- GENERAL INFORMATION
In order to inform you of all aspects concerning the processing of your personal data, please read the below points carefully. For further information concerning other aspects of using the Webshop, please also see the separate policies included on the Webshop, such as the Terms and Conditions.
The Controller with regard to the Webshop is Nagy Fanni private entrepreneur (registered office: Előd u. 23/A, 2112 Veresegyház, Hungary, Company premises: Üllői út 32. 2. floor, 1085 Budapest, Hungary, registration number: 51794686
, tax number: 68471916-2-33 HU68471916, e-mail: firstname.lastname@example.org, hereinafter “FANNYNAGY”).
Personal datashall mean any information relating to an identified or identifiable natural person (i.e. the Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of datashall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controllershall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. In respect of the present PrivacyPolicy, FANNYNAGY is a Controller.
Processorshall mean a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The data subject’s consentmeans any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
NAIHrefers to the Hungarian National Authority for Data Protection and Freedom of Information. The competent Authority in respect of FANNYNAGY is NAIH.
- PRELIMINARY INFORMATION ON PROCESSING OF PERSONAL DATA
FANNYNAGY is processing your personal data regarding the below listed operations, according to the following conditions:
3.1. Purposes for which your personal data is required
- Operating the Webshop: managing the personal data of the Controller’s customers in relation with purchasing a product, shipping, invoicing or contacting you (e.g. regarding the delivery of your order or in case of an eventual return).
- Newsletters: users can subscribe and unsubscribe through an online automated process at their own discretion.
- Cookies: for detailed information about cookies, please see point 4. herein below.
3.2. Legal basis of the data processing operation
- In case of operations mentioned in point 3.1.a): according to Article 6, point b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”), processing is necessary for the performance of a contract to which the Data subject is party.
- In case of point 3.1.b): the legal basis of the data processing operation is your consent.
- Regarding 3.1.c): the legal basis of the data processing operation is your consent, except for strictly necessary cookies.
3.3. Personal data concerned
- In case of operations mentioned in point 3.1.a): your name, address, phone number, e-mail address, delivery address.
- In case of point 3.1.b): your e-mail address.
- Regarding 3.1.c): for detailed information about cookies, please see point 4. herein below.
3.4. Processors and persons to whom your data may be disclosed
The entity providing data hosting services for the Webshop is DomainTank Informatikai Kft.
(registered seat: 2120 Dunakeszi, Kadosa Pál u.3. ¼). The payment gateway of the Webshop is powered by PayPal Inc. (registered seat: L-1150 Luxembourg). Thedelivery of the products is organized by Deutsche Post AG(registered seat: Charles-de-Gaulle-Straße 20
53113 Bonn). FANNYNAGY may use the services of GoogleLLC (registered seat: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Facebook Inc. (registered seat: 1601 S. California Ave, Palo Alto, CA 94304, USA) for marketing purposes.
3.5. Duration of the data processing operations
As for data provided during the ordering process, please note that the retention time for accounting documents (such as invoices) is 8 years, as required by the applicable accounting provisions.
If you subscribed fornewsletters, your e-mail address will be processed for this purpose until you unsubscribe.
As for cookies, for detailed information please see point 4. herein below.
Please note that you as Data subject may request at any time from FANNYNAGY as Controller the erasure of your personal data.
- COOKIES AND TRACKING TECHNOLOGIES
FANNYNAGY may utilize “cookies”, “tags”, “pixels”, “clear gifs” and other similar tracking technologies on its Webshop. A cookie is a text file that is placed on your computer or other mobile device when you access the Webshop or the Internet. These technologies allow FANNYNAGY to collect information about your interaction with the Webshop and advertisements. Examples of such information may include, but are not limited to: demographic information, browser type, IP address, pages viewed, activity conducted, and timing of your visit. You may at any time “opt out” of certain tracking mechanisms through your browser settings. However, disabling such features may prevent you from using certain features or taking full advantage of all of the offerings on the Webshop.
Different types of cookies are used for different purposes on the Webshop, these are known as: strictly necessary cookies, performance cookies, and functionality cookies. Some cookies may be provided by an external third party to provide additional functionality to the Webshop and these are included below.
Strictly necessary cookies
These are cookies that are essential to fulfil an action requested by you, such as identifying you as being logged in. If you prevent these cookies by adjusting your browser settings, we cannot guarantee how the Webshop will perform during your visit.
These are cookies used to improve the Webshop, for example for analytics that let us see how it is being used and where to make improvements. These cookies are used to collect information about how visitors use the Webshop. The information is collected in an anonymous form and includes the number of visitors, where visitors have come from to the Webshop and the pages they visited.
These cookies enhance the performance and functionality of the Webshop, often as a result of something you’re doing as a user. For instance, we may personalize our content for you or remember your preferences.
Do Not Track Requests.We will automatically collect cookies and other information when you visit the Webshop. Due to this automatic collection, we do not honor browser based “do not track” requests. For information on how to opt-out of the collection of information by other tracking devices please refer to the “Choice/Opt-Out” section below.
Disabling Cookies on Your Browser.You may refuse or delete cookies on the Webshop. Please refer to your browser Help instructions to learn more about cookies and other tracking devices and how to manage their use. If you choose to refuse or delete cookies, some of the functionality of the Webshop may be impaired. If you use another computer or change browsers you will need to repeat the process of refusing or deleting cookies. For more information about cookies including how to set your internet browser to reject cookies please go to www.allaboutcookies.org.
Ad Tracking.Certain devices may allow you to Limit Ad Tracking. Please refer to the settings on your computer or device for information on how to disable Ad Tracking.
- RIGHTS AND REMEDIES
5.1. Entitlements of Data subjects and exercise of their rights
With regard to personal data processed by the Controller or by the Processor acting on the Controller’s behalf or following the Controller’s instructions, the Data subject shall, under the conditions set out in the Info Act:
- have the right to be informed of the circumstances of data processing before the commencement of processing (“right to prior information”);
- have the right to request the Controller to make available his personal data and information concerning the processing thereof (“right of access”);
- have the right to obtain from the Controller rectification and/or amendment of his or her personal data upon request (“right to rectification”);
- have the right to obtain from the Controller restriction of his or her personal data upon request (“right to restriction of data processing”);
- have the right to obtain from the Controller erasure of his or her personal data upon request (“right to erasure”).
In order to ensure the exercise of the rights of Data subjects, the Controller shall implement appropriate technical and organizational measures, such as:
- to provide any information and any communication to the Data subject in an intelligible and easily accessible form, using concise, clear and plain language, and
- to evaluate any request submitted by the Data subject concerning the exercise of his or her rights within the shortest possible time, not exceeding 25 (twenty-five) days, and to notify the Data subject of its decision in writing, or electronically, if the Data subject made the request by electronic means.
5.2. Authority proceedings and judicial remedy
In exercising his or her rights, the Data subject shall be able to:
- request NAIH to investigate the lawfulness of processing by the Controller, if the Controller prevented the exercise of his or her rights, or refused his or her request for exercising those rights; and
- request NAIH to open administrative proceedings for data protection, if he or she is of the opinion that the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions is in breach of the provisions of law or binding legislation of the European Union on the processing of personal data.
The Data subject may bring action before the court against the Controller, or the Processor – in connection with processing operations falling within the Processor’s scope of responsibilities – if he or she is of the opinion that the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions processes his or her personal data in breach of the provisions of law or binding legislation of the European Union on the processing of personal data.
The burden of proof to ascertain that data processing is in compliance with the provisions of law or binding legislation of the European Union on the processing of personal data, lies with the Controller and/or the Processor.
If the court rules in favor of the plaintiff, it shall establish the infringement and shall order the Controller and/or the Processor: (1) to bring about the cessation of the unlawful processing operations; (2) to restore the lawfulness of data processing, and/or (3) to perform certain well-defined activities so as to ensure the exercise of the Data subject’s rights, and shall rule on any claim for damages, restitution, if applicable.
If the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions is in breach of the provisions of law or binding legislation of the European Union on the processing of personal data, thus causing damage to others, they shall be liable for such damage.
If the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions is in breach of the provisions of law or binding legislation of the European Union on the processing of personal data, and thus violates the rights of others relating to personality as a result, the person whose rights relating to personality are violated may demand restitution from the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions.
The Controller shall be exempt from liability for damages or for payment of restitution if he proves that the damage was caused by or the violation of rights relating to personality is attributable to reasons beyond his control.
The Processor shall be exempt from liability for damages or for payment of restitution if able to evidence that he has acted during processing operations in compliance with all obligations specifically directed to Processors by law or binding legislation of the European Union pertaining to processing personal data, and in due observation of the Controller’s lawful instructions.
No compensation shall be paid, and no restitution may be demanded where the damage was caused by, or the violation of rights relating to personality is attributable to, intentional or negligent conduct on the part of the person whose rights relating to personality had been violated.
The data management regarding the Webshop is governed by the applicable European and Hungarian legislation, including especially the provisions of GDPR and the Info Act. Any dispute between you and FANNYNAGY shall be submitted to the competent Hungarian courts.