Magyar tervezés, és gyártás... Limitált darabszám!

Privacy and Data Management Information

Privacy and Data Management Information

 

  1. Introduction

This Privacy and Data Management Information (hereinafter referred to as information) aims to fix Albracon Kft (hereinafter referred to as a company)bloomhungary.comWebshop available at address (hereinafter referred to as a website) Related data protection and data management principles, so the stakeholders can receive adequate information on data, their source, the source, the source, the source, the purpose of data processing, the purpose of data processing, and the name and address of the data processing that may be included in the data processing on the activities related to data management and, in the event of the transmission of the personal data concerned, on the legal basis and addressee of the transmission.

 

  1. Applicable legislation
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) - for the protection of natural persons with regard to the management of personal data and the free movement of such data and repealing Regulation (EC) No 95/46 / EC General Data Protection Regulation, GDPR);
  • 2011 CXII of 2011 on information self-determination and information leave. law;
  • Act V, 2013 on the Civil Code (hereinafter referred to as PTK.);
  • Act C of 2000 on Accounting (hereinafter referred to as an account. TV.);
  • The XLVIII of 2008 on the fundamental conditions and certain limits of economic advertising activities. law;
  • 1995 CXIX on the management of name and address data for research and direct business acquisition. law;
  • The XLVII of 2008 on the ban on unfair commercial practice against consumers. law,
  • 2001 CVIII of 2001 on certain issues of electronic commerce services and information society services. law.
  • Cl. 2017 on the order of taxation Law (hereinafter referred to as Art.)

 

III. Definitions

The conceptual system of this information complies with the interpretative concepts set out in Article 4 of GDPR, in particular:

  • personal dataAny information concerning an identified or identifiable natural person ("concerned") can be identified by a natural person who is directly or indirectly, in particular an identifier such as name, number, positioning data, online identifier or natural person's physical, physiological, genetic, can be identified on the basis of one or more factors concerning the intellectual, economic, cultural or social identity;
  • data processing:Concerning the data management operations of personal data, performing technical tasks, automated or non-automated, regardless of the method and device used to perform operations and from the location of the application, provided that the technical task is carried out on the data.
  • Data Processor:the natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller;
  • data handling:all operations or operations carried out on personal data or data files, such as collection, recording, systematization, splitting, storage, transformation or alteration, query, insight, use, communication transmission, distribution, or otherwise accessible , coordination or interconnection, restriction, deletion or destruction;
  • Data Manager:the natural or legal person, public authority, agency or any other body, which defines the objectives and means of handling personal data independently or with others; If the objectives and assets of the data processing are defined by the Union or the law of the Member States, the specific aspects of the designation of the data controller or the data controller may also define the Union or the law of the Member States;
  • Data Transmission:Transferring personal data for other data controllers for non-data processing purposes;
  • Privacy Incident:an injury to security that results in accidental or unlawful destruction, loss, change, unauthorized disclosure or unauthorized access to the personal data transmitted or otherwise treated by transmitted, stored or otherwise treated personal data;
  • Palmination:Treatment of personal data in a way that can no longer be established without the use of additional information that the personal data relates to a specific natural person, provided that such additional information is stored separately and provided with technical and organizational measures to identify it or identifying natural persons this personal data can not be switched on;
  • The contribution of the person concerned:a voluntary, concrete and adequate information and clear information of the affected will by which the declaration concerned or confirmation by an unmistakable expression indicates that it gives its consent to address the personal data affecting him;
  • addressee:A natural or legal person, public authority, agency or any other body with whom or by which personal data is communicated, regardless of whether or not to a third party. The public power agencies which have access to personal data in accordance with EU or Member State law in accordance with EU or Member State law; Treatment of these data by these public authorities must comply with the applicable data protection rules in accordance with the objectives of the data processing;
  • third party:the natural or legal person, the public authority, agency or any other body which is not the same with the affectivity, the data controller, the data processor or the persons who have been authorized to handle personal data under the direct control of the data controller or data processor;
  • Special data:personal data on genetic and biometric data, health information and the sexual life or sexual orientation of natural persons and natural persons;
  • Profiliation:Any form of automated management of personal data in which personal information is analyzed to evaluate certain personal characteristics of a natural person, in particular to the performance, economic situation, health, personal preferences, interest, reliability, behavior, residence or movement related characteristics used for forecasting;
  • personal data:any information concerning identified or identifiable natural person ("concerned"); identifiable the natural person who is directly or indirectly, in particular an identifier, such as name, number, positioning data, online identification or the natural person's physical, physiological, genetic, intellectual, economic, cultural or social identity identifiable;

If the terms of the current GDPR are different from the terms of this information, the terms defined by law are governed by the terms.

 

  1. Principles of data management

4.1. Legality, fair process and transparency principle

The handling of personal data is legally and fairly and in a transparent manner for the person concerned. In order to legal data management, it must be based on the consent of the person concerned or have other legislation established by law.

Personal data can only be managed if the purpose of data management can not be achieved by other means.

Information and communication related to the handling of personal data must be readily accessible and understandable, it must be formulated with a clear, simple language.

In order to achieve decent and transparent data management, it is necessary to receive the information concerned of the facts and objectives of the data processing.

If personal information is collected directly from the person concerned, it is necessary to inform the person concerned whether it is obliged to communicate personal information and the consequences of failing to provide data. The information must be provided to the person concerned at the time of data collection.

If the data was not collected from the affected but other sources, the information shall be made available to the person concerned within a reasonable time limit. If personal data can be legally communicated to a different addressee, the part concerned shall be informed of this at the first communication.

The obligation to provide information is not required if this information is already in possession of the person concerned or if the recording or disclosure of personal data is explicitly required by a law or if the information concerned is impossible or requires disproportionate effort.

The person concerned must ensure that access to the company's personal information is free of charge, ask for their corrections and deletion and exercises the right to protest. The data controller is obliged to respond to the requested request without undue delay, but no later than 30, ie thirty days, or if the data controller does not comply with any claims concerned, it shall justify it.

 

4.2. Objective principle

Collection of personal data can only be made for a specific, clear and legitimate purpose. Treatment of personal data in a non-incompatible manner is prohibited.

Treatment of personal data for other purposes other than their collection is permitted only if data management is compatible with the original objectives of data management to which personal data were originally collected. This is necessary to examine in particular, but not limited to, the relationship between original and planned data management goals, the circumstances of data collection and the nature of personal data.

 

4.3. Data saving principle

Personal data management should be appropriate and relevant to the objectives, and the handling of personal data should be limited to the minimum required.

In order to enforce the principle, the data controller must carry out adequate technical and organizational measures such as adequate technical and organizational measures, such as falsehoods, which aims at the achievement of data protection principles and the incorporation of the guarantees necessary to protect the rights of the affected persons in the process of data management.

The Data Controller is obliged to carry out technical and organizational measures to ensure that only personal data is to be treated for the specific data management target. This obligation relates to the amount of personal data collected, their degree of treatment, duration and accessibility of their storage.

 

4.4. Precision principle 

Personal data collected by the data controller must be accurate and, if necessary, up-to-date. The data controller must take all reasonable measures to ensure immediate or correct personal data for the purposes of data management immediately.

In order to ensure the principle of accuracy, the data controller is obliged to check the accuracy of the data in the event of this applicable request for this concerned (correcting, deletion) and, if necessary, modify the marked personal information, delete it.

 

4.5. Limited storage principle 

in particular to the principle of purpose limitation enforcement must ensure that the storage of personal data is limited to the shortest possible period of time. In order to ensure that personal data are stored is limited to the period required, the data controller is obliged to establish a periodic review or cancellation deadlines.

Personal data must be kept in a form that the identification of affected is possible only as long as necessary to achieve the goals of the processing of personal data. storage of personal data for longer than this can only happen if the public interest for the purpose of archiving, statistical purposes or for the purpose of scientific and historical research done for the treatment of personal data.

 

4.6. Integrity and confidentiality principles

Personal data must be handled in such a way as to ensure the appropriate level of security and confidentiality, among others, in order to prevent unauthorized access to personal data and the instruments used to manage personal information or their unauthorized use.

In order to enforce the principle of the Data Management Company must employ a technical or organizational measures in the handling of personal data, the security of personal data to be relevant at all times. Within this data to provide necessary protection against unauthorized or unlawful processing, accidental loss, destruction or damage to it.

 

4.7. The Data Accountability 

The data controller is obliged detailed above principles to meet the processing of personal data and be able to verify compliance.

  

  1. the rights concerned

Affected exercise of the rights of the following ways:

 

5.1. Access right 

At the request of the affected Data Manager provides information as to the processing of personal data is in progress, if so, provide access to the data subject.

 

5.2. the right to rectification 

At the request of the concerned data controller shall correct inaccurate personal data concerning him without undue delay and complements the incomplete data.

 

5.3. Right to cancel

At the request of the affected Data Manager will delete the relevant personal data without undue delay if the following grounds applies:

  • If the purpose of processing has ceased or the statutory deadline has expired;
  • If the Affected withdraw its consent to data processing, and there is no other legal basis;
  • if the concerned objects to the data management and there is no legitimate reason priority;
  • when the treatment is unlawful;
  • If personal data is incomplete or incorrect, and this state can not lawfully be remedied;
  • Based on the provisions necessary to delete legislation;
  • If you ordered the authority to court.

In the event that the data controller has the personal information disclosure, which should be clear from the above, it shall, as far as opportunities - technical approach, implementation costs - to take any measures, which shall inform the other controllers in the deletion obligation.

Needless to delete your personal data in case of cancellation of the above reasons, if the data processing is required for one of the following cases:

  • freedom of expression and to exercise the right to orientation;
  • fulfillment of legal obligations for data controllers, to meet the public interest tasks conferred on Data Manager;
  • It can not delete the public interest for the purpose of affecting people's health health information as defined by law;
  • data management in the public interest for the purpose of archiving purposes or for statistical purposes, scientific and historical research is ongoing and valószínűsíthetetlenné or cancellation would seriously affect the data processing;
  • necessary legal requirements for dissemination, enforcement, and prosecution.

 

5.4. the rights of restriction

At the request of the person concerned, the data controller limits the handling of personal data if one of the following is satisfied:

  • The concerned disputes the accuracy of his personal data (in this case the restriction for the period of time allowing the data controller to check the accuracy of personal data);
  • the data controller no longer needs the personal data concerned, however, he requires them to the presentation, exercise or defense of legal claims;
  • The affected protested against data management, in which case the restriction applies to the period of time that the data controller will examine whether the legitimate interests of the data controller have priority to the legitimate justifications concerned.

During the restriction of data management, it is necessary to ensure that the data management operation can not be performed on the personal data. During the limitation of data management, personal data may only be addressed by the data controller, with the exception, enforcement, protection of the legal claim of the data controller or to protect the rights of other natural or legal persons or from the relevant public interest of the Union and a Member State.

In the event of limiting data management, the data controller informs the person concerned in advance.

 

5.5. Right to protest

Affected entitled at any time to object to the processing of personal data by a data controller, if the legal basis for its Data Management public interest or in the exercise of public authority conferred upon it, Data Manager, or third-party validation of legitimate interests. The right to protest can also be exercised by automated tools based on technical specifications by unsubscribe from the newsletter.

 

5.6. Right of data portability

Affected receive the right to articulate the relevant personal data which it has provided a Data Management available, widely used in machine-readable format and is entitled to this information forward without another controller, and that this would hamper the Data Manager, which You have made your personal information available to you.

 

5.7. Right to withdrawal

It is entitled to withdraw its contribution to the handling of the personal data of the person concerned at any time. The withdrawal of the contribution shall be without prejudice to the lawfulness of pre-consent data management based on the consent. Following the withdrawal of the contribution, the Data Controller shall delete personal data managed under the consent.

 

5.8. Concerned's right to remedy

In the case of a complaint about data management, if you have any request or questions about the data handling, you can send your request by post to the data controller's seat or electronically to the e-mail address indicated by the data controller's availability. We will send our answers without delay but within 30 (thirty) days to the address you requested.

Without prejudice to any other administrative or judicial remedies concerned with the national data protection and information freedom, if it considers that the data controller has infringed the discretion of its personal data, such as a decision relating to unlawful data management, data controller's data management, disagrees with information, data controller's late data service , omission - the legislation.

 

National Privacy and Freedom of Information Authority

mailing address:

1363 Budapest, Pf. 9.

title:

1055 Budapest, Falka Miksa utca 9-11.

phone:

+36-1-391-1400

fax:

+36-1-391-1410

e-mail:

ugyfelszolgalat@naih.hu

Website:

http://naih.hu/

 

The decision of the supervisory authority is subject to judicial remedies.

Affected entitled to if the data controller does not handle personal information in accordance with law, to go to court for Remedying. material and non-material damage caused by the unlawful treatment of the data controller is obliged to reimburse the affected. the outcome of the litigation is the responsibility of the Data Protection Tribunal. The lawsuit concerned - by choice - by the domicile or residence may initiate before the competent tribunals as well.

The list of tribunals - name, contact details - and the service is available on illetékességkeresőwww.birosag.huwebsite.

minors offensive, hateful, discriminatory content, rectification, deceased person's rights, infringements of rights violations affecting the reputation occurred between the National Media and Communications Authority.

 

National Media and Communications Authority

mailing address:

1525 Pf .: 75th

title:

1015 Budapest, Ostrom utca 23-25.

phone:

+36-1-457-7100

fax:

+36-1-356-5520

e-mail:

info@nmhh.hu

Website:

http://nmhh.hu

 

In cases where the data controller concerned violates the privacy rights of the illegal handling or breach of data security requirements of the data of the Target, the Target may claim grievance awards from the controller.

 

  1. Information and contact

The data controller is obliged reported data management nature, scope, conditions and goals, as well as natural persons, rights and freedoms of, perform appropriate taking into account the varying probability and severity of risk technical and organizational measures to ensure and demonstrate that the processing of personal data is carried out in accordance with data protection legislation . at all stages of data processing must comply with the relevant legal provisions and the purpose of the data processing.

technical and organizational measures applied to the legal data management will review and update, if necessary, the Data Controller.

in conjunction with the controller of the listed data:

 

name:

Albracon Kft

headquarter:

2120 Dunakeszi, Cluj-Napoca u. 38

Company registration number:

13-09-122763

Tax Number:

11444923-2-13

represents:

Majoros Zoltán Managing Director

His e-mail address:

bloomhungaryinfo@gmail.com

 

 

VII. Data Processing and availability

 

If other data management on behalf of the Controller, the Controller may only use such data processors who or which offer sufficient guarantees to implement measures to ensure compliance with the legislation on data management and protection of the data subject rights, appropriate technical and organizational.

When using the Data Processing ultimate responsibility for the data controller, the data processors who must be supervised to ensure that their decisions comply with data protection legislation.

in the context of the specified data processors:

 

7.1. data Processors

 

 

Name

headquarters

E-mail

Our role

E-mail service

Gmail

1600 Amphitheater Parkway, Mountain View, CA 94043

help@gmail.com

We will notify registrants and to keep in touch with them through this.

Storage

Shopify International Ltd.

2nd Floor 1-2 Victoria Buildings
Haddington Road
Dublin 4, D04 XN32
Ireland

 support@shopify.com

Websites
domains
They are stored in

Newsletter

Shopify International Ltd.

2nd Floor 1-2 Victoria Buildings
Haddington Road
Dublin 4, D04 XN32
Ireland

 support@shopify.com

Registrants will receive through this newsletter.

Courier service

GLS General Logistics Systems Hungary Kft Package Logistics.

 

2351 Alsónémedi, u GLS Europe. 2rd.

info@gls-hungary.com

They are delivered in the ordered products.

Online payment system

Ltd. Mobile OTP.

1143 Budapest, Hungary Boulevard 17-19.

ugyfelszolgalat@simple.hu

This is used for leveling the final amount of the order

Accounting program

NAV

Budapest, Dózsa György út 128, 1134

nav_kozpont@nav.gov.hu

this is done through the issuance of electronic invoice.

Conversion tracking, custom audience

Facebook Ireland Ltd.

4 Grand Canal Square

Grand Canal Harbor

Dublin 2

Ireland

datarequest@support.facebook.com

Facebook is done with the assistance of the conversion, as well as the creation of custom audiences.

Conversion tracking, custom audience

Pixel Facebook (Facebook Inc.)

1601 Willow Road, Menlo Park, CA 94025

datarequest@support.facebook.com

Facebook is done with the assistance of the conversion, as well as the creation of custom audiences.

Conversion Tracking

Google Analytics (Google LLC.)

1600 Amphitheater Parkway, Mountain View, CA 94043

support.google.com 

Google Analytics is the most advanced on the market, free website visitor analysis software.

 

 

VIII. DPO and availability

The data controller is not obliged to appoint a Data Protection Officer pursuant to Article 37 GDPR.

 

  1. Data management process

 

The data in the Data Manager to manage staff to the extent necessary to carry out essential functions only when the Controller employs staff. If employees are not employed, then the data controller's representative handles the data.

Please note that using external service providers on the web site icons (Facebook, Twitter, LinkedIn, Instagram) invited in connection with the Data Manager functions do not perform data management services, third-party data management of these cases the service provider.

 

9.1. When using the managed data Website 

managed data

Required?

Data management objective (what should the data)?

The legal basis for data management

Who can see the data?

Duration of Data Management

How to delete the data?

Name

obligatory

registration, identification

 

registration and, where relevant contribution Newsletter GDPR Article 6 (1) a) of the legal requirements and GDPR Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

the registration is canceled

 

or

 

Unsubscribe to Newsletter

 

 

Newsletter case of withdrawal of consent by using opt-out link in the newsletter

E-mail address

obligatory

registration, contact

fulfillment of contract GDPR Article 6 (1) b);

In case of contribution concerned Newsletter GDPR Article 6 (1) a) of the legal requirements and GDPR Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

the registration is canceled

 

or

 

Unsubscribe to Newsletter

e-mail

 

or

 

Newsletter case of withdrawal of consent by using opt-out link in the newsletter

Username

obligatory

identification

GDPR consent Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

the registration is canceled

by e-mail

Password

obligatory

identification

GDPR consent Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

the password is changed, but not later than the registration is canceled

by e-mail

Safe operation of technical data related Website

Automatic mandatory

During the operation of the web site is treated with the IP address of your computer or mobile device to the Target, the approximate geographical location, type and version of browser type and version, operating system, Web site activity carried out in the technical data.

the legitimate interests of the data controller GDPR Article 6 (1) f)

the controller authorized staff, authorized staff of the processors

1 year

Data is automatically deleted from the end of the treatment period

Conversion tracking related data by creating custom audiences

optional

The facebook.com site, the Store each of the elements, products, actions by the website itself or the sharing or liking

GDPR consent Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

the duration of data management, the manner or the cancellation and modification of the data potential control of the social networking site facebook.com applies:

http://www.facebook.com/legal/terms?ref=pf 

 

http://www.facebook.com/about/privacy/

 

9.2. treated in the context of order data

 

managed data

Required?

Data management objective (what should the data)?

The legal basis for data management

Who can see the data?

Duration of Data Management

How to delete the data?

Name / Company

obligatory

Exhibition of identification, account

In case of orders

fulfillment of contract GDPR Article 6 (1) b)

GDPR and regulatory requirements of Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

Accounting. TV. and required under Art.

8 years

destruction by the data controller

Address / Location

obligatory

Exhibition of identification, account

In case of orders

fulfillment of contract GDPR Article 6 (1) b)

GDPR and regulatory requirements of Article 6 (1)

the controller authorized staff, authorized staff of the processors

Accounting. TV. and required under Art.

8 years

destruction by the data controller

Tax number

In case of business

Exhibition of identification, account

In case of orders

fulfillment of contract GDPR Article 6 (1) b)

GDPR and regulatory requirements of Article 6 (1)

the controller authorized staff, authorized staff of the processors

Accounting. TV. and required under Art.

8 years

destruction by the data controller

Delivery Address

obligatory

identification, fulfillment delivery

In case of orders

fulfillment of contract GDPR Article 6 (1) b)

GDPR and regulatory requirements of Article 6 (1)

the controller authorized staff, authorized staff of the processors

Accounting. TV. and required under Art.

8 years

destruction by the data controller

Phone number

obligatory

identification, fulfillment delivery

In case of orders

fulfillment of contract GDPR Article 6 (1) b)

the controller authorized staff, authorized staff of the processors

invoices in respect of

Accounting. TV. and required under Art.

8 years

 

in other cases

Ptk. Based on five years of the general limitation period

destruction by the data controller

data on order

obligatory

identification, fulfillment of contract

In case of orders

fulfillment of contract GDPR Article 6 (1) b)

the controller authorized staff, authorized staff of the processors

Accounting. TV. and required under Art.

8 years

destruction by the data controller

other information specified in offer

optional

identification, fulfillment of contract

GDPR consent Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

Ptk. Based on five years of the general limitation period

destruction by the data controller

Anonymous Customer Satisfaction survey data specified in (a specific questionnaire answers some of the questions)

optional

You can help and provide you with a higher level of professional services by us feedback by filling out a questionnaire on the quality and your satisfaction with in our work.

GDPR consent Article 6 (1) a)

the controller authorized staff, authorized staff of the processors

Ptk. Based on five years of the general limitation period

destruction by the data controller

 

 

9.3. Newsletters and direct marketing, social media sites

 

Subscribe to the newsletter based on voluntary contributions.

 

name, description and purpose of the data processing

Send Newsletter

sign up to the newsletter, we can not control and do not determine the authenticity of the contact information that apply to private persons and undertakings of the given data. The businesses treat customers interact with us as partners.

 

The purpose of processing trade booklets, electronic messages, information, send newsletters containing advertisements, which can opt out at any time without consequences. You can also opt out without any consequences, if your business in the meantime disappeared, emerged from the company, or someone told us your contact information.

 

Newsletter will send you if you advance and you expressly consent (during registration and during the newsletter subscription in your name, e-mail address and a checkbox for assent filling) to reklámajánlatunkkal, tájékoztatásainkkal and other küldeményeinkkel specified in the registration e-mail address look for. It can contribute consequently to treat personal data necessary for that purpose. It shall provide the necessary information if you wish to receive newsletters, pursuant to the above. You can not send you our newsletter if no data.

The scope of Stakeholders

The newsletter subscribers.

The legal basis for data management

Your consent.

The purpose and scope of managed data

Last name

identify, contact, Email Newsletter

first name

identify, contact, Email Newsletter

E-mail address

identify, contact, Email Newsletter

Duration and delete data in the data management

Data management is done withdrawal of consent. Deleting the data takes place during the withdrawal of consent by the data subject. You may withdraw its consent to the data management by using the unsubscribe link on the newsletters sent out.

Who has access to your personal data?

  • Controller of authorized staff
  • Data Processing authorized staff

The data storage method

electronic

 

 

9.4. Complaint handling

Taking the complaint is based on voluntary contributions, but in relation to the data managed in the data management legislation - CLV of 1997. compulsory basis - the law.

name, description and purpose of the data processing

Complaint handling

Your complaint about the service or product data management behavior, act or omission may communicate in writing (by mail, e-mail). The management aims to identify relevant information and complaint must be recorded and the inclusion of information from the law, as well as making it possible to impart the complaint, as well as keep in touch.

The scope Éritettek

Every natural person who wishes complaint about a service or data management behavior, act or omission made in writing.

The legal basis for data management

The complaint handling process is initiated by voluntary contributions, but when complaints of data handling laws - CLV of 1997. TV. - statutory basis.

The purpose and scope of managed data

complaint ID

identification

place, time, mode of receipt of complaint

identification

His e-mail address

identification, communication

Personal data given by e-mail

identification

Last name

identification

first name

identification

Mailing address

contact

the subject of complaint

complaint handling

complaint contents

investigate complaints

attached documents

investigate complaints

reason for complaint

investigate complaints

Duration and delete data in the data management

Data management protocol recorded the complaint and a copy of the response and treats for the current 1997 for 5 years from the date of recruitment to. CLV. Based on Law 17 / A § (7), mandatory.

Who has access to your personal data?

  • Controller of authorized staff
  • Data Processing authorized staff

The data storage method

electronic, paper

 

 

9.5. Request for information

The request for information is based on voluntary contributions.

name, description and purpose of the data processing

Request information

You can ask questions in writing (by mail, e-mail) and data management services to the conduct of its activities. The objective is to provide data management and liaison with appropriate information for the person concerned.

The scope Éritettek

Every natural person who interacts with the Data Manager and specify personal information requests information from the controller.

The legal basis for data management

Your objective of data management in accordance with the voluntary consent to availability of course if granted the request for information, please contact him via the controller to clarify the question or answer for it.

The purpose and scope of managed data

question ID

identification

place, time and method of arrival Question

identification

His e-mail address

identification, communication

Personal data given by e-mail

identification

Last name

identification

first name

identification

Mailing address

contact

subject question

complaint handling

The content issue

investigate complaints

Duration and delete data in the data management

Target completion.

Who has access to your personal data?

  • Controller of authorized staff
  • Data Processing authorized staff

The data storage method

electronic, paper

 

 

9.6. Customer Satisfaction Survey

 

name, description and purpose of the data processing

Customer Satisfaction Survey

Data Manager is committed to provide the services of a high standard. In order to guarantee the supply of customers and ensure the quality of services provided to them Data Management regularly assesses the efficiency and quality of services activities. Data Manager will evaluate the feedback received and the comments, which will contribute to achieving a better quality of service delivery and implemented within the framework of the systems used to integrate internal processes. If the changes require an amendment of the regulations also transcribe them on the occasion of the upcoming change.

 

The experience gained from the purchase of user reviews and our customers are extremely important to us. To this end, Controller after purchase customer questionnaire or send a link to this indicator given to customers when buying e-mail address.

 

expression on the basis of the customer survey is voluntary and anonymous manner. The e-mail address will be used only to send the customer questionnaire. The customer specific questionnaire responses were handled completely separately from the respondent's personal adatitól and anonymously Controller. The relationship between the response and the respondent can not be reconstructed.

The scope Éritettek

Every natural person who fills out the customer satisfaction survey and contributed data management.

The legal basis for data management

If the customer satisfaction questionnaire and sending your line with the objective of data management, voluntarily consent to a specific customer satisfaction survey responses during the forward and manage the Data Processors for Data Manager.

 

If you wish to withdraw consent to the effect that e-mail address in the future, measuring customer satisfaction questionnaires felhasználhassuk, no intention notification methods specified in Section V, indicated in one week.

The purpose and scope of managed data

Questionnaire responses to certain specific questions

Customer Satisfaction Survey

Duration and delete data in the data management

Target completion.

Who has access to your personal data?

  • Controller of authorized staff
  • Data Processing authorized staff

The data storage method

electronic

 

 

9.7. Cookies (cookies)

 

required for the operation of cookies Website:

 

Name

what is

Shelf life

Other information

_ab

The admin user account is used in relation to access.

 

 

_secure_session_id

It used to navigate through the web interface.

 

 

cart

In connection with the use Basket.

 

 

cart_sig

In connection with the payment interface is used.

 

 

cart_ts

In connection with the payment interface is used.

 

 

cart_ver

In connection with the use Basket.

 

 

checkout

In connection with the payment interface is used.

 

 

checkout_token

In connection with the payment interface is used.

 

 

previous_checkout_token

In connection with the payment interface is used.

 

 

previous_step

In connection with the payment interface is used.

 

 

remember_me

In connection with the payment interface is used.

 

 

Secret

In connection with the payment interface is used.

 

 

Secure_customer_sig

Users are used in connection with login.

 

 

storefront_digest

Users are used in connection with login.

 

 

_shopify_m

Users for managing privacy settings.

 

 

_shopify_tm

Users for managing privacy settings.

 

 

_shopify_tw

Users for managing privacy settings.

 

 

_storefront_u

The customer account information used to update the promoters.

 

 

_tracking_consent

tracking options

 

 

 

Analytical cookies:

 

Name

what is

Shelf life

Other information

_landing_page

Follow-up pages.

 

It does not collect personal information.

_orig_referrer

Follow-up pages.

 

It does not collect personal information.

_s

Shopify analytics.

 

It does not collect personal information.

_shopify_d

Shopify analytics.

 

It does not collect personal information.

_shopify_fs

Shopify analytics.

 

It does not collect personal information.

_shopify_s

Shopify analytics.

 

It does not collect personal information.

_shopify_sa_p

Shopify connection with the marketing analytics and recommendations.

 

It does not collect personal information.

_shopify_sa_t

Shopify connection with the marketing analytics and recommendations.

 

It does not collect personal information.

_shopify_y

Shopify analytics.

 

It does not collect personal information.

_y

Shopify analytics.

 

It does not collect personal information.

tracked_start_checkout

Shopify analytics with a payment.

 

It does not collect personal information.

  

the proper functioning of the website is sometimes called a "cookie for" - Cookie English - should be placed on your computer, as do other major websites and Internet service providers.

Cookies are small text files that are stored on the site visitor on the pages of a user's computer or mobile device. With the help of cookies on the website for some time you will remember your actions and personal settings - such as your user name, language, font size and other custom settings for the website displaying - so you do not need to be entered again each time you visit on the website or in one átnavigáláskor tab to another tab.

It is possible to maintain the cookies and / or deletion of your choice. Please go to the information, related to the aboutcookies.org site. It is possible to delete all the cookies stored on your computer, and most browsers can disable their installation. However, in this case, you may have to manually perform all the time settings for each visit to the site, and must reckon with the fact that some features or functions may not work.

 

9.7.1. Cookies are responsible

  • collect information about visitors and means of product;
  • observe individual preferences of visitors, which will (may) use (eg. when using online transactions, eliminating the need to type them again)
  • facilitate the use of the website;
  • provide a quality user experience.

The customized service to the user's computer or other device used to browse the small data packets, so-called. cookies (cookies) on the back and read during subsequent visits. If the browser sends back a previously saved cookie, the cookie management service is linked to the user's current visit to the former owner the option, but only in respect of their contents.

 

9.7.2. It is imperative session (session cookies)

The purpose of these cookies that visitors fully and seamlessly böngészhessék the Website use its functions and the services available there. These types of cookies validity period of the last session (browsing) completion, browser cookies closure of this kind is automatically deleted from your computer or other device used for browsing.

 

9.7.3. placed by third party cookies (analysis)

The website uses Google Analytics than third party 'cookies as well. By using Google Analytics for statistics service on the Web to collect information about how visitors use the Web sites. The data used for the purpose of the website development and improving the user experience. In other cookies also expire on the visitor's computer or device used for browsing, the browser will remain, until the visitor delete them.

 

9.7.4. Targeting or advertising cookies (cookies targeting)

The use of this Website cookies, with the aim that they have more relevant ads to visitors and interest for the visitor appear on the website. These cookies can be determined as a number of advertisement display application, and evaluate the effectiveness of the ad campaign. These cookies are generally placed advertising networks on a particular website, the website of the operator of the license. These cookies note the visit that website, and share this information, such as advertising publishing model to other organizations. In general, targeting or advertising cookies related to functions provided by the website operator's organization.

 

9.8. For more information, 

Some details - as shown in the table - different users - for whom he visualized - see also (recipients). However, this is neither a transmission of data or data broadcast. Other users only see the data, but it can not carry out data processing in addition to the inspection activities, so in addition to the insights you did not manage - unless special consent, but it is your independent legal status controller - other details.

 

entering and ticking the checkbox mandatory data contributes to the so-called visibility settings by other users to see them and to manage the Data Management purposes indicated in the table above.

consents by entering the data to be provided, according to the so-called visibility settings of other users to see them and to manage the Data Manager and end time indicated in the table above - the non-binding - optional. It is not necessary to mark the box, I just need to sign up, and this information can be given after registration.

The site does not ask for any sensitive personal data. If someone would ask such a thing on behalf of the data controller, please contact us.

The Controller can not transmit data either within the EEA countries or in third (non-EEA countries).

 

The Data profiling is not performed.

The Data Manager is responsible for ensuring that the data is up to date and accurate, so please immediately notify any changes in the data to the company.

 

9.9. Conversion tracking data file type custom audiences

Facebook provides functions and tools that send data located in Data Management Web site carried out by the Customer site operations (of any event data). Facing Facebook and Conversions (Further conversion tracking) Individual target audience from people who visit the webshop (of themselves as individual target audience) for the purpose of creating it.

Facebook uses the resulting event data to provide data controller with analytical data on the effectiveness and use of your ads and to create your target audience according to your data management policy (https://www.facebook.com/about/privacy/) properly. Event data also enables a data controller to better target ads and optimize systems. In the context of such targeting and optimization, Facebook: (i) Event data collected from the data controller site will only be used to optimize ads to optimize such events data from other advertisers or other data collected on Facebook, and (ii ) It does not allow other advertisers or third parties to target their ads solely on the basis of event data collected from the data management site.

The event data are not disclosed with other advertisers or third parties unless you have permitted to do so or if we are legally obliged to do so. Facebook preserves the confidentiality and security of event data, including technical and physical security measures whose purpose (a) protecting data security and integrity when they are found in Facebook systems and (b) protection in Facebook systems accidental or unauthorized achievement, use, modifying or communicating.

When using conversion tracking or custom target audio, you must have a clear and opposing reference to such functions on each page that shows the pixels created by Facebook, which indicates a privacy policy that clearly communicates that (a) third-party cookies, web markers and similar technologies can collect or receive data from page and other web sites and use these data to provide measurement services or targeted ads (b) how users can reject the collection and use of data to target data and (c) where they know Users to achieve a mechanism that executes this decision.

The Data Manager acknowledges that Facebook may notice or notify the data controller's advertisements that indicates that the ad is targeted and the data controller agrees that such notifications are not modified, covered and otherwise intervened in their operation, including possible technical components that allow users to access further information or choice mechanisms.

Facebook can always modify, suspend, or terminate conversion tracking, access to custom target audiences, or cancel your availability. The data controller can stop using the functions at any time. The Data Manager can delete your custom target audience at any time from your Facebook system using account management tools.

If the Data Manager uses any of these features on behalf of a third party, declares and guarantees that as a trustee of such Party, it has permission to use such data in their name and may require such a party to comply with these Terms of Use.

 

  1. Data security

Data controller provides security for data security. To this end, it will take the technical and organizational measures and establish procedural rules necessary to enforce the relevant legislation, data and secrecy rules.

The data controller shall take appropriate measures to protect data against unauthorized access, alteration, disclosure, erasure or destruction, as well as the accidental destruction and damage, as well as becoming inaccessible arising from changes in the technology used.

The data controller shall also be provided by the data controller through the data protection and data security regulations and the internal policies, instructions and procedural settlements consistent and formally distinct from this briefing.

Data management in defining and applying measures for the security of the data you have given the technology current level of development and is one of several possible data management solution you choose, which provides a higher level of protection of personal data, unless this would be unreasonable hardship.

The Data Manager shall, in particular, in particular:

  • Measures to protect against unauthorized access, including the protection of software and hardware devices and physical protection (access protection, network protection);
  • Measures to ensure the possibility of restoring data files, including regular backups and separate, safe handling of copies (mirroring, backup);
  • For the protection of data files against viruses (virus protection);
  • For the physical protection of data files and the devices carrying them, on the recovery of fire damage, water damage, lightning strike, other elemental damage and the recovery of damage due to such events (archiving, fire protection).

 

The Data Manager shall ensure that IT data and the technical environment of the website operate the technical environment that operates with the necessary parameters based on the retention period of each data, thus guaranteeing the availability of data within the retention period and permanently destroy them by expiring the retention time.

The integrity and functionality of the IT system and the data storage environment are monitored by advanced monitoring techniques and continuously provide the necessary capacities. Events in the IT environment will be recorded using complex logging features, thus providing subsequent detection and legal provision of possible incidents.

We are constantly using a redundant network environment that provides high bandwidths to serve the web site, which securely distributes the loads between our resources.

We provide the catastrophic ability of our systems to ensure business continuity and thus continuously serving our users with organizational and technical tools.

We provide a priority priority for controlled installation of security improvements and manufacturer updates for integrity of our IT systems, thus preventing access or injury attempts to use vulnerabilities by using vulnerabilities.

Our IT environment is regularly tested by security testing, finding errors or weaknesses found, and we consider the security of the IT system for a continuous task.

For our colleagues we have made high security expectations that provide confidentiality, which are fulfilled with regular training courses, and we strive for our internal operation to operate planned and controlled processes.

Possible incidents affecting personal information during our operation are investigated in transparently, responsible and strict principles within 72 hours. We treat the incidents that have occurred and registered.

During the development of our services and IT solutions, we ensure the fulfillment of the principle of built-in data protection, and data protection is already treated as highlighted in the design phase.

 

  1. Data transfer

The data controller is entitled to transmit the fixed, systematic personal data collected by it to a third party.

During the transfer of data, it is necessary to monitor the principles of data management (for example, the principle of data saving, the principle of purpose). In the course of data transmission, it is also necessary to ensure that the protection of the personal data of the persons concerned is also provided by the addressees.

The data controller may only take a data processor who or which provides adequate guarantees for the requirements set out in the General Data Protection Regulation and carry out appropriate technical and organizational measures to protect stakeholders. The data processor shall be entitled to the transmission of personal data only when the data controller's instructions. If the transfer obligation is required by the Member State law of the data processor or the Union law applicable to it, the transmission may be transmitted without the instructions of the data controller, but may be notified without prior notice.

 

XII. To change the information 

The Company reserves the right to modify this brochure at any time by one-sided decision.

If you do not agree with the amendment concerned, you may request deletion of your personal information on one of the contact details specified in point V.

 

Done at: Budapest, October 2021

 

Liquid error: Could not find asset snippets/ly-languages-switcher.liquid Liquid error: Could not find asset snippets/ls-languages-switcher.liquid