Privacy Policy

COLORON / Medicontur Kft.

  1. Fundamentals

Effective: from 01 August 2024. 

Data Controller: Medicontur Medical Device Limited Liability Company (address: 2072 Zsámbék, Herceghalmi út 1; company registration number: 13-09-060398; tax number: 10253993-2-13; hereinafter: Medicontur or data controller).

Contact details of the data controller: See sections 8 of this Privacy Policy.

  1. Purpose of Data Processing

This Privacy Policy provides detailed information on the data management policies applicable to the websites
https://coloron.eu/,
https://coloronlens.com/,
https://www.colorvisioncheck.com/,
https://www.colorvisiontraining.com/
and all associated websites and (sub)domains (hereinafter collectively referred to as: Website).

Medicontur has compiled, updates, and communicates this Privacy Policy to the users of the Website (hereinafter: you / user / data subject) in accordance with the General Data Protection Regulation (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR). 

The processing of data will always be carried out in accordance with the GDPR provisions.

Due to legal and/or organizational reasons, this Privacy Policy may change. Therefore, we recommend regularly checking this Privacy Policy and reading the current version. The updated and effective version of the Privacy Policy will always be available on the Website at https://coloronlens.com/adatvedelmi-tajekoztato/.

Medicontur processes your personal data for the following purposes:

  • Contractual purposes;
  • Legal purposes;
  • Marketing purposes;
  • Legitimate interests;
  • Diagnostic and research purposes;
  • And other purposes.

Personal data processing takes place electronically and manually within the necessary limits to achieve the above-outlined purposes.

  1. Specific Purposes, Scope, and Legal Basis of Data Processing
    1. Data Processed for Contractual Purposes
      1. Purpose of Data Processing

Medicontur processes your personal data to enable the provision of services and the sale of products available on the Website. Data processing is particularly necessary (but not exclusively) for the following purposes:

  • Registration on the Website and the creation of a personal account;
  • Provision of services available through the Website (e.g., managing the registration process and access to the account, account management, reminders about products in the shopping cart, etc.);
  • Managing the sale and online ordering of products and making services and products available;
  • Processing payments and electronic payments, including the provision of references to invoicing obligations;
  • Providing sales and after-sales services, including fraud prevention, returns, warranties, and customer service availability, as well as operational communication related to assistance during or after service provision or product sales;
  • Fulfilling user requests, including handling information requests, back-in-stock notifications; 
  • And other purposes.
      1. Scope of Processed Data
        1. Directly Collected Data
  • During the registration process, account creation on the Website, or the finalization of an order identifying information such as:
    • Family name and first name
    • Username
    • Email address
    • User ID
    • Password
    • Gender
    • Country of residence
    • Postal address
    • Phone number
  • Financial and credit card data required for purchasing products through the Website;
  • Information you send to Medicontur or requested by Medicontur, related to issues with our services or products available on the Website.
        1. Indirectly Collected Data
  • Data indirectly provided by you or from other sources, cookie data, navigation information, information from automatic tracking systems, other data and information (not directly provided by you). The linkage of indirectly collected data to a user is only possible occasionally and randomly. Based on indirectly collected data, identification is only possible if these data are combined with other (personal) data. Specifically, the following data is collected during Website use:  
    • The IP address or other unique identifier of the devices used to browse the Website;
    • Information on whether the user is registered or not;
    • Technical information, such as URL;
    • Browser data;
    • Language.
      1. Legal Basis for Data Processing

Medicontur processes your personal data for the purpose of fulfilling a contract, providing services, and selling products based on 

  • Your consent, pursuant to Article 6(1)(a) of the GDPR;
  • The necessity of fulfilling a contract, pursuant to Article 6(1)(b) of the GDPR;
  • Other applicable laws,

within the limits strictly necessary to carry out similar economic activities.

Data processing is necessary for the fulfillment of a contract for product sales and service provision. If you do not wish to have your personal data processed for contractual purposes, Medicontur will not be able to provide the required products and services.

    1. Data Processed for Legal Purposes
      1. Purpose of Data Processing

Medicontur must process your personal data to comply with applicable laws. Data processing is particularly necessary (but not exclusively) for the following purposes: 

  • Compliance with laws, regulations, protocols, and other legal requirements at national, EU, and international levels;
  • Execution of authorities’ decisions.
      1. Scope of Processed Data
        1. Directly Collected Data
  • During the registration process, account creation on the Website, finalization of an order, or participation in loyalty programs, contests, and other events, identification information such as:
    • Family name and first name
    • Username
    • Email address
    • User ID
    • Password
    • Gender
    • Country of residence
    • Postal address
    • Phone number
  • Financial and credit card data required for purchasing products through the Website;
  • Information you send to Medicontur or requested by Medicontur, related to issues with our services or products available on the Website.
        1. Indirectly Collected Data
  • Data indirectly provided by you or from other sources, cookie data, navigation information, information from automatic tracking systems, other data, and information (not directly provided by you). The linkage of indirectly collected data to a user is only possible occasionally and randomly. Based on indirectly collected data, identification is only possible if these data are combined with other (personal) data. Specifically, the following data is collected during Website use:  
    • The IP address or other unique identifier of the devices used to browse the Website;
    • Information on whether the user is registered or not;
    • Technical information, such as URL;
    • Browser data;
    • Language;
    • For security reasons, general information about the use of the Website, including, for example, certain log files; and
    • For security reasons, information about payment transactions.
      1. Legal Basis for Data Processing

Medicontur processes your personal data for 

  • Compliance with legal obligations, pursuant to Article 6(1)(c) of the GDPR; and 
  • Other applicable laws.

Data processing for legal compliance is necessary under applicable laws and regulations. If you do not wish to have your personal data processed for legal compliance, you will not be able to use the Website.

    1. A Data Processed for Marketing Purposes
      1. Purpose of Data Processing

Medicontur processes your personal data to improve the provision of services and the sale of products available on the Website, as well as for other marketing, segmentation, and profiling purposes. Specifically: 

  • For segmentation purposes, you may allow segmentation activities tailored to your needs, including handling personal data related to purchase volume, product categories, date of birth, and purchase methods;
  • For profiling purposes, you may permit the use of cookies and other technologies to collect data on your interests, preference analysis, personalized service provision, and targeted marketing messages, including the pages viewed on the Website, products viewed on the Website, and other cookie data; 

(Hereinafter collectively referred to as: data processed for marketing purposes).

Medicontur purposes of data processing are in particular (but not exclusively) the following:

  • Send commercial and promotional communications and periodic updates (e.g., via email, phone, SMS/MMS, postal mail, social networks, and newsletters) regarding Medicontur products, services, initiatives, and other events;
  • Provide opportunities to join Medicontur loyalty programs;
  • Enable participation in contests, sweepstakes, and initiatives organized by Medicontur;
  • Conduct statistical analyses of customer base;
  • And other marketing purposes.
      1. Scope of Processed Data
        1. Directly Collected Data
  • During the registration process, account creation on the Website, finalization of an order, or participation in loyalty programs, contests, and other events, identification information such as:
  • Username
  • Email address
  • User ID
  • Postal address
  • Phone number.
        1. Indirectly Collected Data
  • Data indirectly provided by you or from other sources, cookie data, navigation information, information from automatic tracking systems, other data, and information (not directly provided by you). The linkage of indirectly collected data to a user is only possible occasionally and randomly. Based on indirectly collected data, identification is only possible if these data are combined with other (personal) data. Specifically, the following data is collected during Website use:  
  • The IP address or other unique identifier of the devices used to browse the Website;
  • Information on whether the user is registered or not;
  • Technical information, such as URL;
  • Browser data;
  • Language;
  • Navigational and statistical information, cookie data, information from automatic tracking systems and other data and information related to the use of the Website in order to improve your browsing experience and to maintain the proper functioning of the Website.
      1. Legal Basis for Data Processing

Medicontur processes your personal data for the purpose of fulfilling a contract, providing services, and selling products based on: 

  • Your consent, pursuant to Article 6(1)(a) of the GDPR;
  • Medicontur’s legitimate interests, pursuant to Article 6(1)(f) of the GDPR;
  • Other applicable laws,

within the limits strictly necessary to carry out similar economic activities.

Medicontur processes data for marketing purposes to improve the provision of services and the sale of products available on the Website, as well as for other marketing purposes, based on its legitimate interests. 

The following aspects are considered when determining legitimate interests:

  • Your consent to this Privacy Policy and/or cookie policy;
  • The limited amount of personal data processed;
  • Providing services and products more suited to your needs;
  • Sending offers that better match your profile and are relevant;
  • Optimizing marketing messages; and
  • Data processing within borders that is strictly necessary for the performance of similar economic activities.

Data processing for marketing purposes is discretionary, meaning you decide whether to give your prior consent to data processing; furthermore, you have the right to withdraw any previously given consent later. In this case, Medicontur will not send you marketing messages about its products, services, and initiatives.

    1. Data Processed for Legitimate Interests
      1. Purpose of Data Processing

Medicontur processes personal data for legitimate interest purposes, including (but not limited to) the following:

  • Assertion and defense of legal claims related to Medicontur, its affiliates, representatives, shareholders, officers, and directors in court, administrative, or out-of-court proceedings;
  • Ensuring the technical management and functioning of the Website and its operational functions, including solving technical problems, conducting tests, and carrying out updates that cannot be performed without personal data;
  • Prevention or detection of fraudulent activities or misuse concerning the Website or Medicontur and/or the users of the Website;
  • Potential mergers, asset sales, transfers of business operations in whole or in part, or financial transactions involving the sharing and transfer of personal data to the third party or parties involved in the transaction;
  • Conducting surveys and market research related to Medicontur products and services, by mail, phone, or email;
  • Anonymizing personal data for statistical analysis.
      1. Scope of Processed Data
        1. Directly Collected Data
  • During the registration process, account creation on the Website, finalization of an order, or participation in loyalty programs, contests, and other events, identification information such as:
    • First and family name
    • Username
    • Email address
    • User ID
    • Password
    • Gender
    • Country of residence
    • Postal address
    • Phone number
    • Financial and credit card data required for purchasing products through the Website;
    • Information you send to Medicontur or requested by Medicontur, related to issues with our services or products available on the Website.
        1. Indirectly Collected Data
    • Data indirectly provided by you or from other sources, including cookie data, navigation information, information from automatic tracking systems, other data, and information (not directly provided by you). The linkage of indirectly collected data to a user is only possible occasionally and randomly. Based on indirectly collected data, identification is only possible if these data are combined with other (personal) data. Specifically, the following data is collected during Website use:
      • The IP address or other unique identifier of the devices used to browse the Website;
      • Information on whether the user is registered or not;
      • Technical information, such as URL;
      • Browser data;
      • Language;
      • General information about the use of the Website for security reasons (including, for example, certain log files);
      • Information about payment transactions for security reasons.
      1. Legal Basis for Data Processing

Medicontur processes your personal data 

  • For the purposes of asserting its legitimate interests, pursuant to Article 6(1)(f) of the GDPR; and 
  • Other applicable laws. 

The following aspects are considered when determining legitimate interests:

  • Your consent to this Privacy Policy and/or cookie policy;
  • The limited amount of personal data processed;
  • Providing services and products more suited to your needs;
  • Sending offers that better match your profile and are relevant;
  • Optimizing marketing messages. 

Medicontur’s processing for its own legitimate interests is limited to what is strictly necessary for the performance of similar economic activities. Consent to such processing is not mandatory: you may object to the processing at any time by the means set out in point 8 of this Privacy Notice. In this case, Medicontur will (if the processing was carried out on the basis of Article 6(1)(f) GDPR only) stop the processing, unless Medicontur proves the existence of a legitimate interest or Article 21 GDPR. 

    1. Data Processed for Diagnostic and Research Purposes
      1. Purpose of Data Processing

The purpose of data processing is to ensure that the Website, and in particular the

websites and all websites and (sub)domains linked to these websites,

  • to provide you, your legal representative and/or your treating physician with diagnostic information about the type and severity of your possible colour mismatch; the association of your colour mismatch with other data; the remedies available; and other information for diagnostic purposes related to your colour mismatch;
  • To conduct research to refine and develop our data, taking into account your legitimate interests, to provide you with more accurate information;
  • To conduct research to develop effective aids for potential colour vision deficiency for you and others.
      1. Scope of Processed Data
        1. Directly Collected Data
  • Data provided through tests and/or diagnostic tools available on the Website, particularly at https://www.colorvisioncheck.com/ or https://www.colorvisiontraining.com/, or during the registration process; any identifying information provided during the account creation process on the Website, such as
    • Family name and first name
    • Username
    • Email address
    • User ID
    • Password
    • Gender
    • Place and date of birth
    • Country of residence
    • Profile picture
    • Postal address
    • Phone number
  • Special data (“Special data refers to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation”):
    • Type of color vision deficiency
    • Severity of color vision deficiency
    • Information on family history related to color vision deficiency
    • Information on other eye conditions
    • Information on dyscalculia or dyslexia
    • Information on glasses worn (color correction and/or diopters)
    • Information on past and current use of color correction glasses and their types
    • Test results, particularly scores obtained on https://www.colorvisiontraining.com/, responses to individual trials, data collected on https://www.colorvisioncheck.com/, saturation, type, severity information, and any test data collected on the Website (e.g., reaction time, click position, etc.).
  • Other diagnostic or special data. 
        1. Indirectly Collected Data
  • Data indirectly provided by you or from other sources, including cookie data, navigation information, information from automatic tracking systems, other data, and information (not directly provided by you). The linkage of indirectly collected data to a user is only possible occasionally and randomly. Based on indirectly collected data, identification is only possible if these data are combined with other (personal) data. Specifically, the following data is collected during Website use:  
            • The IP address or other unique identifier of the devices used to browse the Website;
            • Information on whether the user is registered or not;
            • Technical information, such as URL;
            • Browser data;
            • Language;
            • General information about the use of the Website for security reasons.
      1. Legal Basis for Data Processing

Medicontur processes your personal data 

  • based on your consent, pursuant to Article 9(2)(a) of the GDPR, 
  • for preventive or occupational medicine, assessing an employee’s working capacity, medical diagnosis, providing health or social care or treatment, or managing health or social care systems and services (particularly considering the attending physician’s recommendation), pursuant to Article 9(1)(h) of the GDPR, 
  • based on public interest in the field of public health, such as ensuring high standards of quality and safety of healthcare and medical devices, pursuant to Article 9(2)(i) of the GDPR, and
  • other applicable laws.

The user may object to such data processing at any time through the channels specified in section 8 of this Privacy Policy. In such a case, Medicontur will cease processing the data and delete it.

  1. Duration of Data Processing

Medicontur processes personal data as follows: 

  • Contractual purposes and legitimate interest purposes: Personal data processed for these purposes is retained for the duration of the relevant contract (e.g., Website account, product sales, service provision) and for 8 years following the completion of the sale or the provision of the service.
  • Legal purposes: Personal data processed for legal compliance is retained for the period necessary to fulfill applicable legal requirements.
  • Marketing purposes: Personal data processed for marketing purposes is retained for 8 years from the last product sale to the user and/or the last contact with the user (e.g., subscribing to a contest, participating in an event, opening a newsletter).
  • Diagnostic and research purposes: Personal and special personal data processed for diagnostic and research purposes are retained until the diagnostic and research purposes are achieved, after which the data is anonymized.
  1. Data Processors, Data Access, and Data Transfers

Personal data provided by the user may be accessed by Medicontur employees as necessary to perform the tasks required to achieve the purposes described in this Privacy Policy.

Medicontur may share the user’s personal data with the following natural or legal persons and/or other organizations:

  • Medicontur’s e-payment service providers for successful completion of orders on the Website: 
    • Barion Payment Zrt. (address: 1117 Budapest, Irinyi József utca 4-20, 2nd floor; tax number: 25353192-2-43; company registration number: 01 10 048552; contact: +36 1 464 70 99)
    • PayPal (Europe) S.à r.l. et Cie S.C.A. Payment Zrt. (address: 22-24 Boulevard Royal L-2449 Luxembourg; tax number: LU22046007; company registration number: R.C.S. Luxembourg B 118 349; contact: enquiry@paypal.com)
  • Third parties providing services, assistance, or advice to Medicontur, particularly (but not exclusively) in the fields of technology, accounting, administration, law, insurance, IT, marketing, and data analysis;
  • Authorities or organizations whose access to personal data is mandated by law.

These persons or organizations may act as data controllers or data processors, depending on the circumstances. The full list of data controllers and data processors can be obtained by request from Medicontur via the contact methods provided in section 8 of this Privacy Policy. 

Medicontur is not authorized to transfer the user’s personal data to other natural or legal persons and/or organizations. 

  1. Data Security

Medicontur is committed to protecting users’ personal data. All personal data provided by users is stored on secure servers, with appropriate security measures in place to protect personal data from unauthorized access, maintain the integrity of personal data, and ensure the proper use of information.

Medicontur uses a secure system for authorizing credit card payments and identifying fraudulent activities. Medicontur employs standard SSL (Secure Sockets Layer) technology to protect the confidentiality of users’ personal data.

Since one of the key mechanisms for successful data protection is choosing an appropriate password, it is the user’s responsibility to use a sufficiently secure password, store it in a protected location, limit access to their computer and browser, and log out of the account after visiting the Website.

In the case of data transfers outside the European Union to countries deemed inadequate by the European Commission, Medicontur has implemented appropriate and suitable safeguards to protect personal data. Accordingly, data transfers are carried out in compliance with the requirements and obligations set forth by GDPR Articles 44 and subsequent provisions. For further information about these safeguards and how to access copies of them, users can contact Medicontur using the communication channels listed in section 8 of this Privacy Policy.

  1. User Rights

The user can exercise the following rights at any time through the contact methods provided in section 8 of this Privacy Policy. Medicontur will respond within a reasonable timeframe and in accordance with applicable laws after verifying the user’s identity: 

  1. Request confirmation from Medicontur about the existence of personal data; request information about the content and source of such data; check the accuracy of the data; request the integration, update, or modification of the data;
  2. Request the deletion, anonymization, or restriction of processing of personal data processed in violation of applicable laws;
  3. Object in whole or in part to the processing of personal data for legitimate reasons;
  4. Withdraw consent to data processing (if and to the extent that data processing is based on consent);
  5. Request restriction of processing of personal data if
    • The user disputes the accuracy of the personal data until Medicontur has taken the necessary steps to correct or verify its accuracy;
    • Data processing is unlawful, but the user does not want their personal data deleted;
    • Medicontur no longer needs the user’s personal data for processing purposes, but the user needs it to present legal claims, exercise rights, or defend legal claims; or
    • The user has objected to data processing based on legitimate interests, until it is determined whether Medicontur has compelling legitimate grounds to continue processing the data;
  1. Object to the processing of personal data based on legitimate interests unless Medicontur demonstrates compelling legitimate grounds for the processing or the need to present legal claims, exercise rights, or defend legal claims; 
  2. Request the deletion of personal data without undue delay;
  3. Request an electronic copy of personal data if the user wants to transfer the data to themselves or another service provider, and if Medicontur processes the data based on the user’s consent or the necessity of providing services and if the personal data is processed automatically; and
  4. Submit a complaint to the competent data protection supervisory authority.
  1. Contact Information of the Data Controller 

If you have any questions or comments regarding this Privacy Policy or any data processing carried out by Medicontur, you can use the following contact options: 

  • Email: info@coloron.eu
  • Postal address: Budapest, Daróczi út 80, 1113
  • Website: https://coloron.eu/
  1. Cookie Policy 
    1. Purpose of Cookie Usage

A cookie is a small text file, typically consisting of letters and numbers, that is transmitted and stored on the device used by the user (computer, mobile phone, etc.) for a specified period as determined by the operator.

    1. Cookies Collected on the Website
      1. Essential (technical) cookies
  • Purpose of data collection: Ensuring the proper functioning of the Website.
  • Collected cookies and duration of data processing:
    • OCSESSID: This cookie stores the user’s session ID on the Website; data processing duration: until the browser is closed.
    • elementor: This cookie is installed due to the Website’s WordPress design. It allows the Website owner to make instant modifications to the Website; data processing duration: none.
    • wpEmojiSettingsSupports: WordPress installs this cookie when a user interacts with emojis on a WordPress site. This cookie helps determine if the user’s browser can properly display emojis; data processing duration: until the browser is closed.
    • csrftoken: This cookie is associated with the Python Django web development platform. It serves to protect the Website from Cross-Site Request Forgery (CSRF) attacks; data processing duration: 1 year.
  • Essential cookies are installed and collected by Medicontur and/or third parties.
  • Medicontur only uses essential cookies to provide the basic functions of the Website; the user can set their browser to block these cookies, but as a result, some parts or the entire Website may not function properly.
      1. Analytical cookies
  • Purpose of data collection: Collecting statistical data to analyze Website usage and view traffic sources.
  • Collected cookies and duration of data processing:
    • ga*: Installed by Google Analytics to count and store Website visits; data processing duration: 1 year, 1 month, and 4 days.
    • _ga: Installed by Google Analytics to count visitor data, session, and campaign data, and to track Website usage for the Website analytics report. Storage is done anonymously using a randomly generated number assigned to the user; data processing duration: 1 year, 1 month, and 4 days.
  • Analytical cookies may be collected anonymously.
  • Analytical cookies are installed and collected by Medicontur and/or third parties.
  • In order to enable you to make a more informed choice about whether or not to consent to cookies collected by third parties, please read carefully the relevant Google privacy policy (https://policies.google.com/privacy?hl=en-US).
      1. Functional cookies
  • Purpose of data collection: Providing services available on the Website and improving the user experience.
  • Collected cookies and duration of data processing:
    • language: This cookie stores the user’s language preferences; data processing duration: 1 month.
    • pll_language: The Polylang plugin uses this cookie to remember the user’s selected language when they return to the Website; data processing duration: 1 year.
    • currency: This cookie stores the user’s currency preferences; data processing duration: 1 month.
  • Functional cookies are installed and collected by Medicontur and/or third parties.
  • Refusing or withdrawing consent to the collection of functional cookies does not prevent access to or browsing of the Website. 
    1. Consent to and Rejection of Cookie Data Processing, Deletion of Cookie Data

Essential cookies are automatically installed when the Website is opened without requiring consent.

The user can enable the processing of analytical and functional cookies through the “cookie policy” settings found in the Website footer or—if the cookie data has not been recorded or the data has been deleted—through the “cookie banner” that pops up during Website use. The user can view and modify their preferences at any time through the “cookie policy” found in the Website footer.

If the user has consented to the processing of cookies, cookies collected before the possible withdrawal of consent can be deleted by the user through their browser settings. Below are guides on how to modify and delete cookie settings in the most commonly used browsers:

  • Google Chrome: 

https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB

  • Mozilla Firefox: 

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

  • Microsoft Edge: 

https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd

  • Szafari: 

https://support.apple.com/en-gb/guide/safari/sfri11471/mac

  • Internet Explorer: 

https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

    1. Access and Security

The collected cookie data is generally insufficient to identify individual users; in some cases, identification may be possible if the cookies are combined with additional information collected by Medicontur or third parties.

For cookies installed by Medicontur, Medicontur is responsible: Access to such cookie data is limited to personnel trained in data protection and authorized to process data. For cookies installed by third parties, cookie data may be collected and used by Medicontur and external parties contracted by Medicontur.

Medicontur encrypts all cookie data.