User data as well as the purposes thereof. The Service Provider will provide the requested information in writing within 30 days from the date the User’s request was submitted.
The User may direct any question or comment on data management to the employee of the Service Provider via the contact information designated hereunder.
6.2. The User may request its data to be deleted, corrected or blocked
The User is entitled to request the correction or deletion of any incorrectly recorded data via any of the contact information listed hereunder. The Service Provider will delete the data within 5 working days from their receipt, in which case they cannot be restored. The deletion of the data does not affect data management required by law (e.g. accounting regulations), which data the Service Provider will retain as required.
In addition, the User may request his data to be blocked. The Service Provider blocks the personal data if requested by the User or, based on the information available, it is assumed that deletion of such data would violate the User’s rightful interests. The personal data thereby blocked may only be managed until the data management objective that excluded the option of data deletion exists.
Those to be informed about the correction, blocking and deletion of data will include the User and all other parties to whom the data has been transferred for the purpose of data management. Such notification may be omitted if such omission does not violate the rightful interest of the User with regards to the purpose of the data management.
If the Service Provider fails to fulfil the User’s request for correction, blocking or deletion, the Service Provider shall state the factual and legal reasons for rejecting such request in writing within 30 days following the receipt of the User’s request.
6.3. The User may object to his personal data being managed
The User may object to his personal data being managed. Within the shortest possible time but no later than 15 days from the date such objection is submitted, the Service Provider shall investigate the case, make a decision and inform the requesting User about the decision in writing.
The User may exercise its rights using the contact information listed in Section 2 above.
6.4. Based on the Information Act and Act V of 2013 on the Civil Code may
- contact the Hungarian National Authority for Data Protection and Freedom of Information (
Felügyeleti hatóság: Nemzeti Adatvédelmi és Információszabadság Hatóság
székhely: 1055 Budapest, Falk Miksa utca 9-11.
levelezési cím: 1374 Budapest, Pf. 603.
telefon: +36 1 391-1400
fax: 36 1 391-1410
honlap: https://naih.hu/), or
- enforce his rights before a court of law.
Should the User have entered the data of a third party for the utilisation of the service, or have caused any damage while using the website, the Service Provider is entitled to seek compensation against the User. In this case, the Service Provider will provide all reasonable assistance to the acting authorities for the purpose of establishing the identity of the injurious person.
7. Other cases of data management
We hereby inform users that the court, the prosecutor and the investigating authority may contact the Service Provider to request the supply or transmission of information, data or documents (Article 71 of Act XIX of 1998 on Criminal Proceedings). The Service Provider will release data to the authority specifying the objective and the scope of data only in the quantity and to the extent absolutely necessary for the authority to achieve the objective for which it contacted the Service Provider.
The Service Provider reserves the right to unilaterally amend this Data Protection Bulletin as long as the Users are notified in advance via the website of the Service Provider. After the amendment goes into effect, the User accepts the content of the amended Data Protection Bulletin by implied behaviour upon using the Website.
This Data Protection Bulletin becomes effective as of 01.01.2017.
The Data Protection Bulletin of the Website can be accessed and downloaded from here.