I
PRIVACY POLICY
contents
1. What is the purpose of the prospectus ?. 2
2. Data controller data. 3
3. What data management processes take place on the Website ?. 3
4. What rights do Users have ?. 9
5. Our procedure for requesting the exercise of rights. 11
6. Possible recipients of personal data, data processors. 12
7. Data security. 14
8. Cookies 15
9. Other provisions .. 17
Annexes 10. 19
1. What is the purpose of the prospectus?
We accept this Prospectus for the purpose of communicating all relevant information and information to the representatives of natural and legal persons using our services (hereinafter: Users) in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible form, and to assist the Clients in the exercise of their rights under point 4.
Our information obligation is based on Regulation (EU) 2016/679 of the European Parliament and of the Council applicable from 25 May 2018. Article 12 of Decree CXII of 2011 on the right to self-determination and freedom of information (hereinafter: GDPR ). (hereinafter: Infotv. ), and Act CVIII of 2001 on certain issues of electronic commerce services and information society services. § 4 of the Act ( Elkertv. ).
The Prospectus has been prepared taking into account the GDPR, the Infotv., As well as other legal acts relevant to individual data processing. The legislation is listed in Annex 1 of the Prospectus and the most important terms are described in Annex 2.
In developing and applying this prospectus, we have acted in accordance with the findings of the Recommendation to the National Data Protection and Freedom of Information Authority on prior data protection requirements and Article 5 of the GDPR, in particular the principle of accountability in Article 5 (2).
2. Data controller data
Name
Ildikó Renáta Nagy
Website
Nyilv.szám
54880995
headquarters
1215 Budapest Ady Endre út 43 6/25
Tax number
56245730-1-43
renee.richardson.shop@gmail.com
phone number
+36706253892
3. What data management processes take place on the Website? [Gdpr1]
In this section, we detail the essential circumstances for each data controller that the GDPR and other sectoral legislation expects of all data controllers.
3.1. Data management related to newsletter sending
In order to provide visitors to our Website with up-to-date information, it is possible to subscribe to our newsletter. The following information applies to data management in this regard:
3.1.1. Purpose of the personal data processed and data management
personal data
purpose of data management
name
by specifying this, we can address the User in our newsletter
e-mail address
by entering this, we get to know the User's electronic contact, to which we can send our newsletter
3.1.2. Legal basis for data management
The User's consent (Article 6 (1) (a) of the GDPR and Section XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities). Act (hereinafter: Grt. ) § 6 (1)).
3.1.3. Duration of data management
The personal data provided will be processed until the consent is withdrawn. The User may withdraw his consent at any time by clicking on the "Unsubscribe" button in the sent letter.
3.1.4. Method of data management
In electronic form.
3.2. Contact data management
You can contact us through our website for any purpose. Details of the related data management are shown below.
3.2.1. Purpose of the personal data processed and data management
personal data
purpose of data management
name
User identification
e-mail address
contact the User
phone number
contact the User
3.2.2. Legal basis for data management
Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1) and (3).
3.2.3. Duration of data management
For 1 year after contact.
3.2.4. Method of data management
In electronic form.
3.3. Order data management
It is possible to order various products on our website. The related data management is described in this section.
3.3.1. Purpose of the personal data processed and data management
personal data
purpose of data management
name
during the fulfillment of the order, we can identify the customer of the product by providing the name
address (postal code, city, street name, house number together)
we can send the ordered product by post to the given address
phone number
contacting the customer and informing them about the details of the order
e-mail address
contacting the customer and informing them about the details of the order
3.3.2. Legal basis for data management
Performance of a contract to which the Data Controller and the User are parties (Article 6 (1) (b) GDPR)
If the customer is a legal entity, the legal basis for the processing of the above-mentioned personal data of its contact person is the legitimate interest of the controller and the customer (Article 6 (1) (f) GDPR). It is in the legitimate interest of both parties to communicate effectively during the order process and to provide each other's designated representative with information on any material circumstances affecting the contract between us. The infringement of the customer's contact person's right to information self-determination cannot be established, because it is his job or contractual obligation to facilitate communication between the parties and to provide his personal data for this purpose.
3.3.3. Duration of data management
Subject to Act V of 2013 on the Civil Code ( Civil Code ) 6:22. § (1), for the above purposes, we will store the personal data provided for 5 years after the fulfillment of the order.
3.3.4. Method of data management
In electronic form.
3.3.5. Provision of personal data
Given that we cannot fulfill orders without knowing the personal data in this section, the provision of personal data is a precondition for concluding a contract.
3.4. Invoice data management
After the fulfillment of the orders, we issue an accounting document in accordance with Act C of 2000 on Accounting (hereinafter: the Act ). Details of the related data management are shown below.
3.4.1. Purpose of the personal data processed and data management
personal data
purpose of data management
name
supporting the accounting for the execution of the order (economic event)
address / registered office of the sole proprietor (postal code, city, street name, house number together)
supporting the accounting for the execution of the order (economic event)
3.4.2. Legal basis for data management
Subject to statutory data management (Article 6 (1) (c) of the GDPR, Info tv. Section 5 (1) b) and the Act no. Section 166 (1) - (3)).
3.4.3. Duration of data management
For 8 years after the issuance of the accounting document, subject to Section 166 (6) of the Act, Section 169 (1) of the Act
3.4.4. Method of data management
In electronic form.
3.4.5. Provision of personal data
Due to the fact that we cannot issue an accounting document without knowing the personal data in this section, the provision of personal data is based on law.
3.5. Customer service data management
We maintain customer service on our Website in order to answer the Users' questions and to investigate any complaints.
3.5.1. Purpose of the personal data processed and data management
personal data
purpose of data management
name
User Identification
e-mail address
providing contact and information to the User
phone number
providing contact and information to the User
3.5.2. Legal basis for data management
Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) (b) and the CLV of 1997 on consumer protection. Act ( Fgytv. )
3.5.3. Duration of data management
Fgytv. 17 / A. § (7) for 5 years from the receipt of the complaint.
3.5.4. Method of data management
In electronic form.
3.6. Data management related to registration
You can register on our website for various discounts (faster ordering, recording multiple shipping addresses, viewing order history, tracking order status, using wish list [Gdpr2] ). Details of the related data management are shown below:
3.6.1. Purpose of the personal data processed and data management
personal data
purpose of data management
name
User identification
Home address
providing additional information for orders
e-mail address
contact with the User
phone number
contact with the User
password
performing technical operations
3.6.2. Legal basis for data management
Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1)
3.6.3. Duration of data management
Until deleted at the request of the User. If the User does not use his account, his profile will be deleted 5 years after the last order.
3.6.4. Method of data management
In electronic form.
3.7. Data management related to gift vouchers
On our website, Users have the opportunity to purchase and redeem gift vouchers for third parties (Recipients). Details of the related data management are shown below:
3.7.1. Purpose of the personal data processed and data management
personal data
purpose of data management
User name
User identification
User email address
contact with the User
Recipient's name
Recipient identification
Recipient's e-mail address
delivery of the voucher to the Recipient
3.7.2. Legal basis for data management
With regard to the User, our data management is based on law; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1).
With regard to the Recipient, our data processing is based on various legitimate interests (Article 6 (1) (f) GDPR); we have a legitimate interest in the User successfully gifting the Recipient with the voucher. Without the knowledge of the Recipient's personal data, we would not be able to provide our service without proper information. It is also in the User's legitimate interest that, as a result of the data processing, the Recipient designated by him / her can take advantage of the possibilities inherent in the gift voucher. As the Recipient also has a legitimate interest in availing himself of the benefits, no unjustified restriction on his right to information self-determination and privacy can be established in the context of data processing.
3.7.3. Duration of data management
The User's personal data will be deleted upon request. If the Recipient does not use the gift voucher, our personal data will be deleted 1 year after the voucher is issued.
3.7.4. Method of data management
In electronic form.
4. What rights do Users have?
It is important to us that our data management meets the requirements of fairness, legality and transparency. In the light of this, we briefly present the rights of each of the parties concerned in this section, and then explain them in more detail in Annex 3 to the prospectus.
Our user may request free information about the details of the processing of his personal data, as well as in cases specified by law, request their correction, deletion, blocking, or restriction of their processing, and may object to the processing of such personal data. Requests for information and requests in this section can be addressed by our User to our contact details in section 2.
4.1. Access right
Our users can receive feedback from us about the handling of their personal data and have access to this personal data and the details of their handling.
4.2. Right to rectification
At the request of our user, we will correct inaccurate personal data without undue delay, and we are entitled to request that the incomplete personal data be supplemented, inter alia, by means of an additional statement.
4.3. Right of cancellation
At the request of our user, we will delete personal data about him or her if we do not need to process it, or withdraw his or her consent, or object to the processing of the data, or their processing is illegal.
4.4. Right to forget
If we so request, we will try to notify all data controllers who have become or may have become aware of our User's possibly disclosed data of their request for deletion.
4.5. Right to restrict data management
At the request of our User, we restrict the data processing if the accuracy of the personal data is disputed, or the data processing is illegal, or our User objects to the data processing, or if we no longer need the provided personal data.
4.6. Right to data portability
Our user may receive the personal data concerning him / her in a structured, widely used, machine-readable format, or forward it to another data controller.
4.7. Responding to requests
The application will be examined as soon as possible after its submission, but not later than within 30 days - in case of protest - 15 days - and a decision will be made on its merits, of which the applicant will be informed in writing. If we do not comply with our User's request, we will state in our decision the factual and legal reasons for rejecting the request.
4.8. Remedies
The protection of personal data is important to us, and at the same time we respect the right of users to self-determination of information, therefore we try to respond to all requests in a correct manner and within the time limit. In view of this, we ask the Dear Users to contact us - in order to make a complaint - in order to settle any disputes amicably before using any official and court claims.
If the request does not lead to a result, our User
-
pursuant to Act V of 2013 on the Civil Code, you can assert your rights in court (the lawsuit can also be initiated before the court competent according to the place of residence or stay of our User; the list and contact details of the courts can be viewed at the following link: http://birosag.hu/ gymnastic chairs) and
-
to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; fax: + 36-1-391-1410; e -mail: ugyfelszolgalat@naih.hu, website: https://www.naih.hu/panaszuegyintezes-rendje.html, online case initiation: https://www.naih.hu/online-uegyinditas.html, hereinafter: NAIH ) can turn and make a complaint.
5. Our application procedure
5.1. Notify recipients
We will always notify the recipients to whom or with whom the User's personal data has been communicated of rectification, deletion or data processing restrictions, unless this proves impossible or requires a disproportionate effort. At the request of the User, we will provide information about these recipients.
5.2. Method and deadline of information
We will provide information on the measures taken following the requests related to point 4 in electronic form within a maximum of one month from the receipt of the request, unless otherwise requested by the User. This period may be extended by a further two months if necessary, taking into account the complexity of the application and the number of applications. We will inform the User about the extension of the deadline, indicating the reasons, within one month from the receipt of the request.
Oral information may be provided at the request of the User, provided that he / she proves his / her identity in another way.
If we do not act on the request, we will inform the User of the reasons for this within a maximum of one month of its receipt, as well as of the fact that he may lodge a complaint with the NAIH and exercise his right of judicial appeal (Section 4.8).
5.3. Control
In exceptional cases, if we have reasonable doubts about the identity of the natural person submitting the application, we ask you to provide additional information necessary to confirm your identity. This measure is necessary in order to promote the confidentiality of data processing, as defined in Article 5 (1) (f) of the GDPR, ie to prevent unauthorized access to personal data.
5.4. Information and action costs
The information provided on the requests related to point 4 and the action taken on them shall be provided free of charge.
If the User's request is clearly unfounded or, in particular due to its repetitive nature, excessive, taking into account the administrative costs of providing the requested information or information or taking the requested action, we will charge a reasonable fee or refuse to act on the request.
6. Potential recipients of personal data [Gdpr3] , data processors
6.1. In connection with the operation of the Website
The hosting provider, as a data processor, has the right to access the personal data provided during the use of the Website.
Name: wix.com
Contact: www.wix.com
6.2. In connection with sending a newsletter
To send newsletters to the Website, there is newsletter software operated by the data processor we use. The data of the data processor are as follows:
Name: [*]
Contacts: [*]
6.3. In the context of a chat service
The operator of the chat service available when using the Website may also have access to the personal data of the Users as a data processor.
Name: [*]
Contacts: [*]
6.4. In connection with the delivery of ordered products [Gdpr4]
In order to deliver the ordered products, we use courier companies as data processors. The data of the data processors are as follows:
6.4.1.
Name: www.package.com
Contact details: info@package.com
6.5. In connection with the payment of the order fee
The order fee can be paid through the interface of a banking service provider as a data processor. The data of the data processor are as follows:
Name: PayPal
Contact: www.paypal.com
Name: Otp Bank Zrt
Contacts: www.otpbank.hu
6.6. In the context of social media interfaces
Our website also has several social media interfaces (e.g. Facebook, Linkedin Twitter, Google+, Instagram, You Tube); Thus, for example, if a User “likes” our site on Facebook or “follows” us on Twitter, we will learn about all the personal information that belongs to their profile and is available to the public. Relevant information on the data management arising on these pages can be found in the service provider's own data management policy.
6.7. In connection with the issue of an invoice
In connection with the invoicing, the tax authority is entitled to get acquainted with the personal data provided by the Users for this purpose in the course of its activities. Details of the tax authority:
Name: National Tax and Customs Administration
Website, contacts: https://www.nav.gov.hu/nav/konnectat
7. Data security [GDPR5]
We and the employees of the data processors have the right to get acquainted with the personal data of the User to the extent necessary for the performance of the tasks belonging to their job. We take all security, technical and organizational measures that guarantee the security of your data.
7.1. Organizational measures
We provide access to our IT systems with personal rights. The “necessary and sufficient rights” principle applies to the allocation of accesses, ie all employees may use our IT systems and services only to the extent necessary for the performance of their duties, with the appropriate rights and for the required period of time. Access to IT systems and services should only be granted to a person who is not restricted for security or other reasons (eg conflicts of interest) and who has the professional, business and information security knowledge necessary to use it securely.
We and the data processors agree to strict confidentiality rules in a written statement, and we are obliged to act in accordance with these confidentiality rules in the course of our activities.
7.2. Technical measures
We store the data - with the exception of the data stored by our data processors - on our own devices, in a data center. The IT devices storing the data are stored in a separate, separate closed server room, protected by a multi-stage access control system subject to authorization control.
We protect our internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located at the entry points of the applied public networks. The data is stored redundantly - ie in several places - to protect it from destruction, loss, damage, or illegal destruction due to the failure of the IT device.
We protect our internal networks from external attacks with multi-level, active protection against complex malicious code (eg virus protection). We implement the essential external access to the IT systems and databases operated by us via an encrypted data connection (VPN).
We do our best to ensure that our IT tools and software continuously comply with the technology solutions generally accepted in the operation of the market.
During our development, we develop systems in which logging can be used to control and track the operations performed, and to detect incidents, such as unauthorized access.
Our server is located on the hosting provider's separate dedicated server, protected and closed.
Taking into account the recommendation on data protection requirements for data processing on the websites of NAIH parties, we use the https protocol on the website, which means a higher level of data security compared to the http protocol.
8. Cookies
In order for our website to work properly, in some cases we place small data files on the User's computer device, similar to most modern websites.
8.1. What is a cookie?
A cookie is a small text file that the website places on the User's computer device (including mobile phones). As a result, the website can “remember” the User’s settings (e.g., language used, font size, display, etc.), so you don’t have to reset it every time you visit our website.
List of cookies used on the Website: [Gdpr6]
Cookie source
Cookie name
Cookie function
Cookie expiration
hs
safety
session
smSession
login
2 days
XSRF-TOKEN
safety
session
svSession
Identifies unique visitors and tracks the information visitors have on your site
2 years
SSR-caching
display site
20 sec
TS017f4256
safety
session
reneerichardson net
TS01e85bed
safety
session
reneerichardson.net
Force Flash Site
mobile view
session
These cookies can be deleted or blocked, but in this case the Website may not work properly.
We do not use cookies to personally identify the User. These cookies are for the purposes described above only.
8.2. Google Analytics [Gdpr7]
1. The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
2. The information created by the cookie about the website used by you will normally be stored and stored on a Google server in the USA. By activating IP anonymization on the Website, Google will shorten the User's IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.
3. The full IP address will be transmitted to and truncated to Google's server in the United States only in exceptional cases. On our behalf, Google will use this information to evaluate your use of the Website and to provide us with reports relating to website activity and to provide additional services relating to website and internet usage.
4. Within the framework of Google Analytics, the IP address transmitted by the User's browser is not reconciled with other data of Google. The User may prevent the storage of cookies by setting their browser appropriately, however, please note that in this case, not all functions of this website may be fully available. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=h
8.3. How are cookies handled?
Cookies can be deleted (detailed information: www.AllAboutCookies.org) or blocked by most browsers today. In this case, however, when using our website, certain settings will need to be reconfigured each time and certain services may not work.
Detailed information on deleting and blocking cookies can be found at www.AllAboutCookies.org (in English) and on the browser used by the User at the following links:
-
Firefox
9. Other provisions
9.1. Data collection on activity
We may collect data about the activity of the Users, which cannot be combined with other data provided by the User during registration, or with data generated when using other websites or services.
9.2. Data management for different purposes
If we intend to use the provided data for a purpose other than the purpose of the original data collection, we will inform the Users about this and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.
9.3. Registration obligation [Gdpr8]
We keep a record of the data management activities carried out under our responsibility (data management activity record) in accordance with Article 30 of the GDPR.
9.4. Privacy Incident [Gdpr9]
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data processed. In the event of a data protection incident, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We record data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it. 9.5. Amendment
We have the right to unilaterally amend this Prospectus at any time.
Effective: 2020.
Ildikó Renáta Nagy
Data Manager
[Gdpr1] Each website is unique; in this regard, we would like to draw your attention to the fact that when using the sample, we only indicate the data processing that is true for our own website.
The subsections of point 3 record the most typical data processing experienced at webshops.
[Gdpr2] The functions involved in registering depend on the particular web store, so the ones listed here are only fictitious examples.
[Gdpr3] The companies and entrepreneurs you use for your activity depend on the operation of the website. It is important to emphasize that only those who have access to users' personal data should be listed here.
[Gdpr4] It is not necessary to list all courier companies ; if this number exceeds 5, it is easier to write around courier companies only in general terms than a circle of recipients.
[GDPR5]
The descriptions in this section include technical and organizational measures in accordance with official requirements.
[Gdpr6] The IT specialist or developer of the website can provide accurate information on this issue.
[Gdpr7] Only to be listed if the website actually uses Google Analytics.
[Gdpr8] Our available product sample; "Data Management Register"
[Gdpr9] Privacy incident documentation available!