Privacy policy

5. Session Cookies

Session cookies allow you to be recognized during a visit to our site, so that any page changes or selections you make can be remembered by the browser as you navigate from page to page. These cookies enable you to move through many pages of a website quickly and easily without having to identify yourself or repeat processes on each page, such as filling out a form. These cookies automatically delete from your device when you finish browsing or close your browser.

6. Persistent Cookies

Persistent cookies remain on your computer for a set period (determined in days, weeks, months, or years) after the browsing session ends, thus allowing user preferences or actions to be recalled on subsequent visits to the site (for example, retaining username and password for particular sites). These cookies stay stored on your device until their expiration date, although you can delete them beforehand.

7. Cookies from the Website Operator

Cookies that come from the server of the website you are browsing. In this case, we are referring to functional and convenience-enhancing cookies from the server operating the Data Controller’s website, the general properties and operation of which we have detailed above. These may record your device's IP address, the pages visited on the website, and, optionally (at your discretion), the username and password. This enables us not to have to repeat processes every time you open a new page or return to the website after leaving it, and, depending on your settings, not to have to identify yourself or log in again. We use cookies to ensure the necessary permissions for registered users of our site; if a user logs into the site, they receive the necessary permissions. These cookies do not store any other information, such as who logged in or when; they simply check the login permissions.

These cookies are so-called session cookies, which means they are valid during the browsing session. This means that if someone starts browsing the site, the cookie activates and then expires no later than 15 minutes after the user's last activity or upon logging out.

The exception to this is the cookie that remembers your login details, based on your decision, which remains stored on your device used for browsing for 365 days.

8. Third-Party Cookies

Third-party cookies are not from the Data Controller or the server hosting the website. These cookies are stored on your computer, phone, or tablet during your visit as follows:

8.1. Google Cookies

Google Analytics© files help monitor the page and collect information about how the site is used (such as the number of visitors to the site, the pages viewed, the locations of visitors — where users browse from —, where users come from — which other website —, the browser used, operating system, internet provider, and the resolution of the monitor currently used, the time spent on the site, when they left the site). We use this information to create statistics and further develop the website.

We collect this data with your consent in a manner that allows us to also identify the device used for browsing. In this case, we use the data to display targeted advertisements related to our services.

Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), the owner and operator of Google Analytics tools, also accesses this data for its own purposes to deliver targeted advertisements to the browser user. In doing this, Google Ireland Ltd. determines the interest profile based on browsing habits from the device in question by linking the collected cookie data and the IP address of the device used for browsing, thereby delivering targeted advertisements to the device. For more information, visit the following pages:

https://www.google.com/analytics https://support.google.com/analytics/answer/2838718?hl=en

Google Analytics© cookies are so-called persistent cookies, with a storage life of up to two years, but in practice, depending on the type of cookie, the duration can be between two hours and six months.

For more information about cookies, including how to view, manage, and delete placed cookies, visit http://www.allaboutcookies.org. To opt out of tracking by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.

Such cookies only operate with your consent to also identify your device during data collection.

8.2. Facebook Cookies and Pixel

Similar to the Google cookies mentioned above, Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) also provides online marketing services using cookies and so-called pixels. These serve the same purpose as the Google services mentioned earlier, but in this case, targeted advertisements primarily appear to users of the Facebook social network. The data processing during the use of this service is carried out by Facebook Ireland Ltd. Through this service, Facebook Ireland Ltd. has access to the data related to the measurement of website traffic and mapping browsing habits discussed above. These data are permanently stored by the tools of Facebook Ireland Ltd., but no longer than three months through cookies, which are fixed on the user's device used for browsing. The user can delete these cookies through browser settings. During data collection by the pixel, nothing is stored in your browser. Facebook Ireland Ltd. also uses the data to deliver targeted advertisements to the browser user. In doing this, Facebook Ireland Ltd. determines the interest profile based on browsing habits from the device in question by linking the data collected through cookies and pixels with the IP address of the device used for browsing, thereby delivering targeted advertisements to the device.

For more information, visit the following page of Facebook: https://developers.facebook.com/products

Such cookies only operate with your consent on the site.

 Cookie Usage and Data Processing by Log Files on Our Website

**1. Scope of Data Subjects: Every User visiting the website, regardless of whether they utilize the available services or not.

2. Legal Basis for Data Processing: In terms of data processing necessary for the provision of services, which is technically essential, Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter referred to as Ekertv.) authorizes the Data Controller to process data necessary for the proper operation of the website. Such data processing is implemented by log files and certain cookies. More details about log files can be read in Chapter 4, and the related cookies are informed below.

According to the above, the legal basis for such data processing is the legitimate interest of the Data Controller according to Article 6(1)(f) of the GDPR.

We only process data that is necessary for the user-friendly operation of the website and manage these data only for as long as necessary. These are technical data (e.g., IP address, type of browser used, and screen resolution), which are necessary for the enjoyable display of the website's pages, their purposeful functioning, and convenient use for you. We do not transmit the data to third parties, nor do we process them for other purposes. Given this, the processing of these data does not entail any risk to you, but the aforementioned purpose - the proper use of the website - cannot be achieved without data processing. Our legitimate interest is to ensure the usability of the website, as we can only make our services electronically accessible in this way. Ensuring the availability of our website is an indispensable condition for our efficient operation. Therefore, we manage these data based on our legitimate interest, which, as the data processing does not entail any risk to you, proportionally restricts your right to self-determination.

In terms of data processing that enables visitor analysis and marketing activities, the legal basis for data processing is your consent according to Article 6(1)(a) of the GDPR. You can consent to the collection of data for visitor analysis and marketing purposes by ticking the checkboxes in the pop-up window when you start browsing the website.

3. Scope of Managed Data:

Data managed to enable user-friendly browsing:

• The web pages visited during the visit to the website and the order of their opening,
• The IP address of the device you use.

Scope of data managed for measuring website traffic:

• The web pages visited during the visit to the website and the order of their opening,
• The frequency of views of individual web pages on the website,
• The other website from which the current website was reached (only in the case of a website where there is a link to the current website),
• Determining the geographical location of the device used for browsing (based on the data of the internet provider, only approximate data regarding the location of the device used for browsing),
• The time of starting the browsing of the website,
• The time of leaving the website (end of browsing),
• The duration of browsing the website.

Data stored for checking access rights to the website, if stored at your discretion:

• Your email address (as username) or username,
• Password,
• The IP address of the device you use.

4. Purpose of Data Processing: Ensuring the user-friendly and secure operation of the website and carrying out online marketing activities.

Including:

A) Necessary and Functional Data Processing ("Essential" and "Functional" categories in the pop-up window):

• Identifying the device used for browsing, remembering the identifier data - based on the IP address - for the duration of the browsing. This makes browsing smoother, as otherwise, you would have to identify yourself or repeat processes on each page visited. B) Data Processing Related to Browsing Habits ("Analytics" category in the pop-up window):

• The following data for the following purposes are recorded anonymously without your consent ("Analytics" not selected), these cannot be linked to a person. In this case, your personal data is not processed.

• With your consent ("Analytics" selected), the following data are recorded linked to the identifier data of the device used for browsing (IP address).

• Measuring the traffic of the website, measuring the frequency of views of individual pages of the website

• • Determining the location of the device used for browsing to map the territorial distribution of interest in our service,

  • Identifying the website from which the current website was accessed in order to understand the other interests of those interested in our service.

  We use the Google Analytics tools (Google Ireland Ltd.) to collect these data. When viewing pages that use Google Analytics tools, Google cookies remember your marked preferences and information, which also means gaining knowledge of the data managed for measuring website traffic and mapping browsing habits.

  C) Data Processing for Marketing Purposes ("Marketing" category in the pop-up window):

  • If you have consented to the non-anonymous collection of browsing data ("Analytics" selected) and its use for marketing purposes ("Marketing" selected), we can display targeted advertisements to you during your internet browsing.

  • In displaying targeted advertisements, we can display our own advertisements on your device using the tools of Google and Facebook, while the necessary data are also used by Google and Facebook for their own purposes, to display advertisements of third parties. Such advertisements are displayed based on the interest circles inferred from your browsing habits.

  • In doing this, Google Ireland Ltd. and Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) determine the interest circle based on the browsing habits data and the IP address of the device used for browsing, thereby delivering targeted advertisements to the device. Thus, the data are not directly linked to your person but are linked to the device used for browsing.

  • Google Ireland Ltd. and Facebook Ireland Ltd. do not have access to additional data mentioned in this information beyond the data written in this point.

  D) Data Assigned to the Following Purposes Processed in a Manner Linked to Your Person, but We Only Access These During Your Login for Technical Purposes, Otherwise, They May Be Stored on Your Device:

  • Your email address or username and password, possibly stored for easier login (at your discretion, stored on your device),
  • Your email address (as username) or username and password (encrypted, we do not know the password), IP address of the device used for browsing, during the checking of your login rights.  

  5. Duration of Data Processing: Some of the data are managed for the duration of browsing, certain data - for varying durations but for no more than two years - are stored by cookies.

  • The data necessary to ensure the user-friendly operation of the website (IP address, the order of web pages visited during browsing), as well as the data necessary to check login rights and ensure usage rights, are recorded for the duration of the browsing session (i.e., the duration of browsing the website) and are deleted thereafter. We manage such data using our own devices of our information technology system, and third parties do not have access to them.

  • Username and password may be stored permanently at your discretion, and such are stored by cookies fixed on your device. You can delete these cookies through your browser settings, thus regulating the duration of data storage.

  • Data that serve as the basis for measuring website traffic and mapping the usage habits of the website are stored for up to two years. The cookies that enable this are fixed on the device you use for browsing. You can delete these cookies or prevent their operation at any time through your browser settings, as well as by clicking on the "Cookie Settings" label at the bottom of the website and turning off the "Analytics" and "Marketing" categories in the pop-up window that appears.

  6. Mode of Data Storage: in separate data management lists in our information technology system. The data necessary to ensure the user-friendly operation of the website (IP address, the order of web pages visited during browsing) are not stored. The data provided by cookies are stored locally on your device. The entry data you have stored for facilitating login are stored on your device for this purpose.

  7. Information Technology Data Management Using Google Analytics and Facebook Tools:

  • You can learn more about information technology data management using Google Analytics and Facebook tools on the Google Analytics support page at https://www.google.com/intl/en_ALL/analytics/support and the Facebook page at https://developers.facebook.com/products. We only use the features offered by Google Analytics and Facebook mentioned above.

   

   Log File Entries

  • Our information technology system associated with the storage used for operating our website uses electronic log entries. These log entries store the IP address, the type of browser used by the visitor, the internet provider, date/time stamp, referring and exit pages' addresses, and the number of clicks during the visit. This is done to properly display our website on your device and, in case of an operational error, to trace back the circumstances of the error, thereby making browsing more stable and secure as needed. This enables us to manage and administer the website. The data are not directly suitable for establishing personal identity and are stored for 30 days.

  • The data management implemented by the log files otherwise occurs according to the circumstances outlined in Chapter 3, with the addition that data recording and use for visitor analysis and marketing purposes do not occur regarding the log files.

  Use of Data Processors

  1. Scope of Data Subjects: Users visiting the website.

  **2. We use the following as data processors to collect data for website traffic analysis and displaying targeted advertisements:

  • Google Ireland Ltd.

    • Company registration number: 11603307
    • Tax number: IE 6388047V
    • Headquarters: Gordon House, Barrow Street, Dublin 4, Ireland
    • Postal address: Gordon House, Barrow Street, Dublin 4, Ireland
    • Phone: +353 1 436 1000
    • Website: https://www.google.ie/

  • Facebook Ireland Ltd.

    • Company registration number: 462932
    • Tax number: IE 9692928F
    • Headquarters: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
    • Location: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
    • Postal address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
    • Phone: +001 650 543 4800
    • Message: https://facebook.com/help/contact/540977946302970
    • Website: https://www.facebook.com/privacy/explanation

  (Hereinafter collectively referred to as the Data Processors).

  3. Scope of Data Involved in Data Processing: The browsing data, preferences, and conclusions that can be drawn about your interests, as described above in this information.

  4. Purpose of Using the Data Processor: To provide the information technology solutions needed for analyzing our website traffic and displaying targeted advertisements to you.

  5. Duration of Data Processing: Data processors have access to the data for the durations outlined above for different purposes.

  6. Nature of Data Processing: Information technology data collection using online IT solutions.

  **7. Data processing does not occur for other purposes.

  **8. The Data Processors are not stakeholders in our business activities.

  **9. We do not use any data processors other than the ones specified above.

   

   

  2.The data controller primarily processes the data of users in accordance with the following regulations:

  THE EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (The EU General Data Protection Regulation - GDPR), Law XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, Law CVIII of 2001 on certain issues of electronic commerce services and services related to the information society (Ekertv).

  2.2. This information applies to the use of the website available at the URL specified above, the services available there, and the data processing that occurs during the fulfillment of orders placed in the web store.

  2.3. For the purposes of this information, User means: natural persons browsing the website, using the services of the website, and ordering products from the Data Controller.

  3. The legal basis for data processing

  3.1. The legal basis for data processing carried out by the Data Controller, in respect of certain data processing, is the user's consent under Article 6(1)(a) of the GDPR, and for data processing related to orders, Article 6(1)(b) of the GDPR, which states that data processing is necessary for the performance of a contract to which the user is a party.

  3.2. In the case of data processing based on consent, the user gives their consent by ticking the checkbox placed before the data processing statement at the relevant places. The data processing information can be accessed by the user at any time by clicking on the "Data Processing Information" label appearing at the bottom of every page of the website or by clicking on the link marked with the text "Data Processing Information" in the data processing statement mentioned in this section. By ticking the checkbox before the data processing statement, the user declares that they have read the data processing information and consents to the processing of their data as written in this information.

  3.3. In some cases, the Data Controller is obliged by law to perform certain data processing operations, and there may also be a legitimate interest as the legal basis for data processing. More detailed information about these can be read in the sections below about specific data processing operations.

  4. Data processing related to the provision of information technology services

  4.1. The Data Controller uses cookies to operate the website and collect technical data related to visitors to the website.

  4.2. The Data Controller provides separate information on data processing implemented by cookies: Cookie Information

  5. Data processing related to message reception and response

  5.1. Scope of data subjects: Users who send messages to the Data Controller using the messaging interface accessible from the "Contact" section of the website or by email using the email address(es) provided on the website.

  5.2. Legal basis for data processing: the user's consent under Article 6(1)(a) of the GDPR.

  5.3. Scope of data processed:

  Name of the user sending the message, Email address, Any additional data communicated by the user in the message. In respect of any additional data communicated by the user in the message, the Data Controller only processes data necessary for the reception of the sent message, however, the Data Controller does not request the provision of personal data from the user. In the case of unexpected communication of personal data, such unexpected personal data is not stored by the Data Controller and is immediately deleted from the IT system.

  5.4. Purpose of data processing: To enable message exchange with the Data Controller for the user.

  Services related to this:

  Writing a message on the website, Receiving messages sent by email (using the email address(es) provided on the website), Responding to messages received by the Data Controller through the aforementioned methods, which the Data Controller fulfills within 2 business days.

  5.5. Duration of data processing: Until the message is responded to or the user's request is fulfilled. After responding to the message/fulfilling the request, the Data Controller deletes the data processed for this purpose. If the exchange of information takes place through multiple, related messages, then after the exchange of information is completed or the request is fulfilled, the Data Controller deletes the data.

  If a contract arises from the exchange of messages, and the content of the messages is essential from the perspective of the contract, then the legal basis and duration of data processing are determined according to the provisions written in the "Data Processing Related to Orders" section (data processing related to orders).

  5.6. Method of storing data: In the Data Controller's IT system, on a separate data processing list.

  6. Data processing related to newsletter sending

  6.1. Data subjects: Users who subscribe to the newsletter by filling out the fields provided for newsletter subscription on the website and ticking the consent statement.

  6.2. Legal basis for data processing: the user's consent under Article 6(1)(a) of the GDPR and Sections 6(1) and (2) of the Grt. The voluntary consent is given by the user by becoming acquainted with this data processing information and by filling out the fields for newsletter subscription, and by ticking the consent statement found there. By this, the user declares that they consent to the processing of their data as specified in the data processing information and to sending newsletters.

  The newsletter service, in addition to sending useful information, also aims for direct business acquisition by the Data Controller. This service can be subscribed to by the User independently of the use of other services. The use of this service is voluntary, based on the decision made after appropriate information is provided to the User. If the User does not use the newsletter service, it does not disadvantage them in terms of using the website and taking advantage of further services. The Data Controller does not make the use of its service aimed at direct business acquisition conditional on the use of any other service.

  6.3. Scope of data processed:

  Name, Email address.

  6.4. Purpose of data processing: Sending newsletters by the Data Controller to the User by email. Sending newsletters means sending information about the Data Controller's service, news and updates, attention-grabbing offers, promotional and sales-promoting content.

  6.6. Duration of data processing: The Data Controller processes the data held for the purpose of sending the newsletter until the User withdraws their consent (unsubscribes) or until the data are deleted at the request of the User.

  6.7. Method of storing data: In the Data Controller's IT system, on a separate data processing list.

  7. Data processing related to registration

  7.1. Scope of data subjects: Users registering on the website.

  7.2. Legal basis for data processing: the user's consent under Article 6(1)(a) of the GDPR. The voluntary consent is given by the user by filling out the data form displayed during registration, by ticking the checkbox before the data processing statement, and finally by clicking the button necessary to finalize the registration.

  7.3. Scope of data processed: In the case of registered users, data processing concerns the personal data and contact details listed on the registration data form mentioned above.

  The scope of data:

  Surname, First name, Email address, Password.

  Purpose of data processing: registration on the website, facilitating regular purchases.

  Services related to this:

  Creating a personal account for the user, Facilitating online product ordering by storing the data necessary for order fulfillment, and enabling the user to modify these data independently, Storing previous orders and making them accessible to the user in the user account. 7.4. Duration of data processing: For registered users, the duration of data processing lasts until deletion is requested by the registered user. Data processing may also cease with the deletion of the registration by the user or by the Data Controller's deletion of the user's registration. The user can delete their registration at any time or request its deletion from the Data Controller, which request the Data Controller executes promptly, but no later than within 10 business days following the receipt of the request.

  7.5. Method of storing data: In the Data Controller's IT system, on a separate data processing list.

  8. Data processing related to orders

  8.1. Scope of data subjects: Users placing orders on the website.

  8.2. Legal basis for data processing: Article 6(1)(b) of the GDPR, which states that data processing is necessary for the performance of a contract to which the user is a party.

  8.3. Scope of data processed: data processing concerns the following personal data and contact details.

  The User

  Surname, First name, Billing address, Telephone number, Email address, Delivery address, Indication of ordered product(s), Purchase price of ordered product(s), Method of receipt/delivery, Payment method, Any additional information provided by the User at the time of ordering necessary for order fulfillment, Order date, Payment date.

  8.4. Purpose of data processing: the conclusion and fulfillment of the contract arising from the order.

  8.5. Duration of data processing: the data processed for order fulfillment are handled by the Data Controller for the period necessary to meet the record-keeping obligations arising from the accounting law. According to the accounting law, this time is at least 8 years from the issuance of the invoice, after which the Data Controller deletes the data within one year after this period has passed.

  8.5. Duration of data processing: the data processed for order fulfillment are handled by the Data Controller for the period necessary to meet the record-keeping obligations arising from the accounting law. According to the accounting law, this time is at least 8 years from the issuance of the invoice, after which the Data Controller deletes the data within one year after this period has passed.

  During the delivery necessary for order fulfillment, the data necessary for this purpose (name, delivery address, telephone number) are processed until the delivery is completed. When transmitting data necessary for delivery to the delivery agent, the Data Controller imposes a data processing restriction, according to which the delivery agent may handle the transmitted data only to the extent and for the duration necessary for the delivery.

  However, the delivery company may have a legitimate interest in retaining certain data or a part of the data for a certain period in the event of potential complaints, claims, or civil disputes. This is done by the delivery company as an independent Data Controller, and more detailed information about this can be read in the data processing information provided by the service provider. The Data Controller's service providers used in this way can be found in the "Use of Data Processors" section of this information, where the accessibility of their data processing information on their website is also indicated.

  The Data Controller handles any additional data processed during the order – e.g., messages of significant content related to the order between the User and the Data Controller – for a period of 5 years from the conclusion of the contract – the general limitation period applicable to civil claims.

  8.6. Method of storing data: In the Data Controller's IT system, on a separate data processing list, and the data necessary for regular accounting are stored on accounting vouchers in order to meet the record-keeping obligations prescribed by the accounting law.

  9. Data transmission

  9.1. Scope of data subjects: Users choosing an online payment method during the order on the website, independently of the use of other services provided by the website.

  9.2. Recipient of data transmission:

  Shoptet Kft.

  Company Registration Number: 01-09-357795

  Tax Number: 27933460-2-41

  Registered Office: 1027 Budapest, Kacsa Street 15-23.

  Business Premises: 1027 Budapest, Kacsa Street 15-23.

  Place of Business Activity: 1027 Budapest, Kacsa Street 15-23.

  Phone: +36 70 792 0527

  Email Address: info@shoptet.hu

  A business company as the provider of the online payment service used on the Data Controller's website.

  9.3. Legal basis for data transmission: the legitimate interest of the Recipient under Article 6(1)(f) of the GDPR.

  The Recipient is obliged to operate a fraud prevention and detection system concerning the provision of the payment service according to the relevant laws, and is entitled to handle the necessary personal data for this purpose. The Recipient has established a system that meets its legal obligations, the operation of which requires data transmission by the Data Controller. Accordingly, it is in the legitimate interest of the Recipient to be able to operate the fraud prevention and detection system to fulfill its legal obligations.

  The legitimate interest of the Data Controller and the Recipient is fraud prevention and ensuring the proper functioning of online payments. The proper functioning of the payment service is linked to the main source of revenue for both organizations. The interest of the User is also this, especially to avoid misuse of credit card data.

  Data transmission allows for the filtering and detection of frauds and the removal of obstacles that may arise during the payment process.

  The data of the User handled during the booking/order are transmitted through an electronic channel that ensures encrypted data traffic, exclusively to the Recipient and only in the case of an online credit card payment, which the Recipient does not use for other purposes. From this, it follows that data transmission does not pose a significant risk to the User, nor does it have any further perceptible effect on them.

  The data transmission is necessary to achieve the purposes stated here and is also suitable for making the payment service more secure.

  Considering the above and the built-in warranty measures, the data transmission does not constitute an undue intervention in the Users' private life, therefore the data transmission is a necessary and proportionate data processing operation.

  9.4. Scope of data transmitted:

  Products placed in the cart during the purchase and the shopping data displayed in the cart (prices, costs), Name, Telephone number, Email address, Address. The credit card data provided during the payment are given directly to the payment service provider by the User, thus they do not come into the possession of the Data Controller.

  9.5. Purpose of data transmission: Proper operation of the payment service and technical handling of the payment, confirmation of transactions, protection of the interests of users through fraud-monitoring – operation of the fraud detection system supporting the control of electronic banking transactions, and providing customer service assistance to the User.

  9.6. Data processing implemented by the company providing the online payment service, further circumstances of data processing – including the legal basis, purpose, exact scope of data processed, duration of data processing – can be further informed by the User on the company's website.

  9.7. The Data Controller does not transmit data to third parties for business or marketing purposes.

  9.8. Apart from the above case, the Data Controller only transmits data to authorities in the event of a legal obligation.

  10. Use of Data Processors The Data Controller uses the following business organizations as data processors.

  10.1. Hosting provider

  10.1.1. Scope of data subjects: Users visiting the website, regardless of the use of services provided by the website.

  10.1.2. The Data Controller uses the following as data processors

  Websupport

  Company registration number: 01-09-381419

  Tax number: 25138205-2-43

  Headquarters: 1119 Budapest, Fehérvári út 97-99.

  Telephone: +36 22 78 76 74

  Email address: support@websupport.hu

  A business company as the web hosting provider (hereinafter: Data Processor).

  10.1.3. Scope of data affected by data processing: the data processing concerns all the data indicated in this information.

  10.1.4. Purpose of data processing: ensuring the information technology-based operation of the website.

  10.1.5. Duration of data processing: corresponds to the durations of data processing indicated for the various data groups regulated according to the data processing purposes in this information.

  10.1.6. Data processing solely means the provision of storage necessary for the information technology-based operation of the website.

  10.2. Website developer

  10.2.1. Scope of data subjects: Users visiting the website, regardless of the use of services provided by the website.

  10.2.2. The Data Controller uses the following as data processors

  Shoptet Kft.

  Company Registration Number: 01-09-357795

  Tax Number: 27933460-2-41

  Registered Office: 1027 Budapest, Kacsa Street 15-23.

  Business Premises: 1027 Budapest, Kacsa Street 15-23.

  Place of Business Activity: 1027 Budapest, Kacsa Street 15-23.

  Phone: +36 70 792 0527

  Email Address: info@shoptet.hu

  A business company as the developer of the website (hereinafter: Data Processor).

  10.2.3. Scope of data affected by data processing: the data processing concerns all the data indicated in this information.

  10.2.4. Purpose of data processing: ensuring the information technology-based operation of the website through technical operations manifested in data processing.

  10.2.5. Duration of data processing: corresponds to the durations of data processing indicated for the various data groups regulated according to the data processing purposes in this information.

  10.2.6. Data processing solely means technical operations necessary for the information technology-based operation of the website.

  10.3. Data processing related to newsletter sending.

  10.3.1. Scope of data subjects: Users subscribing to the newsletter on the website, regardless of the use of other services provided by the website.

  10.3.2. The Data Controller uses the following as data processors

  Shoptet Kft.

  Company Registration Number: 01-09-357795

  Tax Number: 27933460-2-41

  Registered Office: 1027 Budapest, Kacsa Street 15-23.

  Business Premises: 1027 Budapest, Kacsa Street 15-23.

  Place of Business Activity: 1027 Budapest, Kacsa Street 15-23.

  Phone: +36 70 792 0527

  Email Address: info@shoptet.hu

  As the developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter: Data Processor).

  10.3.3. Scope of data affected by data processing: the data processing concerns the name and email address of the User subscribing to the newsletter.

  10.3.4. Purpose of data processing: ensuring the information technology-based operation of the software used by the Data Controller for sending newsletters, through technical operations necessary for the secure operation of the software.

  10.3.5. Duration of data processing: until the User withdraws their consent for sending newsletters (unsubscribes), or until the data are deleted at the request of the User.

  10.3.6. Data processing solely means technical operations necessary for the information technology-based operation of the newsletter sending software.

  10.4. Data processing related to product delivery.

  10.4.1. Scope of data subjects: Users who order the product to be delivered to the address they specify.

  10.4.3. Scope of data affected by data processing: the data processing concerns the following data of the User for the purpose of fulfilling the contract arising from the order (execution of delivery):

  Surname, First name, Telephone number, Delivery address. 10.4.4. Purpose of data processing: executing the delivery of the ordered product as part of fulfilling the contract arising from the User's order, with delivery to the address specified by the User, and if necessary, by telephone consultation regarding the place and time of delivery.

  10.4.5. Duration of data processing: for the duration necessary to complete the delivery and delivery.

  10.4.6. Data processing solely means data processing operations necessary for the execution of delivery and delivery.

  10.5. Data processing related to invoice generation.

  10.5.1. Scope of data subjects: Users placing orders on the website, regardless of the use of other services provided by the website.

  10.5.2. The Data Controller uses the following as data processors

  Billingo Technologies Private Limited Company

  Company registration number: 01-10-140802

  Tax number:27926309-2-41

  Headquarters:1133 Budapest, Árbóc utca 6. I. floor

  Telephone: +36-1/500-9491

  Email address: hello@billingo.hu

  and

  Shoptet Kft.

  Company Registration Number: 01-09-357795

  Tax Number: 27933460-2-41

  Registered Office: 1027 Budapest, Kacsa Street 15-23.

  Business Premises: 1027 Budapest, Kacsa Street 15-23.

  Place of Business Activity: 1027 Budapest, Kacsa Street 15-23.

  Phone: +36 70 792 0527

  Email Address: info@shoptet.hu

  As the developers and maintainers of the invoicing software used by the Data Controller (hereinafter: Data Processor).

  10.5.3. Scope of data affected by data processing: the data processing concerns the name and address of the user placing the order, as well as the indication of the ordered goods and/or services, the time of purchase, and the purchase price, shipping fee, and any other fees contained in the invoices.

  10.5.4. Purpose of data processing: ensuring the information technology-based operation of the software used by the Data Controller for issuing invoices, through technical operations necessary for the secure operation of the software.

  10.5.5. Duration of data processing: for the period necessary to fulfill the record-keeping obligations arising from the accounting law – up to 8 years from the issuance of the invoice – until deletion occurs in the year following the expiry of 8 years.

  10.5.6. Data processing solely means technical operations necessary for the operation of the software used for invoice issuance in the information technology sense.

  10.6. Accounting service-related data processing.

  10.6.1. Scope of data subjects: Users placing orders.

  10.6.2. The Data Controller uses the following as data processors

  *name of the accounting firm -

  Company registration number: -

  Tax number: -

  Headquarters: -

  Location of business activity: -

  Telephone:-

  Email address:-

  As the accountant for the Data Controller's economic activity (hereinafter: Data Processor).

  10.6.3. Scope of data affected by data processing: the data processing concerns the name and address of the User placing the order, as well as the indication of the ordered goods, the time of purchase, and the purchase price, shipping fee, and any other fees contained in the invoices.

  10.6.4. Purpose of data processing: fulfilling the accounting obligations prescribed by law concerning the economic activity conducted by the Data Controller, through the services of the aforementioned Data Processor.

  10.6.5. Duration of data processing: up to the time necessary to fulfill the record-keeping obligations arising from the accounting law – until deletion occurs in the year following the expiry of 8 years.

  10.6.6. Data processing solely means operations necessary for fulfilling and auditing accounting obligations.

  10.7. Data processing for other purposes does not take place.

  10.8. Apart from the aforementioned Data Processors, the Data Controller does not use any other data processors.

  11. User rights related to data processing

  11.1. Right of access: Upon the User's request, the Data Controller provides information about the data about the User that it processes, or that it or a Data Processor appointed according to its instructions processes, their sources, the purpose, legal basis, and duration of data processing, the name, address, and data processing activities related to the Data Processor, any data protection incident that may have occurred, its circumstances, effects and the measures taken to remedy it, and - in case of data transfer - the legal basis and recipient of the data transfer. The Data Controller provides the information without undue delay, but no later than one month from the receipt of the request.

  Within the framework of the right of access, the Data Controller provides the User with a copy of the personal data undergoing processing, no later than one month from the receipt of the request. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the User.

  11.2. Right to data portability: The User has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, if:

  data processing is based on the User's consent or on a contract; and data processing is carried out by automated means. In exercising the right to data portability as described above, the User has the right to request the direct transfer of personal data between data controllers, if technically feasible.

  11.3. Right to rectification: The User may request the rectification of their data, which the Data Controller fulfills without undue delay, but no later than one month from the receipt of the request. Considering the purpose of data processing, the User has the right to request the completion of incomplete personal data, including through an additional statement.

  11.4. Right to restriction of processing: The Data Controller marks the personal data it processes for the purpose of restricting processing. The User has the right to request the Data Controller to restrict data processing if one of the following applies:

  the User contests the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data; data processing is unlawful, and the User opposes the deletion of the data and requests the restriction of their use instead; the Data Controller no longer needs the personal data for data processing purposes, but the affected party requires them for the establishment, exercise, or defense of legal claims; or the User has objected to data processing based on the legitimate interest of the Data Controller; in this case, the restriction applies for a period until it is determined whether the legitimate grounds of the Data Controller override those of the affected party. 11.5. Right to erasure: The Data Controller deletes the personal data if:

  the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the User withdraws the consent forming the basis for data processing, and there is no other legal ground for data processing; the User objects to the data processing, and there is no overriding legitimate ground for data processing, or the User objects to data processing for direct marketing purposes; the personal data have been unlawfully processed; the personal data must be erased to comply with a legal obligation in Union or Member State law to which the Data Controller is subject; the User requests deletion, or objects to data processing, and the collection of personal data was carried out in relation to the offer of information society services directed to children. The Data Controller notifies the affected User, as well as all data controllers to whom the data had previously been transferred, about the rectification, restriction, and erasure. Notification can be omitted if it proves impossible or would involve disproportionate effort. Upon request, the Data Controller informs the User about these recipients.

  11.6. Right to object: The User has the right, for reasons related to their particular situation, to object at any time to the processing of their personal data based on the legitimate interest of the Data Controller. In this case, the data controller may no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the affected party, or for the establishment, exercise, or defense of legal claims.

  12. Fulfillment of User requests

  12.1. The Data Controller provides the aforementioned information and measures free of charge. If the affected User's request is clearly unfounded or – particularly due to its repetitive nature – excessive, the Data Controller, taking into account the administrative costs involved in providing the requested information or taking the requested action, may:

  charge a reasonable fee, or refuse to act on the request. 12.2. The Data Controller informs the User about the measures taken following the request without undue delay, but no later than one month from the receipt of the request, including issuing data copies. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by an additional two months. The Data Controller informs the User about this extension, stating the reasons for the delay, within one month of receiving the request. If the affected User submitted the request electronically, the Data Controller provides the information electronically, unless the User requests otherwise.

  12.3. If the Data Controller does not take action on the User's request, it informs the affected party without delay, but no later than one month from the receipt of the request, about the reasons for not taking action, and about the fact that the User may file a complaint with the data protection authority mentioned below and may exercise their right to judicial remedy according to the same regulations.

  12.4. The User may submit their requests to the Data Controller in any manner that allows for the identification of their person. The identification of the User submitting the request is necessary because the Data Controller can only fulfill the requests of those entitled to it. If the Data Controller has reasonable doubts concerning the identity of the natural person submitting the request, it may request additional information necessary to confirm the identity of the affected User.

  12.5. Users may send their requests by post to the mailing address of the *web store of the Data Controller, or by email to the *web store's email address. An email request is considered authentic by the Data Controller only if it is sent from the email address provided by the User to the Data Controller and recorded there, however, the use of another email address does not mean ignoring the request. For emails, the time of receipt is considered to be the first business day following the sending.

  13. Data protection, data security

  13.1. The Data Controller ensures the security of the data in the course of its data processing and data processing activities, takes technical and organizational measures, and implements internal procedural rules to enforce the laws, as well as other data and confidentiality rules. It takes appropriate measures to protect against unauthorized access, alteration, transmission, public disclosure, deletion, or destruction, as well as accidental destruction and damage, and becoming inaccessible due to the change of the applied technology.

  13.2. Data serving as the basis for measuring visitation and mapping the usage habits related to the website are recorded by the Data Controller's IT system from the beginning in such a way that they cannot be directly linked to any person.

  13.3. Data processing only occurs for the purpose specified in this information and to the extent necessary and proportionate to achieve the lawful purpose, in accordance with the relevant laws and recommendations, and with appropriate security measures.

  13.4. To this end, the Data Controller uses an "https" schema http protocol for accessing the website, which enables the encryption and individual identification of web communication. In addition, in accordance with the above, the Data Controller stores the managed data in encrypted data files, in data processing lists separated by data processing purpose, to which only designated employees of the Data Controller who are responsible for data protection and the responsible handling of this information and the relevant laws can have access.

  14. Enforcement of rights The affected parties may exercise their rights before a court, and may also turn to the National Data Protection and Information Freedom Authority:

  National Data Protection and Information Freedom Authority Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Mailing address: 1530 Budapest, Pf.: 5. Telephone: +36 1 391 1400 Fax: +36 1 391 1410 Email: ugyfelszolgalat@naih.hu Website: http://www.naih.hu/

  If a court case is chosen, the lawsuit – according to the choice of the affected User – can also be initiated before the court of the affected person's place of residence or place of stay, as the trial falls within the jurisdiction of the court.

  2025.01.15