This privacy prospectus is based on Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
1.1 The purpose of this prospectus is to notify the data subjects, whose data is processed by Koltai Viktor E.V. (“Controller”) about the information covered by paragraph 1 of article 13 of the GDPR, and about the management of personal data and his or her rights in accordance with this paragraph.
1.2 The Controller processes the data obtained during his activity according to the regulations of the relevant provisions, and so particularly of the GDPR, the legislation issued to its implementation, the Act CXII of 2011 on the right to information self-determination and freedom of information (“Infotv.”), Act V of 2013 on the Civil Code (“Ptk”) and the Act C of 2000 on Accounting.
At the same time the Controller in this document informs his clients, partners, respectively every natural and legal person who is in any relation – which can be interpreted from a legal point of view – with the Controller, and with whom a personal involvement occurs during the processing of their personal data, about the rules of the management of data processed by him, the implemented security measures and the means of data processing.
2 Company data of the Controller
|Name:||Koltai Viktor E.V.|
|seat:||1077 Budapest Izabella utca 3/A.|
|company registration number:||–|
|tax exempt number:||68328636-2-42|
3 Data protection officer of the Controller
|Data protection officer|
|postal address:||1077 Budapest Izabella utca 3/A.|
|e-mail address:||email@example.com / firstname.lastname@example.org|
4 The purpose of data processing, the scope of processed data and the legal basis of data processing
4.1 The purposes of data processing:
– the purpose of the processing of data provided on the webshop’s platform is the identification of the data subject/customer, his or her distinction from persons with the same name and the ensuring of communication with him or her
– ensuring of providing the services available on the webshop’s platform. The Controller uses the data provided by the data subject purposefully, exclusively for the fulfillment of orders, home delivery, enabling of billing, communication, and, in case the data subject has subscribed for newsletter, for sending the newsletter and the latter proof of the terms and conditions of the contract possibly concluded
– ensuring of effective customer service (preparation of statistical reports and analyses for this purpose)
4.2 The scope of processed data
Information provided during purchase:
– Name (Surname First name)
– Company name and tax exempt number, if the data subject possesses one, or if it is required by law
– Billing address (billing name, street name, house number, floor/door, city/town, postcode),
– Delivery address (delivery name, street name, house number, floor/door, city/town, postcode),
– E-mail address
– Telephone number
Information provided during registration:
The data subject is obliged to provide the following personal data during registration/purchase:
– E-mail address,
– Telephone number
– Company name and tax exempt number, if the data subject possesses one, or if it is required by law
– Billing address (billing name, street name, house number, city/town, postcode),
– Delivery address (delivery name, street name, house number, city/town, postcode)
The data processed during traditional registration: username, e-mail address and password.
4.3 The legal basis of data processing
In accordance with the legal basis of data processing, point a) of paragraph 5 of the Act CXII of 2011 on the right to information self-determination and freedom of information. TV. (Infotv.), the data processing takes place based on the voluntary consent of the data subject and the Act CVIII. of 2001 on certain aspects of electronic commerce services and information society services.
The data subject gives his or her consent in relation to each data processing by using the website, registrating and the voluntary providing of the data in question.
5 Additional organizations with access to the data
The data are by right accessed primarily by the Controller and his internal associates, however, they do not publish them and they do not pass them to third parties.
The Controller releases personal data exclusively to contractual partners, for the purpose of billing and delivery.
Data processing organizations:
Octonull Kft (operator of Billingo billing system- 1085 Budapest, József körút 74. I. em. 6.)
GLS Csomagszolgálat (Alsónémedi, GLS Európa u. 2, 2351)
6 Data transfer outside the European Union / European Economic Area or to international organizations.
The Controller does not transfer data outside the European Union / European Economic Area or to international organizations.
7 Duration of data processing
The data processing happens as a rule during the time strictly necessary for the achievement of the data processing goal, together with:
–in case of data processing necessary for the performance of a contract, the processing of data lasts until the termination of the contract, until the validations connected to the contract take place, respectively until the termination of enforceability. The legislation sets a longer deadline (8 years) for data retention as a result of legal requirements (e.g. the provisions of Act C of 2000 on Accounting);
–in case of data processing in relation to fulfillment of legal obligation, the duration of data processing can be defined according to the deadlines set by the legislation determining the legal obligation;
–in case of data processing based on the consent of the data subject, the data processing will be terminated also before the fulfillment of the goal, if the data subject has withdrawn consent
After the expiry of the periods determined above, the Controller will delete the personal data whilst anonymization of the data will be considered as erasure, that is, the data will no longer be identifiable or connected to the data subject/subjects. If the data subject does not accept the Controller’s offer during the conclusion of the contract, the Controller will consider this as withdrawal of consent in respect of personal data processed with the consent of the data subject (e-mail address, telephone number, name), and will delete them from the register immediately.
8 Rights of the data subject
10.1 Right to access and to information
At the request of the data subject, the Controller gives information as to whether or not the data concerning him or her is being processed. If the data are being processed, The Controller, besides ensuring access to the data, informs the data subject about the categories of the processed data, the purpose of data processing, the recipients of data processing or the category of the recipients, the duration of data storage or the aspects of determining the storage period, the exercise of the data subject’s rights, about the right to file a complaint to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), the source of the data, as well as the fact of automated decision-making, including the profiling. In case of data transmission outside the European Union or the European Economic Area, the data subject shall receive information about the appropriate guarantees ensured.
10.2 Right to rectification
The data subject is entitled to request the rectification of his or her data from the Controller, in case of their inaccuracy. If the rectification of the personal data processed by the Controller is needed, the data subject can request the rectification of data in writing (by post or e-mail) by marking the correct data.
The data subject is obliged to report to the Controller any changes concerning the personal data processed by the Controller. The data subject shall report the change in writing (by post or e-mail) immediately, but at the latest 5 days after the change. The data subject is liable for the damage that the lack of this notification or its late execution causes the Controller.
10.3 Right to erasure
In case if the reasons described in article 17 of the GDPR apply, the data subject can request the erasure of the personal data concerning him or her from the Controller, immediately and without any explanation. The Controller is obliged to fulfill the request.
In case if the Controller has published the personal data, that is, if he has passed them to third parties, on the basis of the data subject exercising his or her right to erasure, the Controller will take the reasonably expected steps to notify the other controllers to whom he has passed the personal data, that the data subject has requested from them the erasure of the links connected to the personal data in question, or the erasure of the copy or duplicate of the personal data.
10.4 Right to restrict data processing
The data subject has the right to request the restriction of data processing from the Controller, if:
–the data subject questions the accuracy of the personal data;
–the data processing is unlawful;
–the controllers no longer need the personal data for the purpose of data processing, but the data subject claims them for the establishment, exercise or defense of legal claims;
–the data subject objected to processing the data;
10.5 Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller in a structured, widely used, machine-readable format and has the right to pass the data in question to another controller, without hindrance from the Controller, if:
–the data processing is based on consent; and
–the data processing happens by automatic means.
10.6 Right to object
The data subject has the right to object to the processing of his or her personal data for direct marketing purposes. In this case the personal data cannot be processed further for this purpose. The data subject has the right to turn to the Controller regarding the exercise of the rights listed above, using the contact details provided in this prospectus.
The Controller provides the information about the action taken on the request without undue delay after the submission of the application, but at the latest within 1 month in writing, in an easily recognizable form.
If the legal basis of processing any data is exclusively the consent of the data subject, the data subject can withdraw consent, however, this does not affect the legality of the data processing which happened before the withdrawal based on his or her consent.
9 Data processing for other purposes
If the Controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the Controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information mentioned in paragraph 2 of article 13 of the GDPR.
10 Rules for cookies managed on the website
An HTTP cookie (usually simply cookie) is a small piece of data that a server sends to the user’s web browser, and that the browser sends back with later requests to the same server. When the web browser sends back a cookie, the server is able to connect the actual request with the previous ones. Cookies are most often used to identify the registrated users of a given website, to record the ”shopping cart” or to follow the visitors.
Which kinds of cookies does our website use?
The website stores the provided name, e-mail address and address data in cookies after purchase. The storage serves convenience purposes only, so that it will not be necessary to fill out the information automatically at the next comment. The expiration date of the cookies is 1 year.
We create several cookies during logging in to the website, which save the login information and the display options of the editing interface. The login cookies are valid for 2 days, and the cookie storing the display options of the editing interface is valid for 1 year. In case we choose the “Remember me” option, the login proceeds for 2 weeks. The login cookies get deleted at logout.
Cookies used on the website:
Cookies from third parties:
Google, Inc: Google Analytics – for measurement of statistical data
The website uses the system of Google Analytics of Google Inc. („Google”) for usage analysis. The system of Google Analytics stores so called ”cookies” – simple, short, small text files – on your information device, and with the help of these analyses the frequency of visits on the website, thereby helping us to develop the website and enhance customer experience.
The data concerning the frequency of visits on the website, recorded in the cookie (together with the date of visit and your IP address) get transferred to the servers of Google USA for transmission and storage. Google uses these data to evaluate your website-visiting habits, to create reports of these for XY, and to provide other services regarding website and internet usage.
Users, who do not wish Google Analytics to create reports of their visits, can install the Google Analytics opt-out browser add-on. This browser extension instructs the Java-scripts of Google Analytics (ga.js, analytics.js, and dc.js) not to send information about the visits to Google. Furthermore, those users, who have installed the opt-out browser add-on, do not take part in content experiments either.
If you wish to disable the web activity of Analytics, visit the website of Google Analytics opt-out (http://tools.google.com/dlpage/gaoptout) and install the add-on to your browser. For more information about the installation and removal of the add-on, check out the browser´s help center.
Facebook: enables the measuring of our marketing activities in the services of Facebook (facebook.com)
- Legal remedies
Data subjects may apply to the National Data Protection and Freedom of Information Authority (NAIH) for legal remedy/to lodge a complaint on any of the following contact details:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone number: 06.1.391.1400
E-mail address: email@example.com
In addition to the above, the data subject is entitled to apply to court in relations to the alleged unlawful handling of his or her data, and if the data subject has suffered pecuniary or non-pecuniary damage in relations to the alleged unlawful handling, he or she has the right to seek compensation from the Controller (from the controllers in case of joint controllership).
- Other provisions
In case of a request from an authority or another organization based on legal obligation, the Controller may be obliged to provide data or may be required to do so. In such cases the Controller seeks to give out personal data only as much and of such a nature, which is strictly necessary based on the obligation to release data.
The Controller reserves the right to modify this prospectus unilaterally together with notifying the data subject in advance on the surface of the website. For further use of the website, the data subject shall accept the modifications by means provided on the website by the service provider.