(To download/print the document: Download)
1. Data controller and this site is identified
1.1. Please note that this website
Campeador Hospitality, Trade and service Limited company
Trade Register Number: 14-06-304824-Commercial Court of Kaposvár Tribunal
Tax Number: 20293464-1-14
Head Office: 7471 Zimány, Kossuth L. u. 11.
Postal address: 2016 Leányfalu Hunyadi u. 23.
(hereinafter referred to as the data controller).
1.2. This website:
Website, the websites and subpages available.
2. provisions of Hungarian law, scope of this information
2.1. The service of the data Controller (hereinafter referred to as “the data controller”) that is available at the Internet address specified above (hereafter “the website”) is directed to Hungary and is provided from Hungary. This means that the provision of the service and the users of the service (including the processing of the data) are governed by Hungarian law. Data Manager focuses on user data
- REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND of the COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General data Protection Regulation); (The EU General Data Protection Regulation), (“GDPR”),
- 2001 on certain aspects of e-commerce services and information society services. CVIII. Law (EKERTV.),
- 1995 on the management of name and address data for the purpose of research and direct marketing. CXIX. Law (DMtv.),
- 2008 on the basic conditions and limits of economic advertising. XLVIII. Law (Grt.)Provisions of this Regulation.
2.2. The scope of this information relates to the processing of data carried out by the use of electronic services made available on the site.
2.3. According to this factsheet, User: A natural person who browses the site, regardless of which service is used on the site, or the natural persons who only browse the site and no services.
3. legal basis for processing
3.1. The legal basis for data processing by the data controller is the subject of annex 6 to the GDPR. Pursuant to paragraph 1 (a) of this article, the user’s consent, as regards the processing of the order, is specified in section 6 of the GDPR. (1) (b) That processing is necessary for the performance of a contract in which the user is a party.
4. data processing without further specific consent of the data subject or after withdrawal of consent
4.1. Any data recorded with the consent of the user concerned shall be included without further special consent of the user concerned or pursuant to para 6 of the GDPR upon withdrawal of consent. Pursuant to paragraph 1 of this article, you can manage data controller.
4.2. If the personal data have been recorded with the consent of the user concerned, the data controller shall, unless otherwise specified by law, without additional consent from the user concerned, and the user Following cases:
- processing is necessary to satisfy a legal obligation to which the controller is subject;
- processing is necessary for the protection of the vital interests of the data subject or of another natural person;
- the processing is necessary to enforce the legitimate interests of the controller or of a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which make the protection of personal information necessary, especially if the child concerned.
4.3. Prior to the commencement of processing by reference to A legitimate interest, the Controller shall in all cases, on an obligatory basis, carry out the so-called interest assessment test. The balancing test is a three-step process whereby the Controller identifies his or her legitimate interest and the interests of the user in question and the fundamental right to be affected by the planned processing. Finally, on the basis of the weighting, the data controller determines whether the legitimate interest is in the interest of the user and can thus be handled by the GDPR. Pursuant to article 6 (1) (f).
4.4. The outcome of the interest balancing test data controller shall inform the user concerned in such a way that, on the basis of the information, the user can clearly determine which legitimate interest, and why it is considered as a proportionate restriction, that The data Manager shall treat your personal data without your consent.
4.5. When conducting the interest assessment test, the data controller shall be 6/2014 with the findings of the Data Protection Working Party of the Council of the European Union. As defined in the opinion. The opinion can be read on the following link:
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_hu.pdf # H2-2
5. Possible pleas of data processing unrelated to the user’s consent
5.1. The legal basis for processing is also the GDPR in the relevant cases. necessary for the fulfilment of a legal obligation under article 6 (1) (c). In certain cases, the Controller may be obliged to carry out mandatory data processing as required by law or other legislation. In addition, the data controller is obliged to perform any official requests, which may also be the processing of personal data, which is also the statutory obligation of the Controller.
5.2. THE 6TH GDPR In accordance with point (d) and (f) of paragraph 1, it is also informed that the Data manager may manage the user’s personal data without the consent of the user or the protection of the vital interests of the users or of another natural person. Processing is necessary to enforce the legitimate interests of the data controller or of a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the user concerned, Which require the protection of personal data, in particular where the child concerned is.
Prior to the commencement of processing by reference to the legitimate interest, the Controller shall in all cases, on an obligatory basis, carry out the so-called interest Assessment test in 4.3 of this factsheet. -4.5.
5.3. The 2001 on certain aspects of e-commerce services and information society services. CVIII. 13/A of the Law (hereinafter referred to as “EKERTV”), the data controller shall also inform the user of the following.
The Data Manager service is EKERTV. constitutes an information society-e-commerce service.
Data controller for the purpose of creating a contract for the provision of its services, defining its content, modifying it, monitoring its performance, invoicing the resulting charges and enforcing claims on it To manage the natural identity information and address required to identify the user.
Data controller may manage the user’s natural identity, home address and the use of the service for the purpose of invoicing the fees arising from the contract for the provision of its services. Date, time and location of the data.
In order to provide the service, the data controller may manage personal data which are technically indispensable for the provision of the service. If the other conditions are identical, the controller shall choose and operate the means used in the provision of the service in each case in such a way that the processing of personal data is carried out only if this is necessary for the provision of the service and necessary for the fulfilment of other purposes laid down by law, but in this case only to the extent and for the time necessary. (Further rules on the processing of technically necessary data are set out in the document “Application ” of Information Cookies and Chapter 6 of this factsheet.)
Data controller for any purpose other than those specified above, in particular to increase the efficiency of its services, to use electronic advertising or other recipient content addressed to the user For market research – can only be handled by the prior determination of the processing objective and on the basis of the consent of the recipient.
6. Data processing related to ensuring the functioning of information Technology Service
6.1. Data subjects: All users who visit the site, regardless of the services available on the site.
6.2. Legal basis for data processing: in respect of processing strictly necessary for the provision of the service, the ECV. § 13/A authorizes the controller to manage the data required to operate the site in its intended purpose. This means that the legal basis for processing such data is in accordance with point 6 of the GDPR. In accordance with point (f) of paragraph 1 of this article, the Controller shall have a legitimate interest. This plea, the data manager only manages the data necessary for the user-friendliness of the site and handles such data only for the time necessary for that purpose. These are technical data that can be used to display the pages of the site and to use its functions as intended and convenient for the user. The data is not transmitted to any third party data controller and is not handled for any other purpose. As a data processor, the 17th Service provider (s) designated in chapter “Information Processing data” of this section. In this respect, the processing of this data does not entail any risk to the user, but the above objective-the intended use of the site-is not feasible without the processing of the data. The data controller has a legitimate interest in ensuring the usability of the site, since it can only ensure its service, which is a prerequisite for its operation. Therefore, in order to achieve the objective set out above, the data controller manages the legitimate interest of a data manager, which has a legitimate interest, since the processing does not entail a risk to the user, it limits the user’s right to self-determination
The legal basis for data processing in relation to the processing of visits and marketing activities is in annex 6 GDPR. The consent of the user pursuant to point (a) of paragraph 1 of this article. By selecting the check boxes in the pop-up Information window when you start browsing the site, you can contribute to technical data collection for visit analysis and marketing purposes.
6.3. Definition of managed Data: Information Technology data processing relates to the operation of cookies used for the operation of the website and to the use of the log files used by the web hosting provider.
Data processed to enable user-friendly browsing:
- the pages visited during the visit to the site and the order in which they were opened
- The IP address of a user-used device.
Data managed to measure website usage:
- the pages visited during the visit to the site and the order in which they were opened
- the frequency of viewing of certain websites on the website
- From another website to this site by the user (only for a site where a link to this website is placed)
- Determining the geographic location of the user who visited the site (based on the information provided by the ISP, only approximate information about the location of the browser device)
- Time to start browsing the site
- The time the site was abandoned (end of browsing)
- The duration of browsing the site.
Data processed to verify access to the site:
- User name and password (may be stored by user)
- User’s email address
- The IP address of a user-used device.
- Identify the user’s browsing device, and remember the credentials – by the time of browsing: by IP address. This makes browsing smoother, without this, users should identify themselves on each page they visit or repeat processes.
The data required for the following purposes is recorded anonymously and cannot be linked to the person:
- Measure website usage, measure the frequency at which each page in your website is viewed, and measure the browsing duration of each page in your website to maximize the user’s needs Controller.
- Determine the location of the user (browser tool), spatial mapping of the degree of interest after the Data Manager service.
- Identification of the site from which the user has arrived at this site in order to find out about other topics of interest to users interested in the data management service and to promote their service Effectiveness of the data controller.
To measure these data, data controller’s IT system uses Google Analytics (Google Inc.) tools.
The above anonymous data is also accessed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), owned and operated by Google Analytics and Google Maps. Google Inc. Uses the above information in addition to making these analyses for the purpose of delivering targeted advertisements to the browser user. In doing so, Google INC. will use it to link anonymous data and the IP address of the browser device to determine the explorable interests based on your browsing habits from that device, and then to deliver targeted advertisements to the Device. In addition to the anonymous data written in this section, Google Inc. Does not have access to the additional data referred to in this leaflet.
You can visit the community side of the data controller and share and facilitate the sharing of this website on the social media (Facebook-button, Facebook-share button, Facebook-like button) provided by Facebook Inc., so that Anonymous data processed by cookies can be accessed by Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
With this feature of Facebook Inc., you can access anonymous data written above, to measure website usage and to crawl your browsing habits. Facebook Inc. Uses the above information in addition to making these analyses for the purpose of delivering targeted advertisements to the browser user. In doing so, Facebook Inc. Determines the explorable interests by linking the anonymous data to the IP address of the browsing device and then exposes targeted advertisements to the Device. In addition to the anonymous data written in this section, Facebook Inc. Does not have access to the additional data referred to in this leaflet.
The information assigned to the following purposes is recorded in a manner that is linked to the user’s identity:
- Possible storing of user name and password for easier entry (user’s discretion)
- Verification of User login rights (user name, email address, password).
6.5. Duration of processing: The data controller manages some of the information up to the time of browsing, storing certain data for a variable period of time and up to 2 years.
The data that is required to provide a user-friendly operation of the site (IP address, the order of the pages visited on the site when browsing) is recorded until the time of the browsing session (i.e. the duration of browsing the site), After the The processing of such data is carried out by the data controller’s IT system using its own tools and is not accessed by a third party, except in the case of IT data processing (see the section titled “Recourse to the processor” below).
The information required to verify the access rights and to provide usage rights is recorded until the time of your browsing session (that is, the duration of browsing the site), and is deleted after it finishes. The processing of such data is carried out by the data controller’s IT system using its own tools and is not accessed by a third party, except in the case of IT data processing (see the section titled “Recourse to the processor” below).
The user name and password may be stored permanently in the user’s discretion, stored on the user’s device, and the user may take care of the deletion of their browser settings to control the time of data storage.
Data on the basis of which usage is measured and the habits of site use are mapped, the IT system of data management is anonymous from the outset and cannot be linked to any person. To measure these data The data controller’s IT system uses Google Analytics tools. Only the cookie that allows Google Analytics to collect data is stored on the user’s device. You can delete this in your browser’s settings, which will remove the data collection.
Visits and browsing habits of a Web site that is accessible by Facebook Inc., a cookie that facilitates the visit of the community pages of the data controller and the sharing of this website on the community side Anonymous data processed by Facebook INC. are permanently stored, but with cookies working for up to 2 years, which cookies are recorded on the user’s browser device. To delete these cookies or to prevent them from working, you can always arrange your browser settings.
6.6. How data is stored: in the Data management information system, separate from the processing Data that is required to provide user-friendliness of the site (IP address, the order of pages visited on the website during browsing) will not be stored. Cookies that provide data are stored locally on the user’s device. The log files used by the web hosting provider are stored on the hosting provider’s server.
6.7. Information technology processing in the process of information technology management and the use of tools from Google Analytics and Facebook Inc. Users can read more about how to start browsing the site Available from the pop-up warning bar, as well as from the information available on the website “Information” cookies on “Application “, and the Google Analytics https://www.google.com/intl/hu_ALL/analytics/support and Facebook Inc. https://developers.facebook.com/products page. The data Manager uses the features recommended by Google Analytics and Facebook INC. Only as described above.
7. to receive and reply to a message
7.1. Data subjects: Users sending A message by e-mail to A data controller by using the e-mail address (s) that are published on the Web site connection menu.
7.2. Legal basis for data processing: Annex 6 to the GDPR. The consent of the user pursuant to point (a) of paragraph 1 of this article. By submitting the e-mail voluntarily, the user consents to the processing of his name and email address or any other information he may have in his/her message.
7.3. Definition of managed data: For messaging users, processing affects the scope of the personal data and contact information listed below, as well as any additional data that the user may have provided in the e-mail message.
- First Name
- Email address.
In respect of any additional data that the user may have provided in the e-mail message, the data controller must only perform processing of the content of the message sent upon receiving it, but any personal data disclosed therein may be Data Manager does not prompt user. When communicating such unexpected personal data, the unexpected personal data will not be stored by the data controller, it will be deleted from your IT system without delay.
7.4. Purpose of the processing: To enable the user to exchange messages with the Data manager. The purpose of the processing of the personal data of the user who is visiting the site, as indicated above, is to enable the user to use the messaging services related to the site.
- Receiving an e-mail message (using the e-mail address (s) indicated on the website),
- to reply to the messages received by the data controller as described above, which is performed within 2 working days.
7.5. Duration of Processing: Data controller manages the information until the purpose is achieved. Accordingly, for the users sending the message, the duration of the data processing lasts until the message is answered and the user’s claim is met. The data controller will delete the information processed for this purpose after answering the message/request. Where the exchange of information is carried out on a number of related topics, the Data Manager shall delete the information when the information is completed or after completion of the request.
7.6. How data is stored: in the data controller’s information system separate from the processing period until the end of the duration of the information exchange.
8. Newsletter submission related data processing
8.1. Data processing: The user who signs up on the website by completing the newsletter sign-up fields. In addition, a user who consents in writing with the data controller, in writing on paper, or without concluding a contract, agrees to send the newsletter on paper.
8.2. Legal basis for data processing: GDPR. Article 6 (1) (a) and Grt. 6. § (1) and (2) of the user’s consent. The voluntary contribution will be made known to the user in this privacy notice and by filling in the fields for the newsletter sign-up, the consent contained therein, and the newsletter included in the written agreement. By selecting a statement of consent for sending and signing the contract or by completing and signing a separate paper-based declaration. By doing so, you agree that you consent to the processing of your data as specified in the privacy notice or the contract/declaration and to send newsletters.
In addition to sending useful information, the newsletter service also targets direct marketing by the data controller. You may subscribe to this service regardless of the use of other services. The use of this service is based on a voluntary decision taken after the user has been duly informed. If the user does not use the newsletter service, it will not be subject to any disadvantages regarding the use of the website and the provision of additional services. The data controller does not use the direct marketing service as a condition to access any of its services.
8.3. Definition of managed data:
- First Name
- Email address.
8.4. The purpose of the data processing: sending newsletters by data controller to user via email. Sending newsletters means information about the Data Manager service, news and updates, promotional offers, advertising content.
8.5. Duration of processing: Data controller manages the information processed for the purpose of sending the newsletter until the user’s consent is withdrawn (uncancelled) or until the data is deleted at the user’s request.
8.6. How the data is stored: Data controller in the data management information system and the information processed for the purpose of sending the newsletter, which is transferred to data controller by a user in paper-based contracts/declarations The
9. Registration related data processing
9.1. Data subjects: Users registering on the site.
9.2. Legal basis for data processing: Annex 6 to the GDPR. The consent of the user pursuant to point (a) of paragraph 1 of this article. The user is given the voluntary consent by clicking on the “Registration” form on the home page of the site and selecting the checkbox before the privacy statement, and then submitting the registration.
9.3. Determination of processed data: in the case of registrant users, the processing concerns the scope of the personal data and contact details to be completed in the registration form cited above.
- First Name
- Phone number
- Email Address
- Shipping Address
- Billing address.
9.4. Purpose of data processing: processing related to the operation of the webshop. The personal data and contact details of the user registering on the site are intended to allow the user to access the services of the site.
- Browse Site
- Information about Products
- To enable online ordering of products from the site
- Messaging to Data controller.
9.5. Duration of data processing: For registered users, the time content of the data processing lasts until the registered user request is cancelled. The processing may also be terminated by the user deleting the registration or by deleting the user’s registration by the data controller. The user may, at any time, cancel his registration or request deletion from the data controller, which shall be executed by the data manager without delay, but not later than 10 working days after receipt of the request.
9.6. How data is stored: In a Data management list that is separate from the controller’s IT system.
10. Order-related data processing
10.1. Data subjects: Users who have placed an order on the site.
10.2. Legal basis for data processing: in annex 6 to the GDPR (1) (b) That processing is necessary for the performance of a contract in which the user is a party. When you place an order, you are informed that the personal data you provide in connection with the order will be handled by the data controller for the purpose of fulfilling the contract.
10.3. Determination of processed data: the processing of personal data in the registration form that has been completed prior to the submission of the order referred to above, or in the case of a previous registration, shall be Contact details.
- First Name
- Phone number
- Email Address
- Shipping Address
- Billing Address
- Designation of the product (s) and/or service (s) ordered
- Purchase price and/or service (s) of the product (s) ordered
- Method of receipt/delivery
- Payment Method
- Any other information required by the user to complete the order when ordering
- Order Date
- Date of payment.
10.4. Purpose of data processing: execution of the order, processing related to the operation of the webshop. The personal data and contact information of the user who has placed the order on the site are intended to enable the order to be fulfilled, to provide the relevant services of the site to the user concerned.
- Information on product availability and properties
- Order Product
- Reconciliation of the ordered product
- Arranging transport
- Carry out transport
- Notification of Dispatch
- Enforce user rights.
10.5. Duration of data processing: During the delivery required to complete the order, processing takes place until delivery is complete. Data controller shall restrict the processing of the information necessary for the performance of the shipment (name, delivery address, telephone number) to the transport operator in order to transfer the transmitted data only to the performance of the delivery necessary extent and for a period of time.
Pending the availability of the order, the information required to issue the invoice (name, address) and the above information handled for the execution of the order until the possible time of the claim (from the conclusion of the contract- Receipt of an order confirmation for 5 years) and the information required to issue the invoice (name, address) for the period necessary to fulfil the obligation to retain the document under the Accounting law (the invoice 8 years from the date of issue.
10.6. How the data is stored: Data required by the Data manager’s IT system, or for regular accounting, in order to comply with the obligation to retain the document as required by the Accounting Act Accounting documents.
11. Forum related data processing
11.1. Site Forum: On the page of products that you can view on your website, you may review the product by user as a text comment, and you can also comment on the articles on your site.
11.2. The Forum published on the website shall display the public, posts and posts posted there and the name given to them when publishing their posts, as shown to each visitor to the site.
11.3. Information on the handling of user-supplied information in comments and posts:
Data subjects: Users who posted a comment or post on the site.
At the discretion of the user, he publishes his posts, posts on the site, and determines the content independently. The data manager approves the content of the post before it is published.
Legal basis for data processing: the 6th GDPR. The user’s consent under point (a) of paragraph 1 of this article. The user consents to the processing and publication of the information contained in the post, by selecting the privacy statement and submitting the post.
Data Subject: User comments and records can be seen by other users after they have been published by the name or nickname of the user who published The post, post You can also identify the information that you have entered in your comment and post, so that the user can become identifiable. However, this is subject to the user’s own responsibility, and the consequences for this will not be held by the data controller.
If, in the user’s comments, the data of another person may be disclosed, such disclosure of the third party’s data to the data controller’s website, and thus the transmission to the data controller, shall be Consent of the third Party concerned by the data controller. The data controller is not responsible for the consequences of a lack of consent to the processing of such data.
Purpose of data processing: to allow users to review and exchange information about products and reviews and to comment on the items appearing on the site.
Duration of data processing: The time content of the processing in the above form on the site is until it is deleted at the request of the user who posted the post. The data processing may also be terminated by the controller deleting the user’s comment or registration. User may at any time request a comment or deletion of his registration from a data controller, which request shall be executed by the data manager.
How data is stored: on the data controller’s IT system, appearing on the site’s interface.
12. Data-processing records-information processing carried out in the use of the online interface of Webshop
12.1. Lists related to Information technology processing: users-6. In the data controller’s information system, an anonymous list containing information about your browsing habits, and the IP addresses of the users of the current browser. Leading. The latter list will only be processed until the end of the browsing time. (The rest of the data will be stored on your user’s device and will not be retained by the controller in your possession.)
12.2. List of messages to Exchange: Users who send messages using contact information on the site – 7th The information on the ongoing exchange of information shall be limited to the duration of the exchange. At the end of the exchange of information, the data subject will be deleted from the list.
12.3. Newsletter-Purpose list: For the purpose of sending newsletters, messages, information materials and awareness-raising offers via e-mail, as specified in 8. of this paragraph. The data is handled by the user until the customer’s consent is revoked (unsubscription) or by deletion of the data at user’s request.
12.4. Registration List: Registered users-9th Listed in point (a). The data are listed on this list until the registration is cancelled by the user or data controller or until processing of the user’s cancellation request.
12.5. List of customers: Users who have placed the order – 10. Listed in this section. The data will be included on this list until the user’s cancellation request is processed, except in cases of compliance with the obligation to provide a retention policy for statutory accounting.
12.6. Data transmission records: The data controller maintains a transmission record for the purposes of verifying the legality of the transfer and informing the data subject, which includes the processing of the personal data Of the data, the legal basis and the addressee of the transfer, the determination of the scope of personal data transferred and any other information specified in the legislation providing for the processing.
12.7. Data breach Register: A record of the unlawful treatment or processing of personal data and of the measures taken to counteract them. It includes the personal data affected by the incident, the scope and number of data subjects involved, the date, circumstances, effects and actions taken to resolve the data breach, as well as the statutory obligation to Processing based on data protection.
12.8. In order to achieve the purposes of data management, the controller shall store the information in the form of separate lists, in databases separate from the purpose of processing, in its IT system, and the data processed for the purpose of sending the newsletter Paper-based contracts/declarations.
13. duration of data processing
13.1. The duration of the processing corresponding to each processing purpose shall be as described above, in accordance with the purposes of the processing. The data manager treats the data of the user concerned until the processing purposes described above or until the user’s consent is revoked or deleted at the request of the user concerned.
13.2. To this end, the processing will be carried out until the statement of consent has been withdrawn, until the cancellation request is made, until the registration is cancelled, until the newsletter is unregistered, and in the case in the relevant cases the statutory obligation is fulfilled. At any time, the user may object to the processing, request the termination of the processing, remove any method of processing or erase the data for each purpose and in full. In such cases, the duration of the processing shall be held until the request for such content is received and processed by the data manager without delay and within a maximum of 10 working days. You may unsubscribe from the newsletter at any time by using the unsubscribe link in the newsletters, as well as by writing to email@example.com e-mail address or by submitting your objection or Send your requests by e-mail. An email request is considered to be authentic only if it is provided by the user in connection with the use of the site or in the course of subscribing to the newsletter or in the written agreement/Declaration and E-mail address registered with the data controller, but the use of the other e-mail addresses does not ignore the request.
14. How data is stored
14.1. Data controller in the form of separate lists, in databases separate from the purpose of processing, in its IT system, and the data processed for the purpose of sending the newsletter by lacing the paper-based contracts/declarations.
15. Deletion of data, restriction of processing
15.1. The processing is terminated in all sense and the data will be deleted within 10 working days of the receipt of the user’s request, including the deletion of the data already provided by a new data controller (assuming that the deletion is not legally excluded).
15.2. Instead of deletion, the data manager restricts the processing of personal data if requested by the user or if, on the basis of the information available to him, it is assumed that the deletion would violate the legitimate interests of the user. If processing is restricted, such personal data will only be subject to the consent of the user or to the establishment, exercise or defence of legal claims, or to the protection of the rights of another natural or legal person, except storage. of the Union or of a Member State.
15.3. Furthermore, the data controller will erase the personal data if
- Treatment of illegal,
- The data subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing;
- The data processed is incomplete or incorrect-and this condition is not legally remedied-provided the cancellation is not ruled out by law,
- The purpose of the processing has ceased or the time limit for storing the data laid down by law has expired,
- It has been ordered by the court or by the National Authority for data protection and freedom of information.
16. Data transmission
16.1. Data subjects: Users who select the online payment method on the website when ordering, regardless of the other services provided by the site.
16.2. The recipient of the data transmission:
Barion Payment Zrt.
Short name: Barion Payment Zrt.
Company Registration Number: 01-10-048552
Tax Number: 25353192-2-43
Head Office: 1117 Budapest, Infopark sétány 1. I. Ép. 5. Em. 5.
Postal address: 1117 Budapest, Infopark sétány 1. I. Ép. 5. Em. 5.
Telefon: + 36 1 464 7099
Company as the provider of the online payment service available on the Data manager’s website.
16.3. The recipient of the data transmission:
Escalion Hungary Limited Liability company (PayPal)
Short name: Escalion Hungary Kft.
Company Registration Number: 01-09-860827
Tax Number: 13545329-2-42
Head Office: 1101 Budapest, Expo tér 5-7.
Postal address: 1101 Budapest, Expo tér 5-7.
Phone: + 352 621 241 105
Company as the provider of the online payment service available on the Data manager’s website.
16.4. Data transmission legal basis: the user is under the 6th GDPR. Paragraph 1 (a) of this article. The user will voluntarily consent to the processing of the information necessary for the safe conduct of online payment by selecting the online payment method and submitting the order transfer.
16.5. Scope of data transmitted:
- First Name
- Phone number
- Email address.
16.6. Purpose of the transfer: the proper operation of the payment service and the processing of payments in a technical sense, confirmation of transactions, fraud-monitoring in order to protect the interests of users-by electronic means Fraud detection system to support the control of bank transactions initiated, and customer support assistance to the user.
16.7. Data are transmitted solely for the purposes of achieving the above objectives.
16.8. In addition, the data controller shall transmit information only in the case of statutory obligations.
16.9. Data controller does not transmit information to third parties for business or marketing purposes.
16.10. Data controller maintains data transmission records.
17. recourse to data processing
The data manager takes advantage of the following entities as a processor.
17.1. It data processing
17.1.1. Data processing stakeholders: Users who visit the site, regardless of the services provided by the site.
17.1.2. Data Processor
Hosting. Eu Service Limited Liability company
Abbreviated name: Tárhely.Eu Kft.
Company Registration Number: 01-09-909968
Tax Number: 14571332-2-42
Head Office: 1144 Budapest, Ormánság .u 4/A. X. em. 241.
Location: 1097 Budapest, Könyves Kálmán körút 12-14. 2. Em.
Postal address: 1538 Budapest, Pf.: 510.
Phone: + 36 1 789 2789
Company, such as web hosting provider (‘The Data Processor’).
17.1.3. Data Processor
17.1.4. Data processing legal basis: User GDPR 6. In accordance with paragraph 1 (a) of this article, data controller may, in addition to informing the user thereof, use a processor. After consulting the data controller, the user shall voluntarily consent the processor to the processing of his data, as specified in the above chapters, by any means of consent. Lawyer.
17.1.5. Determination of the scope of data processing: the processing concerns all the information specified in this prospectus.
17.1.6. Purpose of data processing: to ensure that the website operates in an information technology sense for the user concerned, in the technical operations necessary for the operation of the site and the provision of the services provided. Through the processing of data.
17.1.7. Duration of data processing: This is the same processing period as indicated in this prospectus for the processing purposes for which data are processed.
17.1.8. The processing of the data consists solely of the technical operations required to operate the site in an IT sense.
17.2. Data processing for newsletter submission
17.2.1. Data processing stakeholders: Users who sign up for a newsletter on the website, regardless of the other services provided by the site.
17.2.2. Data Processor
SalesAutopilot Limited Liability company
Short name: SalesAutopilot Kft.
Company Registration Number: 01-09-286773
Tax Number: 25743500-2-41
Head Office: 1024 Budapest, Margit körút 31-33. félemelet 4-5.
Site: 1024 Budapest, Margit körút 31-33. félemelet 4-5.
Postal address: 1024 Budapest, Margaret körút 31-33. félemelet 4-5.
Phone: + 36 1 490 0172
Company as the developer of the newsletter sending software used by the data controller (hereinafter referred to as the “processor”).
17.2.3. Data processing legal basis: User GDPR 6. In accordance with paragraph 1 (a) of this article, data controller may, in addition to informing the user thereof, use a processor. After consulting the data controller, the user shall, with the consent given in the newsletter submission section above, submit voluntarily Consent to the use of the data processor.
17.2.4. Definition of data involved in data processing: the processing relates to all data indicated in this prospectus in the section on the sending of newsletters.
17.2.5. Purpose of the processing: to ensure the information technology operation of the software used for the newsletter submission by the data controller, the technical operations required to operate the software safely, Data processing.
17.2.6. Duration of data processing: the processing periods indicated in this leaflet are the same as in the section on the sending of newsletters.
17.2.7. The processing of the data consists solely of the technical operations required to operate the newsletter sending software in the IT sense.
17.3. Product Delivery Data processing
17.3.1. Persons involved in data processing: Users who select how to take delivery on the website during the order, regardless of the other services provided by the site.
17.3.2. Data Processor
GLS General Logistics Systems Hungary Package-Logistics Limited liability company
Short name: GLS General Logistics Systems Hungary Kft.
Company Registration Number: 13-09-111755
Tax Number: 12369410-2-44
Head Office: 2351 Alsónémedi, GLS Európa u. 2.
Postal address: 2351 Alsónémedi, GLS Európa u. 2.
Phone: + 36 29 886 670
Fax: + 36 29 886 610
Company, such as the carrier who dispatched the products ordered,(hereinafter referred to as the “Data Processor”).
17.3.3. Data processing legal basis: Annex 6 to the GDPR. (1) (b) That processing is necessary for the performance of a contract in which the user is a party. The data controller may, in addition to informing the user thereof, use a processor to complete the contract. The user will be informed about the contents of the contract and the procedures used to manage the processing of his/her order in order to understand the data management information Data processors.
17.3.4. Definition of data involved in data processing: the processing shall concern the following data of the user in order to fulfill the contract (delivery execution) resulting from the user’s order:
- First Name
- Phone number
- Delivery address.
17.3.5. Purpose of the processing: in the framework of the execution of the contract resulting from the user’s order, the delivery of the ordered product by service to the address indicated by the user, if necessary, by telephone.
17.3.6. Duration of data processing: for the period of time required to complete delivery and delivery.
17.3.7. The processing of the data consists solely of the technical operations necessary to fulfill the delivery and delivery.
17.4. Data processing related to the production of invoices
17.4.1. Data processing: Users who place an order on the site, regardless of the other services provided by the site.
17.4.2. Data Processor
Octonull Limited Liability company (Billingo)
Short name: Octonull Kft.
Company Registration Number: 01-09-1981177
Tax Number: 25073364-2-42
Head Office: 1085 Budapest, József körút 74. I. Em. 6.
Postal address: 8230 Balatonfüred, Jókai u. 5.
Company as the developer and Mainter of the invoicing software used by the data controller (hereinafter referred to as the “processor”).
17.4.3. Data processing legal basis: Annex 6 to the GDPR. (1) (c) That processing is necessary for the fulfilment of a legal obligation to which the controller is subject.
17.4.4. Definition of the data involved in data processing: The processing is the name and address of the user who placed the order, and the item (s) and/or service (s) ordered, the date of purchase and the purchase price, Documents containing shipping charges and any other charges.
17.4.5. Purpose of the processing: to ensure the information technology operation of the software used to issue the accounts by the data controller and the technical operations required to operate the software safely, Data processing.
17.4.6. Duration of data processing: for the period necessary to satisfy the obligation to keep a document under the accounting law-8 years from the date of issue of the invoice.
17.4.7. The processing of the data consists solely of the technical operations necessary to operate the software used to issue the invoice.
17.5. Data processing is not carried out for any other purpose.
17.6. Data processors shall not be interested in the data controller’s business activities.
17.7. The controller shall not use a processor other than the data processors indicated above.
18. User rights for data management
18.1. right of Access: at the request of user, the data controller shall provide information about the data processed by the user, their source, the purpose of the processing, and the processing, Its legal basis, duration, name of the processor, its address and its activities in relation to its processing, the circumstances, effects and measures taken to mitigate any personal data breach, and the Transfer of the personal data of the data subject, the legal basis and the addressee of the transfer. The information shall be provided by the Controller without undue delay but not later than one month after receipt of the application.
In the framework of the right of access, the data controller shall provide the copy of the personal data subject to processing to the user, at the latest within one month of receipt of the request. For any additional copies requested by the user, the data controller may charge reasonable fees based on administrative costs (as defined in chapter 19).
18.2. Right to Data portability: user is entitled to receive the personal data relating to him or her which he has made available to the data controller in a structured, commonly used, machine-readable format and is entitled to To transmit such data to another controller without hindered by the controller which provided the personal data to it, if:
(a) The processing is based on the consent of the user or contract; and
(b) The processing is carried out in an automated manner.In exercising the right to data portability as described above, the user is entitled to request the direct transmission of personal data between controllers, if technically feasible.
18.3. right to rectification: user may request the rectification of his managed data by the data controller without undue delay and at the latest within one month of receipt of the request. Taking into account the purpose of the processing, you have the right to request the addition of incomplete personal data, including by means of a supplementary statement.
18.4. the right to restriction of processing: data controller shall indicate the personal data it manages to limit the processing. The user has the right to request that the data controller restrict the processing if one of the following is true:
(a) The user disputes the accuracy of the personal data, in which case the restriction relates to the period of time that allows the data controller to verify the accuracy of the personal data;
(b) The processing is unlawful and the user opposes the erasure of the data and requests the restriction of their use instead;
(c) The controller no longer needs personal data for the purposes of processing, but the data subject requires them to present, enforce or defend legal claims; or
D) The user has objected to data processing on the basis of a legitimate interest of the controller; In this case, the restriction shall apply for the period until it is established that the data controller’s legitimate reasons prevail over the legitimate grounds of the person concerned.
18.5. the right to erasure (“right to be forgotten”): data controller Deletes personal data if:
(a) The personal data are no longer necessary for the purposes for which they were collected or otherwise handled;
b) The user withdraws the consent of the data processing and has no other legal basis;
(c) The user objects to the processing and there is no overriding legitimate reason for processing, or the user objects to a direct solicitation;
(d) The personal data have been unlawfully processed;
(e) The personal data shall be erased for the fulfilment of a legal obligation under union or Member State law applicable to the Controller;
f) The user requests the deletion or protests against the processing and the collection of personal data has been made in connection with the offering of information society services directly provided to children.
If the data controller has disclosed the personal data and is obliged to delete it as described above, it shall take reasonable steps, including technical measures, taking into account the available technology and the costs of its implementation. In order to inform the controllers handling the data, that the user has requested the deletion of the links to the personal data in question or the erasure of the copy or replica of such personal data.
The data controller shall inform the user concerned of the recerence, restriction and deletion, as well as any controllers who have previously transmitted the data. The notification may be omitted if it proves impossible or requires disproportionate effort. The data controller shall inform the user at his request.
18.6. right to object: the user is entitled to object to the processing of his or her personal data based on the legitimate interest of the Controller at any time for reasons relating to his/her own situation, including those based on those provisions Profiling. In this case, the controller shall not process personal data unless the controller proves that the processing is justified by compelling legitimate grounds which prevail over the interests, rights and freedoms of the data subject or which relate to the establishment, exercise or defence of legal claims.
19. User requests to meet
19.1. The 18. shall be provided free of charge by the data controller. If the request of the user concerned is manifestly unfounded or exaggerated, in particular because of its repetitive nature, the data controller may, subject to the provision of the requested information or information or the administrative Costs:
(a) charge a reasonable amount or
(b) refuse to take action on the basis of the application.
19.2. The Controller shall inform the user without undue delay, and at the latest one month after receipt of the request, of the measures taken in response to the request, including the release of the data. If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by a further two months. The data controller shall inform the user, stating the reasons for the delay, within one month after receipt of the request. If the user submitted the request electronically, the information is provided by the data controller electronically, unless otherwise requested by the user concerned.
19.3. If the data controller does not take action following a request from the user concerned, it shall inform the person affected, without delay, and at the latest one month after receipt of the request, of the reasons for the non-action and of the The user concerned may lodge a complaint with the The supervisory authority referred to in point (a) and may have recourse to judicial remedies as prescribed.
19.4. Users may submit their requests to the data controller in any way that allows them to identify their identity. The identification of the user submitting the application is necessary because the applications can only be made by the data manager. If the controller has reasonable doubts about the identity of the natural person submitting the request, it may request additional information necessary to confirm the identity of the user concerned.
User requests by mail Data Explorer 1.1. Email to firstname.lastname@example.org e-mail address. An email application is considered to be authentic only if it is provided to you by the user of the data controller and registered E-mail address, but the use of the other e-mail addresses does not ignore the request. In the case of an E-mail, the date of receipt shall be the first working day after dispatch.
20. Data protection, security
20.1. The controller shall ensure the security of the data, including technical and organisational measures and internal procedural rules, in the processing and processing activities of which it is subject to legislation and other data and Protection of confidentiality rules. It shall, in particular, protect against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction and injury, and changes in the technique used. The data processed against becoming inaccessible.
20.2. To this end, the Data Manager uses the HTTP protocol “https” to access the Web site, which is used to encrypt and uniquely identify web communications. In addition, in accordance with the above, data controller stores the data processed in the form of encrypted data files, in separate processing purposes, for which a data controller on a specific site Employees who carry out duties in the pursuit of their activities, whose job responsibilities are the protection of the data and the responsible management of this information and the relevant legislation.
20.3. Data to be used as the basis for the measurement of hits and habits for the use of the site data controller’s IT system from the outset is recorded in such a way that they cannot be directly linked to a person.
20.4. Data shall be processed only to the extent necessary and proportionate to achieve the legitimate purpose set out in this prospectus, in accordance with applicable laws and recommendations and with appropriate security measures.
21.1. The data subjects have their legal remedies in the 2013 of the Civil Code. Before a court on the basis of law V and the GDPR and may refer to the national data Protection and Information Authority:
National Data Protection and Freedom of Information Authority
Address: 1125 Budapest, Szilágyi Erzsebet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Phone: + 36 1 391 1400
Fax: + 36 1 391 1410
In the case of a court trip, the lawsuit may be brought before the Tribunal of the person’s place of residence or residence, according to the choice of the user concerned, as the court has jurisdiction to adjudify the trial.