During the operation of (hereinafter referred to as: Website), HERDON ERIKA EGYÉNI VÁLLALKOZÓ . (hereinafter referred to as: Service Provider) processes the data of the visitor of the Website and those who registered on the Website or provided their personal data in an other way (hereinafter referred to as: Data Subject).
In connection with processing of data, Service Provider hereby informs the Data Subjects about the personal data processed by itself on the Website, the principles and practices followed by the Service Provider within the framework of processing of personal data, and the method and possibilities of exercising rights of the Data Subjects.
Data Subject: a natural person who has been identified based on a specific personal data, or who can be identified directly or indirectly on the basis thereof;
Personal data: any information relating to the data subject, in particular by reference to his name, identification number or by reference to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject;
Consent of the Data Subject: any voluntary and definite expression of the will of the data subject which based on an appropriate information and by which the data subject gives his unambiguous consent to the processing of personal data relating to him without limitation or with regard to specific operations;
Objection of the Data Subject: the declaration of the data subject by which he objects to the processing of his personal data and requests the termination of processing of data, or the deletion of the processed data
Data controller: a natural or legal person, or unincorporated organization - in the present case it is the Service Provider - which individually or jointly with others determines the purpose of processing of data, makes decisions regarding the processing of data (including the means) and executes such decisions or engages a data processor to execute them
Processing of data: any operation or set of operations that is performed upon data regardless to the used method, such as in particular collection, recording, systematization, storage, amendment, use, retrieval, disclosure by transmission, publication, alignment or combination, blocking, deletion or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical characteristics suitable for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
Data processing: the technical operations involved in data control, irrespective of the method and instruments used for the execution of such operations and the venue where it takes place, provided that such technical operations are carried out on the data;
Data processor: a natural or legal person, or unincorporated organization that is engaged in personal data processing under a contract concluded with the data controller, including when the contract is concluded by virtue of law;
Disclosure of data by transmission: making the data available to a specific third party;
Public disclosure: making the data available to the general public;
Deletion of data: making the data unrecognizable in a way that the restoration of such is no longer possible;
Blocking of data: provision of the data with an identification mark for the purpose of the permanent or temporary restriction of further processing of such;
Destruction of data: the complete physical destruction of the medium containing data;
Third party: any natural or legal person, or unincorporated organization other than the data subject, the data controller or processor;
Privacy incident: the unlawful use or processing of personal data meaning, in particular, unauthorized access, alteration, transmission, publication, deletion destruction as well as damage and accidental destruction.
Purpose of processing of data
The Service Provider stores and processes the data provided by the Data Subject for a specified purpose, and exclusively in order to fulfil the order, to make possible the invoicing, to deliver the product to home, to prove afterwards the conditions of the contract, and to send the newsletter (targeted ads in case of a separate consent) to the Data Subject, if the Data Subject subscribed to the newsletter.
The purpose of data automatically recorded is the compilation of statistics, the technical development of the IT system, and the development of the Website.
The Service Provider shall not use the provided personal data for a purpose other than the purpose defined above. The release of personal data to third party or to the authority is possible in case of the prior, express consent of the Subject Data, unless otherwise provided in a binding law.
In every cases where the Service Provider wishes to use the provided data to a purpose other than the original purpose, it shall inform the Data Subject and obtain the prior, express consent of the Data Subject to this, and the Service Provider shall make it possible to the Data Subject to prohibit the use of data.
2. Legal basis of processing of data
The processing of data is possible on the basis of the voluntary declaration of the user of the Website, which based on appropriate information, which declaration includes the express consent of the Data Subject to the use of his personal data provided during the use of the Website.
The processing of data carrying out by the Service Provider is possible on the basis of the voluntary declaration of the Data Subject pursuant to point 1 (a) of Section 5 of Act CXII of 2011 on Informational Self-determination and Freedom of Information (“Information Act”) and on the basis of Act CVIII of 2001 on the Electronic Commerce and on Information Society Services.
The Service Provider shall not check the provided personal data and their authenticity. The Data subject as the contracting party is exclusively liable for the adequacy of the personal data. In case of the provision of an e-mail address, the Data Subject shall take responsibility for the fact that via such e-mail, he is the only one who use a service. With regard to such, any responsibility in connection with the entering by the given e-mail address shall exclusively be borne by the Data Subject, who registered such e-mail address.
3. The data of the Service Provider as data processor
Company name: HERDON ERIKA Egyéni vállakozó
Registered seat: 1203 Budapest Téglagyártó út 15/a 4/2.
Tax number: 69010215-1-43
Company registration number: 52568307
Registering court: Ministry of Interior Hungary
Hosting service provider: Wix.com
4 Duration of processing of data
The processing of personal data provided during the registration procedure or the ordering procedure, the provision of which is mandatory, lasts from the registration until the deletion of such upon a request. In case of a data the provision of which is not mandatory, the data processing lasts from the provision of such until the deletion of such upon a request as well.
The deletion of the provided personal data (provided during the registration or the ordering procedure) can be performed anytime following that the request has been sent. The Service Provider deletes the personal data from its system within 5 working days following the receipt of the request.
The logged technical data shall be stored for 5 years in the system, from the date of the logging, except the date of the last visit which is automatically overwritten.
In case of a newsletter, if the Data Subject unsubscribes from the newsletter, then the Service Provider sends no more DM contained letter to the Data Subject.
The above provisions do not affect the performance of the obligation to keep such data defined in any legal regulations (e.g. in accountancy legal regulations) and the processing of data on the basis of further declaration given during the registration on the Website or in another way.
5 The scope of the processed personal data
5.1. Data provided during the registration and the ordering procedure
For an order carried out on the Website, the Data Subject shall fill a registration or an ordering form, during which the following data shall be provided in order that the order can be fulfilled by the Service Provider:
Under “Personal information”:
The invoicing and delivery address can be provided during the ordering procedure.
In case of subscription to newsletter, the e-mail address and the full name of the Data Subject shall be provided to the Service Provider.
5.3 Data provided during making contact
The Data Subject, in case of any question, can contact the Service Provider by sending the respective form provided on the Website. In such a case, the Data Subject shall provide his email address. The Data Subject may provide further data in the message to be sent, however it is not mandatory.
5.4. Technical data
The technical data is the data of the computer of the Data Subject which is generated during the use of the service and which is recorded by the system of the Service Provider, as an automatic result of the technical processes. Such as, in particular, the date and time of the visit, IP address of the Data Subject, type of the browser, address of the viewed and previously visited website.
The data to be automatically recorded is recorded by the system at the time of entering and exit without the separate declaration or other act of the Data Subject. Such data cannot be linked to other personal user data, except cases made mandatory by the law. Such data is only available to the Service Provider.
HTLM code of the Website may contain reference arriving from an external server and shows towards an external server which is independent from the Servicer Provider. The service providers of such references are able to collect user data due to the direct connection to their servers.
The Service Provider makes it possible to subscribe our newsletter via contact to the firstname.lastname@example.org. The newsletter contains direct marketing elements and advertisement. The Service Provider processes the data provided by the Data Subject during the use of the newsletter, which is the email address .
The Data Subject can anytime unsubscribe from the newsletter free of charge, without any limitation or reasoning. The Data Subject can do it by clicking on “Unsubscribe” at the bottom of the newsletter or by sending (via e-mail or post) a deletion request to the Service Provider. In such a case, the Service Provider will not contact the Data Subject with further newsletter or offers. The Service Provider may send letters containing ads or advertisement (newsletter) to the e-mail address provided by the Data Subject during the registration in case of the express consent of the Data Subject and in compliance with the respective legal regulations.
7 The scope of persons having access to data, disclosure of data by transmission, data processing
Firstly, it is the Service Provider and its internal employees who are entitled to access to the data, however they cannot publish or transfer such to third party.
The Service Provider may use a data processor (e.g. system operator, carrier) within the scope of fulfilment, delivery of orders and settlement of clearing.
The data processors are the following:
Activity: courier service
Name: GLS General Logistic Systems Hungary Csomag-Logisztikai Kft.
Registered seat: 2351 Alsónémedi GLS Európa út 2.
Activity: courier service
Name: FEDEX Federal Express Cooperation Hungary
Registered seat: 2220 Vecsés, Lőrinczi út 59.
Activity: courier service
Name: Billingo Technologies Zrt.
Hosting service provider:
Name: Wix.com Ltd
In addition to the above, the transfer of personal data of the Data Subject can only be realized in cases defined by the law and on the basis of the approval of the Data Subject.
8.The rights of the Data Subject and possibilities to enforcement of rights
8.1 Right to information
The Data Subject is entitled to request anytime information on his personal data processed by the Service Provider.
The Service Provider provides information upon the request of the Data Subject on his personal data processed by itself, on the data processed by itself or by a contracted data processor, on the sources of such, on the purpose, legal basis and duration of the data processing, furthermore on the name, address and on the activity related to data processing of the data processor, on the circumstances and effects of the privacy incident, the measures taken to the elimination of the incident, and - in case of the transmission of the person data of the Data Subject - the legal basis and addressee of such transmission. The Service Provider shall provide the requested information within 30 days from the submission of the request.
The Service Provider - through its internal data protection officer, if any - keeps a record in order to control the measures taken in relation to the privacy incident and to inform the Data Subject, which record includes the scope of the personal data of the Data Subject, the scope and number of the Data Subjects affected by the privacy incident, the time, circumstances, effects of the privacy incident, and the measures taken to the elimination of such, and the data defined in laws prescribing data processing.
The Data Subject can turn to the employee of the Service Provider in case of any question or comment related to data processing via the contact details defined in point 4.
8.2 The Data Subject may request the deletion, correction and blocking of his data
The Data Subject is entitled to request anytime the correction or deletion of his data which has been incorrectly recorded via the contact details defined above. The Service Provider deletes the data within 5 working days from the receipt of the request, in such case, the restoration of these data is no longer possible. The deletion shall not apply to the data processing necessary on the basis of a legal regulation (e.g. accountancy regulation), these data shall be kept by the Service Provider for as long as necessary.
The Data Subject may request the blocking of his data as well. The Service Provider shall block the personal data, if it is requested by the Data Subject or if on the basis of the available information it can be assumed that the deletion violates the legitimate interest of the Data Subject.
A data blocked this way can be processed until the purpose of the data processing, which excludes the deletion of the personal data, exists.
The Data Subject and those who have received the data for the purpose of data processing shall be informed on the correction, blocking and deletion of data. Such notification can be ignored if it does not violate the legitimate interest of the Data Subject having regard to the purpose of data processing.
If the Service Provider does not fulfil the request of the Data Subject to correct, block or delete the data, it shall inform in writing the Data Subject on the factual and legal reason of the refusal of such request within 30 days from the receipt of the request.
8.3 The Data Subject may object to the processing of his personal data
The Data Subject may object to the processing of his personal data. The Service Provider examines the objection as soon as possible following the submission of the request, but no later than within 15 days, it makes a decision regarding whether it is well-founded, and it shall inform the Data Subject in writing on the decision.
The Data Subject may exercise his rights via the contact details defined in point 4.
8.4 The Data Subject may, on the basis of the Information Act and the Civil Code (Act V of 2013):
- turn to the Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c; www.naih.hu) or
- enforce his rights before the competent court.
If the Data Subject provided the data of a third party during the registration for the use of service or caused a damage in any way during the use of the Website, the Service Provider is entitled to enforce a compensation against the Data Subject. In such case, the Service Provider shall use its best efforts to help the acting authority for the purpose of the establishment of the identity of the infringer.
9. Use of the e-mail address
The Service Provider pays special attention to the lawfulness of the use of e-mail addresses processed by itself, thus such e-mail addresses are exclusively used for sending (informational or advertising) e-mails as defined below.
The processing of the email addresses firstly serves to the identification of the Data Subject, the fulfilment of the orders, maintenance of the contact during the use of the service, thus primarily the emails are sent for such purposes.
10. Other provisions
The Service Provider shall ensure the security of the data, and shall take all technical measures ensuring the protection of the recorded, stored and processed data, and shall make every effort in order to prevent the destruction, unauthorized use and alteration of such. The Service Provider is obliged to draw the attention of any third party to whom the data has been transmitted or provided to the performance of such obligation.