Purpose of the Data Protection Notice Huszti Sándor Csaba e.i., headquartered at 2011 Budakalász, Diófa Street 21, hereinafter referred to as the Service Provider, Data Controller, acknowledges as binding the content of this legal notice. The Data Controller commits to ensuring that all data processing related to its activities complies with the standards set in this policy, as well as in the current national legislation and legal acts of the European Union.
The Data Controller’s data protection policies related to its data processing activities are continuously available at ceges-weboldal.hu.
The Data Controller reserves the right to modify this notice at any time. Naturally, any changes will be communicated to the public in due time.
If you have any questions related to this notice, please write to us, and our colleague will answer your queries.
The Data Controller is committed to protecting the personal data of its clients and partners and considers it extremely important to respect the informational self-determination rights of its clients. The Data Controller treats personal data confidentially and takes all security, technical, and organizational measures that guarantee the security of the data.
Below, the Data Controller outlines its data processing practices.
Data Controller’s Information If you wish to contact our company, you can reach the Data Controller at the following email and phone number.
The Data Controller will delete all emails received, along with the listed personal data, within 3 years from the date of data transmission.
Name: Huszti Sándor Csaba e.i.
Representative: Huszti Sándor
Headquarters: 2011 Budakalász, Diófa Street 21.
Registration Number: 55707738
Tax Number: 72534308-1-33
Phone Number: +36302244445
Scope of Personal Data Processed Personal data requested during contact initiation:
Name, Phone Number, Email Address, Social Chat Profile (Messenger, Viber), Billing Information Technical Data The Data Controller selects and operates the IT tools used for personal data processing during service provision to ensure that the processed data:
is accessible to authorized persons (availability); its authenticity and verification are ensured (data processing integrity); its immutability is verifiable (data integrity); is protected against unauthorized access (data confidentiality). The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as against accidental destruction.
The Data Controller provides for the security of data processing with technical, organizational, and operational measures that offer a level of protection appropriate to the risks associated with the data processing.
In the course of data processing, the Data Controller maintains
confidentiality: protects information so that it can only be accessed by those who are authorized; integrity: protects the accuracy and completeness of the information and its processing method; availability: ensures that when the legitimate user needs it, they can indeed access the desired information and have the related tools available. Cookies Purpose of cookies
collect information about visitors and their devices; remember the individual settings of visitors, which may be used, e.g., in online transactions, so they do not have to be re-entered; facilitate the use of the website; provide a quality user experience. For personalized service, a small data packet, a so-called cookie, is placed and read back during subsequent visits on the user’s computer. If the browser sends back a previously saved cookie, the cookie managing service provider can link the user’s current visit with previous ones, but only with regard to its own content.
Duration of Data Processing
The specific storage duration of the cookie data, more information available here:
Google general cookie information:
Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en
Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Regulatory Background and Legal Basis for Cookies: The legal basis for data processing is the consent of the individual, pursuant to Article 6(1)(a) of the Regulation.
Main Characteristics of Cookies Used by the Website: Strictly Necessary Cookies: These cookies are essential for the use of the website and enable the use of its basic functions. Without these cookies, many features of the site will not be accessible to you. The lifespan of these types of cookies is limited to the duration of the session.
Cookies for Improving User Experience: These cookies collect information about the user’s website usage, such as which pages are visited most often or what error message is received from the website. These cookies do not collect identifiable information about the visitor, i.e., they work with completely general, anonymous information. The data obtained from these are used to improve the performance of the website. The lifespan of these types of cookies is limited to the duration of the session.
Remarketing Cookies: May appear for previous visitors or users when browsing other websites on the Google Display Network or when searching for terms related to products or services.
Session Cookie: These cookies store the visitor’s location, browser language, currency of payment, and have a lifespan until the browser is closed or a maximum of 2 hours.
Mobile Version, Design Cookie: Detects the device used by the visitor and switches to full view on mobile. Its lifespan is 365 days.
Cookie Acceptance Cookie: Accepts the statement about storing cookies in the warning window upon arrival on the site. Its lifespan is 365 days.
Facebook Pixel (Facebook cookie): A Facebook pixel is a code that helps create reports on conversions on the website, compile target audiences, and provide detailed analytical data about the use of the website to the site owner. The Facebook pixel can be used to display personalized offers and ads on the Facebook interface for website visitors. You can study Facebook’s data handling policy here: https://www.facebook.com/privacy/explanation
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11 Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito Safari: https://support.apple.com/kb/ph21411?locale=en_US Chrome: https://support.google.com/chrome/answer/95647 Purpose, Method, and Legal Basis of Data Processing General Data Processing Guidelines
The data processing activities of the Data Controller are based on voluntary consent and/or legal authorization. In cases of data processing based on voluntary consent, the subjects can withdraw their consent at any stage of data processing.
In certain cases, the processing, storage, and transmission of a set of provided data are mandated by law, about which our customers are separately notified.
Data providers who provide personal data other than their own are obliged to obtain the consent of the concerned individuals.
The data processing principles are in accordance with the current data protection laws, especially with the following:
Act CXII of 2011 – on Informational Self-Determination and Freedom of Information (Info Act); The European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR); Act V of 2013 – on the Civil Code (Civil Code); Act C of 2000 – on Accounting (Accounting Act); Act LIII of 2017 – on the Prevention and Impediment of Money Laundering and Terrorism Financing (Pmt.); Act CCXXXVII of 2013 – on Credit Institutions and Financial Enterprises (Hpt.).
Physical Locations of Data Storage Your personal data (i.e., data that can be associated with you personally) may be processed by us in the following ways: on the one hand, technical data related to the computer, browser program, internet address, and pages visited associated with maintaining internet connection automatically form in our computer system; on the other hand, you may provide your name, contact information, or other data if you wish to make personal contact with us while using the website.
Data recorded during the operation of the system include data of the affected login computer generated during use and recorded by the website’s system as an automatic result of technical processes. This automatically recorded data is logged by the system without any separate declaration or action from the affected person upon entry and exit. This data cannot be linked with other personal user data except in cases required by law. Only the website’s owner and operator have access to this data.
Data Transfer, Data Processing, and the Circle of Acquaintances Detailed listing of the companies transferring, storing, and acquainting with the data. Listing of the data and contact information of the said companies (e.g., accounting, billing, delivery, CRM system, online payment, etc.)
Website Owner: Data Processor Name: Huszti Sándor Csaba e.i.
Data Processor Headquarters: 1181 Budapest, Darus s. 4.3/1
Data Processor Phone Number: +36302244445
Data Processor Email Address: email@example.com
Website Operator: Data Processor Name: Huszti Sándor e.v.
Data Processor Headquarters: 1181 Budapest, Darus street 4 building 3. floor 1. door
Data Processor Email Address: firstname.lastname@example.org
Billing System: Billingo Data Processor Name: KBOSS.hu Kereskedelmi és Szolgáltató Kft. (Számlázz.hu)
Data Processor Headquarters: 1031 Budapest, Záhony Street 7.
Data Processor Phone Number: +3630 35 44 789
Data Processor Email Address: email@example.com
Accountant: Data Processor Name: ANIKONT Könyvelő Kft.
Data Processor Headquarters: 4032 Debrecen, Böszörményi Road 68. I. fsz 2.
Data Processor Phone Number: 0652753726
Data Processor Email Address: firstname.lastname@example.org
The Data Processor, based on the contract with the Data Controller, participates in maintaining records of orders. In this process, the Data Processor manages the name, address, phone number, the number, and date of orders of the concerned person within the period of civil statute of limitations.
Rights of the Affected and Opportunities for Legal Enforcement During the duration of data processing, you have the following rights under the Regulation:
the right to withdraw consent access to personal data and information related to data processing right to correction restriction of data processing right to deletion right to object right to portability. If you wish to exercise your rights, it will involve your identification and the Data Controller necessarily communicating with you. Therefore, for identification purposes, you will need to provide personal data (but identification can only be based on data otherwise processed by the Data Controller about you), and complaints related to data processing will be available in the Data Controller’s email account within the time period specified for complaints in this notice. If you were our customer and wish to identify yourself for complaint handling or warranty processing, please also provide your order identifier. Using this, we can also identify you as a customer.
Data Controller will respond to complaints related to data processing within 30 days at the latest.
Right to Information The Data Controller takes appropriate measures to ensure that all information relating to the processing of personal data mentioned in Articles 13 and 14 of the GDPR and each piece of information according to Articles 15-22 and 34 is provided in a concise, transparent, understandable, and easily accessible form, clearly and understandably articulated.
The Right of the Affected to Access You are entitled to receive feedback from the Data Controller on whether the processing of your personal data is underway, and if such processing is ongoing, you are entitled to:
access the personal data being processed and be informed by the Data Controller about the following: the purposes of data processing; categories of personal data about you being processed; information on recipients or categories of recipients with whom or which the personal data have been or will be shared; the planned duration of storage of personal data, or if this is not possible, the criteria for determining this duration; your right to request the Data Controller to correct, delete, or restrict processing of your personal data and, in the case of data processing based on legitimate interest, to object to the processing of such personal data; the right to lodge a complaint with a supervisory authority; if the data were not collected from you, any available information about their source; the fact of automated decision-making (if applied), including profiling, and at least in these cases, understandable information about the logic used and the significance and expected consequences of such data processing for you. The purpose of exercising the right may be to determine and check the lawfulness of data processing, so in the case of multiple information requests, the Data Controller may charge a reasonable fee for providing the information.
The Data Controller provides access to personal data by sending the processed personal data and information to you via email after your identification. If you have a registration, access is provided by allowing you to view and check personal data about you by logging into your user account.
Please indicate in your request whether you require access to personal data or information related to data processing.
Right to Correction You are entitled to request the Data Controller to correct your inaccurate personal data without undue delay.
Right to Deletion The affected person is entitled to request the Data Controller to delete personal data concerning them without undue delay for any of the following reasons:
personal data are no longer needed for the purposes for which they were collected or otherwise processed; the affected person withdraws the consent forming the basis of the data processing, and there is no other legal basis for the processing; the affected person objects to the data processing, and there are no overriding legitimate grounds for the processing; personal data have been unlawfully processed; personal data must be deleted to comply with a legal obligation under EU or member state law applicable to the Data Controller; personal data were collected in connection with the offer of information society services. Deletion of data cannot be initiated if data processing is necessary for exercising the right of freedom of expression and information; to fulfill an obligation requiring data processing under EU or member state law applicable to the Data Controller, or for performing a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health, or for archiving, scientific and historical research purposes or statistical purposes on the basis of public interest; or for the establishment, exercise, or defense of legal claims.
Right to Restriction of Data Processing The Data Controller shall restrict data processing upon request of the affected person if any of the following conditions are met:
the accuracy of personal data is contested by the affected person, in which case the restriction applies for the duration enabling the verification of the accuracy of personal data; data processing is unlawful, and the affected person opposes the deletion of the data and requests the restriction of their use instead; the Data Controller no longer needs the personal data for the purposes of processing, but they are required by the affected person for the establishment, exercise, or defense of legal claims; or the affected person has objected to data processing; in this case, the restriction applies for the duration until it is determined whether the legitimate grounds of the Data Controller override those of the affected person. If data processing is under restriction, personal data, with the exception of storage, can only be processed with the consent of the affected person, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
Right to Data Portability If the data processing is carried out by automated means, or if the data processing is based on your voluntary consent, you have the right to request the Data Controller to provide you with the data you have provided to the Data Controller, which the Data Controller shall provide in xml, JSON, or csv format, if technically feasible, you may request that the Data Controller transfer the data in this format to another data controller.
Right to Object The affected person has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, including profiling based on those provisions. In the event of an objection, the Data Controller shall no longer process the personal data unless compelling legitimate grounds for the processing override the interests, rights, and freedoms of the affected person, or for the establishment, exercise, or defense of legal claims.
Automated Individual Decision-Making, Including Profiling The affected person has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to Withdraw Consent The affected person has the right to withdraw his or her consent at any time.
Right to Judicial Remedy In case of violation of his or her rights, the affected person can bring legal action against the Data Controller. The court proceeds out of turn in such cases.
Data Protection Authority Procedure Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing Address: 1530 Budapest, Pf.: 5. Phone: 0613911400 Fax: 0613911410 Email: email@example.com Website: http://www.naih.hu Other Provisions For data processing not listed in this notice, information is provided at the time of data collection.
We inform our customers that authorities such as the court, the prosecutor’s office, the investigating authority, the authority for misdemeanors, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may contact the Data Controller to provide information, transmit data, transfer documents, or make them available for the purpose of fulfilling a legal obligation.
The Data Controller provides personal data to the authorities only to the extent and to the degree necessary for the fulfillment of the purpose of the request, provided the authority has specified the exact purpose and scope of the data.
This document contains all relevant data processing information related to the operation of the webshop in accordance with Regulation (EU) 2016/679 of the European Union (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Infotv.).