Barion Pixel

We use cookies. Cookies are used to optimize the design and display of the website. Only strictly necessary cookies are used. For further information, please refer to the cookie policy

Modify settings I understood
NEWEST
INSPIRATION
SALE
ABOUT ME
NEWBORN GALLERY
WEDDING GALLERY

Data Processing

Data Processing Information

Identification of the Data Controller The online store available at https://www.woolanddreams.com/ is operated by the individual entrepreneur Judith Erzsébet Rigó.

Registration number: 35207779 (Department of Document Oversight, Ministry of Interior)
Tax number: 66464581-2-33
Headquarters: 2085 Pilisvörösvár, Klapka u. 90., Hungary
Business location: 2085 Pilisvörösvár, Klapka u. 90., Hungary
Email: info@varazskezmuhely.hu
(hereinafter referred to as "Data Controller").

2.     Applicable Laws for Data Processing, Scope of the Information

2.1. The Data Controller processes user data in accordance with the following regulations:

·        Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"),

·        Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Ekertv.),

·        Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising (Grt.).

2.2. This information applies to data processing during the use of the website https://www.woolanddreams.com/ (hereinafter: the website), the use of available services, and the fulfillment of orders placed in the online store.

2.3. For the purposes of this information, the term "User" refers to natural persons browsing the website, using its services, and ordering products from the Data Controller.

3.     Legal Basis for Data Processing

3.1. The legal basis for certain data processing by the Data Controller is the consent of the User, as per Article 6(1)(a) of the GDPR. Regarding data processing related to orders, the legal basis is the necessity of processing for the performance of a contract to which the User is a party, as per Article 6(1)(b) of the GDPR.

3.2. In some cases, legal obligations or legitimate interests may also serve as a legal basis for data processing. Details on these are provided in the respective sections concerning specific data processing activities.

4.     Data Processing Related to Ensuring the Operation of Information Technology Services

4.1. Data Subjects: Every User visiting the website, irrespective of the use of services.

4.2. Legal Basis: For the essential data processing required for service provision, the Data Controller is authorized by Section 13/A of Act CVIII of 2001 to process data necessary for the proper operation of the website. Therefore, the legal basis for processing such data is the legitimate interest of the Data Controller, according to Article 6(1)(f) of the GDPR. The Data Controller processes only the data necessary for the user-friendly operation of the website for the required period. This includes technical data necessary for the enjoyable display of website pages, the proper functioning of its features, and comfortable use for the User. The Data Controller does not transmit this data to third parties and does not process it for other purposes. In the processing of this data, the Data Controller uses the services of providers specified in the "Information Technology Data Processing" chapter as data processors. Considering that the processing of these data does not pose a risk to the User, the Data Controller restricts the User's right to self-determination proportionately, in line with its legitimate interest - ensuring the usability of the website.

4.3. Definition of Processed Data: Information technology data processing involves data related to the operation of "cookies" used by the website and the use of log files applied by the web hosting provider, as detailed below. For user-friendly browsing:

·        Visited pages during website visits and their opening order

·        IP address of the device used by the User For measuring website visits (anonymous data not linked to the User):

·        Visited pages during website visits and their opening order

·        Frequency of viewing certain pages on the website

·        Referring website of the User to this website (only for websites with a link to this website)

·        Approximate determination of the geographical location of the User visiting the website (based on data from the internet service provider, approximate data regarding the location of the browsing device)

·        Start time of browsing the website

·        Time of leaving the website (completion of browsing)

·        Duration of browsing the website.

4.4. Purpose of Data Processing: The use of "cookies" and log files is necessary for the user-friendly and secure operation of the website. The purpose of processing data through these methods is to ensure the secure and user-friendly operation of the website for the User. The processing of anonymous data collected regarding the use of the website aims at improving our services and developing the website to better meet the needs of Users.

Specifically:

·        Identification of the User's device used for browsing, storing identifier data for the duration of browsing, based on the IP address. This facilitates smoother browsing, as the User would otherwise need to identify themselves on each visited page or repeat processes.

The data required for the following purposes is recorded in an anonymous manner and cannot be linked to a person:

·        Measurement of website traffic, frequency of viewing certain pages, and duration of browsing certain pages to tailor the website to the maximum satisfaction of Users by the Data Controller.

·        Approximate determination of the location of the User (based on data from the internet service provider) to map the geographical interest areas after using the service of the Data Controller.

·        Identification of the website from which the User came to this website, enabling the Data Controller to learn about topics of interest to Users interested in its services and measure the effectiveness of promotional activities.

4.5. Duration of Data Processing: The Data Controller processes some of the data for the duration of browsing, while certain data are stored for a variable period, but no longer than 1 month.

Data necessary for the user-friendly operation of the website (IP address, order of visited pages during browsing) are recorded for the duration of the browsing session (i.e., the duration of browsing the website) and are deleted after its completion. The Data Controller's information system performs the processing of such data with its own tools, and third parties do not have access to it, except in the case of information technology data processing (as described in the chapter "Use of Data Processors" below).

The data serving as the basis for measuring attendance and mapping user habits related to the use of the website are recorded by the Data Controller's information system anonymously from the beginning and are permanently stored for a maximum of 1 month using cookies on the User's browsing device. Users can ensure the deletion of these cookies at any time through their browser settings.

 


4.6. Method of data storage: The data are stored in separate data processing lists in the data controller's information system. Data necessary for the user-friendly operation of the website (IP address, sequence of visited pages during browsing) are not stored by the data controller. These data are stored locally on the user's device by provider cookies. Log files used by the web hosting provider are stored on the server of the hosting provider.

4.7. Details about the information technology data processing can be found by the user when starting to browse the website, in the popup warning bar, and by clicking on the "Information about the Use of Cookies" label on the website.

5.     Data Processing Related to Receiving and Responding to Messages

5.1. Individuals affected by data processing: Users who send messages to the data controller using the messaging interface available in the "Contact" section of the website or by email to the email address(es) provided on the website.

5.2. Legal basis for data processing: Consent of the user pursuant to Article 6(1)(a) of the GDPR.

5.3. Determination of the scope of processed data: The user sending an email message:

·        Last name

·        First name

·        Email address

·        Any additional data provided by the user in the email message.

Regarding additional data provided by the user in the email message, the data controller only processes data that is necessary in connection with the content of the sent message. The data controller does not request the user to provide unexpected personal data. In the case of unexpected personal data disclosure, the data controller does not store such data and promptly deletes it from its information system.

5.4. Purpose of data processing: Facilitating communication with the user.

Services related to this include:

·        Sending messages through the messaging interface ("Contact" page),

·        Receiving messages sent by email (using the email address(es) provided on the website),

·        Responding to messages received through the aforementioned methods within 2 working days.

5.5. Duration of data processing: The data controller processes the data until the purpose is fulfilled. Accordingly, for users sending messages, the duration of data processing extends until the message is responded to or the user's request is fulfilled. The data controller deletes the data processed for this purpose after responding to the message/fulfilling the request. If the exchange of messages leads to the conclusion of a contract and the content of the messages is essential for the contract, the legal basis and duration of data processing follow the provisions described in point 6 (data processing related to orders).

5.6. Method of data storage: In a separate data processing list in the data controller's information system, until the end of the information exchange period.

6.     Data Processing Related to Newsletter Sending

6.1. Individuals affected by data processing: Users who subscribe to the newsletter by filling out the subscription fields on the website.

6.2. Legal basis for data processing: User consent under Article 6(1)(a) of the GDPR and Sections 6(1) and (2) of the Hungarian Advertising Act. User provides voluntary consent by familiarizing themselves with this data processing information and filling out the subscription fields, marking the consent statement found there. By doing so, the user declares their consent to the processing of their data as specified in the data processing information and to the sending of newsletters.

6.3. In addition to providing useful information, the newsletter service also aims to achieve direct marketing by the data controller. The use of this service is voluntary, and the decision to subscribe is based on the user's decision after being properly informed. If a user chooses not to use the newsletter service, it will not disadvantage them in terms of using the website and accessing other services. The use of the direct marketing service does not impose a condition for the use of any other services.

6.4. Scope of processed data:

·        Name

·        Email address.

6.5. Purpose of data processing: Sending newsletters to the user by the data controller via email. Sending newsletters involves sending information about the data controller's services, updates, current events, attention-grabbing offers, and promotional content.

6.6. Duration of Data Processing: The data controller processes the data held for the purpose of sending newsletters until the user withdraws their consent (unsubscribe) or until the user requests deletion of the data.

6.7. Method of Data Storage: The data controller stores the data in a separate data processing list in its information system.

7.     Data Processing Related to Registration

7.1. Individuals Affected by Data Processing: Users registering on the website.

7.2. Legal Basis for Data Processing: User consent under Article 6(1)(a) of the GDPR.

7.3. Determination of the Scope of Processed Data: For registering users, data processing involves the collection of the personal data and contact information listed on the registration form.

7.4. Scope of Data:

·        Last name

·        First name

·        Email address

·        Username

·        Password

·        Phone number.

7.5. Purpose of Data Processing: Registration on the website to facilitate regular purchases.

Services related to this include:

·        Browsing the website after logging in,

·        Facilitating online product orders by storing necessary order information and allowing users to independently modify this data,

·        Storing and making previous orders accessible to the user in their user account.

7.6. Duration of Data Processing: For registered users, data processing lasts until the registered user's request for deletion. Data processing may also cease with the user's deletion of their registration or with the data controller's deletion of the user's registration. The user can delete their registration at any time or request its deletion from the data controller, which the data controller will execute promptly, but no later than within 10 working days of receiving the request.

7.7. Method of Data Storage: The data controller stores the data in a separate data processing list in its information system.

8.     Data Processing Related to Orders

8.1. Individuals Affected by Data Processing: Users placing orders on the website.

8.2. Legal Basis for Data Processing: Article 6(1)(b) of the GDPR, stating that data processing is necessary for the performance of a contract to which the user is a party.

8.3. Determination of the Scope of Processed Data: Data processing involves the following personal data and contact information. For natural person users:

·        Last name

·        First name

·        Phone number

·        Email address

·        Billing name (if different)

·        Billing address

·        Shipping name (if different)

·        Shipping address (if different)

·        Specification of the ordered product(s)

·        Purchase price of the ordered product(s)

·        Method of receipt/delivery

·        Payment method

·        Any other information provided by the user during the order process that is necessary for order fulfillment

·        Order date

·        Payment date

·        User's bank account number in the case of advance payment by bank transfer. For representatives/contacts of business organizations placing orders:

·        Contact person's last name

·        Contact person's first name

·        Phone number

·        Email address

·        Password

·        Billing name (name of the business organization)

·        Billing address (address of the business organization)

·        Tax identification number of the business organization

·        Shipping name (if different)

·        Shipping address.

In the case of online credit card payments, the data controller does not have access to the data of the bank card used for payment; the user directly provides this information to the payment service provider.

8.4. Purpose of Data Processing: Execution and fulfillment of the contract resulting from the order.

8.5. Duration of Data Processing: The data controller processes the above data necessary for order fulfillment for the duration required to meet the accounting law's obligation for document retention. According to accounting law, this period is a minimum of 8 years from the issuance of the invoice, and after this period, the data controller will delete the data within one year. During the necessary shipment for order fulfillment, the data controller processes the data (name, shipping address, phone number) for this purpose until the completion of the shipment. When transmitting data to the shipping company for the purpose of fulfillment, the data controller imposes limitations on data processing, ensuring that the shipping company can only process the transmitted data to the extent and duration necessary for completing the shipment. However, the shipping company may have a legitimate interest in retaining the above data or part of it for a certain period in case of complaints, claims, or legal disputes. This retention is carried out independently by the shipping company, and the user can find more information in the data processing information of the respective service provider in the section titled "Use of Data Processors" in this information, where the contact information of their website containing their data processing information is also provided.

Any additional data processed during the order, such as significant content-related messages related to the user and the data controller's order, is processed by the data controller for 5 years from the conclusion of the contract—the general limitation period for civil law claims.

8.6. Method of Data Storage: The data controller stores the data in a separate data processing list in its information system, and for the necessary accounting data, on accounting documents (invoices) to fulfill the obligation of accounting law for document retention.

 

9.     Data Processing Without Further Separate Consent or After Withdrawal of Consent

9.1. The data controller may process data collected with the user's consent without further separate consent or after the withdrawal of consent by the user in accordance with Article 6(1) of the GDPR, as outlined below.

9.2. If personal data is collected with the user's consent, the data controller, in the absence of a legal provision to the contrary, may continue to process the collected data without further separate consent from the user and even after the user withdraws their consent in the following cases:

·        Data processing is necessary for the data controller to fulfill a legal obligation.

·        Data processing is necessary to protect the vital interests of the user or another natural person.

·        Data processing is necessary for the legitimate interests pursued by the data controller or a third party, except where the interests or fundamental rights and freedoms of the user take precedence, especially if the user is a child.

10.  Additional Legal Bases for Data Processing Independent of User Consent

10.1. The legal basis for data processing may also be, in relevant cases, the necessity of data processing to fulfill a legal obligation according to Article 6(1)(c) of the GDPR. In certain cases, the data controller may be obliged to carry out mandatory data processing as stipulated by law or other regulations. Additionally, the data controller is obligated to comply with requests from authorities, which may involve the processing and transmission of personal data, as mandated by law.

10.2. Furthermore, according to Article 6(1)(d) and (f) of the GDPR, the data controller informs that personal data of the user may be processed without their consent when the processing is necessary to protect the vital interests of the user or another natural person, or when the processing is necessary for the legitimate interests pursued by the data controller or a third party—except when overridden by the user's interests or fundamental rights and freedoms, especially if the user is a child.

10.3. In accordance with Section 13/A of Act CVIII of 2001 on certain issues related to electronic commerce services and information society services (hereinafter referred to as Ekertv.), the data controller further informs the user as follows: The service provided by the data controller qualifies as an information society service related to electronic commerce according to Ekertv. For the purpose of providing its service, the data controller may process the natural personal identification data and address of the user necessary for identification, as well as other personal data related to the time, duration, and location of using the service for the establishment, definition, modification, monitoring of performance, billing of fees arising from the service, and enforcing related claims. For billing fees arising from the service, the data controller may process the personal identification data and address of the user, as well as data related to the time, duration, and location of using the service. To provide the service, the data controller may process personal data that is technically indispensable for providing the service. In cases where other conditions are identical, the data controller selects and operates the tools used during the provision of the service in a way that personal data is only processed if absolutely necessary for providing the service and for fulfilling other purposes defined in this law, but only to the extent and duration necessary. (For further characteristics of technically necessary data processing, refer to the document "Information on the Use of 'Cookies'" and Section 4 of this information.) Data controller may process data related to the use of the service for any purpose other than those specified above – including, in particular, to increase the efficiency of the service, deliver electronic advertisements or other targeted content to the user, or for market research purposes – only with the prior determination of the data processing purpose and based on the user's consent.

 

11.  Data Processing Records

11.1. Registry of Customers: Contains the necessary data of users placing orders, as listed in point 8. This data is related to the fulfillment of the contract. The data related to invoice retention is deleted after the statutory accounting-related data retention obligation, i.e., after 8 years from the issuance of the invoice. Other order-related data is deleted after 5 years following the conclusion of the contract.

11.2. Registry of Registered Users: Contains the data of users registering on the website, as listed in point 7. The deletion of data occurs when the registration is deleted, or upon the withdrawal of user consent, or upon fulfilling the request for data deletion.

11.3. Registry of Newsletter Subscribers: Contains the data of users subscribing to the newsletter, as listed in point 6. The deletion of data occurs upon unsubscribing, withdrawal of user consent, or upon fulfilling the request for data deletion.

11.4. Record of Data Protection Incidents: A record of unlawful processing or handling of personal data and measures taken to rectify these incidents. It includes the scope of personal data involved, the number of individuals affected by the data protection incident, the date, circumstances, impacts of the incident, and measures taken to rectify it, as well as any other data required by the law in case of data processing based on legal obligation.

11.5. For the achievement of data processing purposes, the data controller stores data in separate lists, databases by data processing purposes, and in its IT system, as outlined above.

12.  Data Transmission

12.1. Parties Affected by Data Transmission: Users who choose online payment during the order process, independent of other services provided by the website.

12.2. Recipient of Data Transmission: Barion Payment Ltd. Company Registration Number: 01-10-048552 Tax Identification Number: 25353192243 Address: 1117 Budapest, Irinyi József Street 4-20, 2nd floor Website: Barion A business entity serving as the service provider for online payment services available on the data controller's website.

12.3. Legal Basis for Data Transmission: User consent according to Article 6(1)(a) of the GDPR. After becoming acquainted with the data processing information, users voluntarily consent to data transmission by selecting online payment and submitting their order for the secure processing of necessary data for online payment.

12.4. Scope of Transmitted Data:

·        Username

·        Last name

·        First name

·        Country

·        Phone number

·        Email address.

During payment, the user provides their bank card details directly to the payment service provider, and this information is not retained by the data controller.

12.5. Purpose of Data Transmission: Proper operation of the payment service and the technical execution of payments, confirmation of transactions, operation of fraud monitoring to protect the interests of users, and providing customer support to users.

12.6. The data controller does not transmit data to third parties for business or marketing purposes.

12.7. Outside the mentioned cases, the data controller only transmits data to authorities in case of legal obligations.

 

13.  Data Processor Engagement As a data controller, the following business organizations are engaged for data processing.

13.1. Web Developer and Hosting Service Provider

13.1.1. Parties Affected by Data Processing: Users visiting the website, irrespective of using the services provided by the website.

13.1.2. Data Controller Engages as Data Processor: ShopRenter.hu Trade and Service Limited Liability Company Abbreviated name: ShopRenter.hu Kft. Company Registration Number: 09-09-020636 Tax Identification Number: 23174108-2-09 Registered Office: 4028 Debrecen, Kassai út 129. Branch: 4028 Debrecen, Kassai út 129. Mailing Address: 4028 Debrecen, Kassai út 129. Phone: +36 1 234 5012 Email: info@shoprenter.hu Website: ShopRenter A business entity serving as the web hosting service provider, developer, and technical maintainer of the website (hereinafter referred to as Data Processor).

13.1.3. Determination of the Scope of Processed Data: The data processing encompasses all data specified in this information notice.

13.1.4. Purpose of Data Processing: Ensuring the information technology operation of the website for the respective user.

13.1.5. Duration of Data Processing: Aligns with the data processing durations regulated in this information notice for individual data processing purposes.

13.1.6. Data processing solely involves technical operations necessary for the IT operation of the website.

13.2. Data Processing Related to Electronic Correspondence

13.2.1. Parties Affected by Data Processing: Users sending emails to the email address published on the website, regardless of using other services provided by the website.

13.2.2. Data Controller Engages as Data Processor: GOOGLE INC. Company Registration Number: 20031277465 Tax Identification Number: 20031277465 Registered Office: 1600 Amphitheatre Parkway Mountain View CA 94043 US Branch: 1600 Amphitheatre Parkway Mountain View CA 94043 US Mailing Address: 1600 Amphitheatre Parkway Mountain View CA 94043 US Phone: - Email: not available Website: Google A business entity serving as the software developer and maintainer of the electronic mail service used by the Data Controller and the hosting service provider for email (hereinafter referred to as Data Processor).

13.2.3. Determination of the Scope of Processed Data: Data processing involves the user's name, email address, and any additional information provided in the email.

13.2.4. Purpose of Data Processing: Ensuring the information technology operation of the electronic mail service for the respective user.

13.2.5. Duration of Data Processing: The data processing duration extends until the response to the message or the fulfillment of the user's request. The Data Controller deletes the data processed for this purpose after responding to the message or fulfilling the request. If multiple related message exchanges occur for information exchange, the data is deleted after completing the information exchange or fulfilling the request.

If a contractual relationship is established following the message exchange, and the content of the messages is essential for the contract, the legal basis and duration of data processing are determined as per the provisions in point 5 (order-related data processing).

Data processing lasts until the Data Controller deletes it in all cases, following the above.

13.2.6. Data processing only involves technical operations necessary for the IT operation of the electronic mail service.

13.3. Data Processing Related to Newsletter Sending

13.3.1. Parties Affected by Data Processing: Users subscribing to the newsletter on the website, regardless of using other services provided by the website.

13.3.2. Data Controller Engages as Data Processor: SalesAutopilot Kft. Registered Office: 1016 Budapest, Zsolt utca 6/A. 5. em. 1. Mailing Address: SalesAutopilot Kft. 1538 Budapest, Pf. 515. Phone: (+36) 1 490 0172 Service: MailMaster / SalesAutopilot Tax Identification Number: 25743500-2-41 Company Registration Number: Cg. 01 09 286773 Date of Company Registration: 2016.10.31. A business entity serving as the software developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter referred to as Data Processor).

13.3.3. Determination of the Scope of Processed Data: Data processing involves the user's name and email address subscribing to the newsletter.

13.3.4. Purpose of Data Processing: Ensuring the information technology operation of the software used by the Data Controller for sending newsletters, through data processing involved in the secure operation of the software.

13.3.5. Duration of Data Processing: Until the user's consent for newsletter sending is withdrawn (unsubscribe) or until the user requests the deletion of data.

13.3.6. Data processing only involves technical operations necessary for the IT operation of the newsletter sending software.


13.4. Data Processing Related to Product Delivery

13.4.1. Parties Affected by Data Processing: Users selecting delivery as the method of receiving the product during the order and requesting delivery to an address in Hungary.

13.4.2. Data Controller Engages as Data Processor:

Post Solutions Kft. 1215 Budapest Popieluszko u.23. Tax Identification Number: 24952152-2-43, HU24952152243

A business entity serving as the organizer of courier delivery for the ordered products (hereinafter referred to as Data Processor).

13.4.3. Data Controller Engages as Data Processor:

DPD HUNGARY KFT. 1134 BUDAPEST, VÁCI ÚT 33. A ÉPÜLET II. EMELET EU VAT Number: HU13034283 VAT Number: 13034283-2-44 Company Registration Number: 01-09-888141

A business entity serving as the carrier of the ordered products (hereinafter referred to as Data Processor).

13.4.4. Determination of the Scope of Processed Data: The data processing involves the following user data for the performance of the contract arising from the user's order (execution of delivery):

·        Last name

·        First name

·        Phone number

·        Delivery address.

13.4.5. Purpose of Data Processing: Organizing and delivering the ordered product to the user's specified address, including necessary coordination via phone regarding the place and time of delivery, within the framework of performing the contract arising from the user's order.

13.4.6. Duration of Data Processing: It lasts for the time necessary for the delivery and fulfillment of the contract.

13.4.7. Data processing solely involves operations necessary for organizing and fulfilling the delivery.

13.5. Data Processing Related to Postal Delivery of the Product

13.5.1. Parties Affected by Data Processing: Users requesting delivery to an address outside Hungary, within the European Union, during the order, and users requesting delivery to a Hungarian address as a postal consignment.

13.5.2. Data Controller Engages as Data Processor:

G3 Worldwide Hungary Szolgáltató Korlátolt Felelősségű Társaság Company Registration Number: 01 09 063948 Tax Identification Number: 10271384243 Address: 1097 Budapest, Ecseri út 14-16. Website: G3 Worldwide Hungary

A business entity serving as the provider delivering the ordered products (hereinafter referred to as Data Processor).

13.5.3. Determination of the Scope of Processed Data: The data processing involves the following user data for the performance of the contract arising from the user's order (execution of delivery):

·        Last name

·        First name

·        Phone number

·        Delivery address.

13.5.4. Purpose of Data Processing: Executing the delivery of the ordered product to the user's specified address, including necessary coordination via phone regarding the place and time of delivery, within the framework of performing the contract arising from the user's order.

13.5.5. Duration of Data Processing: It lasts for the time necessary for the delivery and fulfillment of the contract.

13.5.6. Data processing solely involves operations necessary for organizing and fulfilling the delivery.

13.5.7. Data Controller Engages as Data Processor:

GLS General Logistic Systems Hungary Csomag-Logizstikai Kft. Abbreviated name: GLS Kft. Company Registration Number: 13-09-111-755 Tax Identification Number: 12369410-2-44 Registered Office: 2351 Alsónémedi GLS Európa u. 2. Email: info@gls-hungary.com Website: GLS Group

A business entity serving as the provider delivering the ordered products (hereinafter referred to as Data Processor).

13.5.8. Determination of the Scope of Processed Data: The data processing involves the following user data for the performance of the contract arising from the user's order (execution of delivery):

·        Last name

·        First name

·        Phone number

·        Delivery address.

13.5.9. Purpose of Data Processing: Executing the delivery of the ordered product to the user's specified address, including necessary coordination via phone regarding the place and time of delivery, within the framework of performing the contract arising from the user's order.

13.5.10. Duration of Data Processing: It lasts for the time necessary for the delivery and fulfillment of the contract.

13.5.11. Data processing solely involves operations necessary for organizing and fulfilling the delivery.

 

13.6. Data processing for any other purpose does not occur.

13.7. The Data Processors are not interested in the business activities of the Data Controller.

13.8. The Data Controller does not engage any other data processor besides the ones mentioned above.

14.  User Rights Regarding Data Processing

14.1. Right of Access: Upon the user's request, the Data Controller provides information about the user's personal data processed by the Data Controller or by a data processor appointed by the Data Controller, including their source, purpose, legal basis, duration, the name and address of the data processor, and the data processing activities related to data protection incidents, their circumstances, effects, and the measures taken to mitigate them. If personal data is transmitted, the information includes the legal basis and recipient. The information is provided without undue delay and, at the latest, within one month of receiving the request. Within the right of access, the Data Controller provides a copy of the personal data undergoing processing to the user, free of charge and at the latest within one month of receiving the request. For additional copies requested by the user, the Data Controller may charge a reasonable fee based on administrative costs (as per point 15).

14.2. Right to Data Portability: The user has the right to receive their personal data provided to the Data Controller in a structured, commonly used, and machine-readable format. The user is also entitled to transmit this data to another data controller without hindrance from the original data controller if: a) the processing is based on the user's consent or on a contract; and b) the processing is carried out by automated means. When exercising the right to data portability, the user has the right to have personal data transmitted directly from one data controller to another, where technically feasible.

14.3. Right to Rectification: The user can request the correction of their processed data, which the Data Controller fulfills without undue delay and, at the latest, within one month of receiving the request. Taking into account the purpose of data processing, the user has the right to request the completion of incomplete personal data through a supplementary statement, among other methods.

14.4. Right to Restriction of Processing: The Data Controller marks the personal data processed by them for the purpose of restricting processing. The user has the right to request the restriction of processing from the Data Controller if: a) the user disputes the accuracy of the personal data, in which case the restriction applies for a period allowing the Data Controller to verify the accuracy of the personal data; b) the processing is unlawful, and the user opposes the erasure of the personal data and requests the restriction of their use instead; c) the Data Controller no longer needs the personal data for the purposes of the processing, but the user requires them for the establishment, exercise, or defense of legal claims; or d) the user has objected to processing based on the legitimate interests of the Data Controller; in this case, the restriction applies for the time it takes to determine whether the Data Controller's legitimate interests override those of the user.

14.5. Right to Erasure: The Data Controller deletes personal data if: a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; b) the user withdraws consent on which the processing is based, and there is no other legal ground for the processing; c) the user objects to the processing, and there are no overriding legitimate grounds for the processing, or the user objects to the processing for direct marketing purposes; d) the personal data has been unlawfully processed; e) the erasure of personal data is required to fulfill a legal obligation under EU or member state law to which the Data Controller is subject; or f) the user has requested erasure, and the personal data was collected in relation to the offer of information society services directly to children. The Data Controller informs the user and all recipients of the data about rectification, restriction, or erasure. Notification can be waived if it proves impossible or would involve disproportionate effort. Upon request, the Data Controller informs the user about these recipients.

14.6. Right to Object: The user has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the legitimate interests pursued by the Data Controller. In this case, the Data Controller may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the user or for the establishment, exercise, or defense of legal claims.

Az űrlap teteje

 

15. 
Fulfillment of User Requests

15.1. The Data Controller provides information and takes actions according to point 14 free of charge. If the user's request is clearly unfounded or, due to its repetitive nature, excessive, the Data Controller, taking into account the administrative costs associated with providing the requested information or taking action: a) may charge a reasonable fee, or b) may refuse to take action based on the request.

15.2. The Data Controller informs the user about the measures taken as a result of the request, including the issuance of data copies, without undue delay and, at the latest, within one month of receiving the request. If necessary, considering the complexity and the number of requests, this period may be extended by an additional two months. The Data Controller informs the user of the extension, stating the reasons for the delay, within one month of receiving the request. If the user submitted the request electronically, the Data Controller provides the information electronically unless the user requests otherwise.

15.3. If the Data Controller does not take action on the user's request, the Data Controller informs the user of the reasons for not taking action without undue delay and, at the latest, within one month of receiving the request. The Data Controller also informs the user that they may file a complaint with the supervisory authority mentioned in point 15 and exercise their right to judicial remedy as described there.

15.4. The user can submit their requests to the Data Controller in any manner that allows their identification. The identification of the user submitting the request is necessary because the Data Controller can only fulfill requests from authorized individuals. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, they may request further information to confirm the user's identity.

15.5. The user can submit their requests to the Data Controller by post to the address: Adatkezelő Magyarország, 2085 Pilisvörösvár, Klapka u. 90. or by email to varazskezmuhely@gmail.com. An email request is considered authentic only if it is sent from the email address provided by the user to the Data Controller and registered there. The use of another email address does not imply the disregard of the request. The date of receipt for emails is considered the first working day following the date of sending.

16.  Data Protection, Data Security

16.1. The Data Controller ensures the security of data within the scope of data processing and data processing activities through technical and organizational measures, as well as internal procedural rules, to enforce compliance with laws and other regulations related to data and confidentiality. Adequate measures are taken to protect processed data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and to prevent data from becoming inaccessible due to changes in applied technology.

16.2. The data used as the basis for measuring website visits and mapping usage habits are recorded by the Data Controller's IT system in a way that does not directly link them to any individual from the beginning.

16.3. Data is processed only for the purposes specified in this information, in a lawful, necessary, and proportionate manner, in accordance with relevant laws and recommendations, and with appropriate security measures.

16.4. For this purpose, the Data Controller uses the "https" scheme of the HTTP protocol to access the website, which encrypts web communication and allows for unique identification. In addition, the Data Controller stores processed data in encrypted data files, separated by data processing purposes, in compliance with this information. Only designated employees responsible for tasks related to specific activities outlined in this information can access these files. It is the responsibility of these employees to protect the data and handle it responsibly in accordance with this information and relevant laws.

 

17. 
Enforcement of Rights

Individuals can enforce their rights in court based on the Civil Code (Act V of 2013) and the GDPR. They may also turn to the Hungarian National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Mailing address: 1530 Budapest, Pf.: 5. Phone: +36 1 391 1400 Fax: +36 1 391 1410 Email: ugyfelszolgalat@naih.hu Website: http://www.naih.hu/

If the judicial route is chosen, the lawsuit can be initiated before the court having jurisdiction over the individual's place of residence or habitual residence, as the adjudication of the lawsuit falls within the competence of the respective court.

 

Judit Erzsébet Rigó, 2024.02.07