Who are we
The address of our website is https://www.raktaar.hu
DATA PROTECTION AND DATA MANAGEMENT INFORMATION of Raktár-Design-Store Kft
I. Purpose and scope of the Prospectus
1.1 The purpose of this Prospectus is to set out the data protection and management principles applied by the Warehouse-Design-Store Limited Liability Company and the Company’s data protection and management policy, which is binding on the Company as a data controller. recognizes by force.
1.2 This Prospectus contains the principles for the handling of Personal Data provided by Users on the websites of the Services.
1.3 In developing the provisions of the Prospectus, the Company has taken into account in particular the provisions of Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), Article CXII of 2011 on the right to information self-determination and freedom of information. Act XLVIII of 2013 on the Civil Code (“Civil Code”), Act V of 2013 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (“Civil Code”); Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services. and Act C of 2000 on Accounting (concerning the Issuance and Retention of Documents).
1.4 Unless otherwise stated, the scope of the Prospectus does not cover the services and data management related to the promotions, sweepstakes, services, other campaigns of third parties other than the Data Controller advertised or otherwise appearing on certain websites referred to in this Prospectus. Likewise, unless otherwise stated, the scope of the Prospectus does not cover the services and data management of websites, service providers to which the link on the websites covered by the Prospectus leads. Such services are governed by the provisions of the data management information of the third party operating the service, and the Data Controller does not take any responsibility for these data processing.
II. Definitions
2.1 Data Management: any operation or set of operations on Personal Data, regardless of the procedure used, in particular the collection, recording, systematisation, segmentation, storage, transformation, alteration, use, querying, viewing, communication, transmission, dissemination or otherwise making available, disclosing, reconciling or linking, restricting, deleting and destroying.
2.2 Data Controller: who determines the purposes and means of Data Management – independently or together with others.
For the Services referred to in this Prospectus, they are considered Data Controllers
1.
2. a Raktár -Design-Store Kft (Headquarters: 1098 Budapest, Dési Huber u.20 / B III.em 11; registered by the Registry Court of the Capital City, company registration number: 01-09-353141; tax number: 27307465-2-43]; hereinafter referred to as the “Data Controller”), and
2.3 Personal data or data: any data or information on the basis of which a natural person User becomes identifiable, directly or indirectly.
2.4 Data Processor: the service provider who handles Personal Data on behalf of the Data Controller. In the case of the services referred to in this Prospectus, Data Processors may be:
1.
2. BlazeArts Kft (registered office: 6090 Kunszentmiklós, Damjanich u. 36. 1/8; registered by the Registry Court of the Capital Court, company registration number: 03-09-109150; tax number: 12539833-2- 03
2.5 Website (s): websites operated by the Data Controller: www.raktaar.hu
2.6 Service (s): online webshop operated by the Data Controller and services provided by the Data Controller, which are available and can be ordered on the Websites, as well as services organized by the Data Controller. participation in events.
2.7 User: the natural person who purchases the Services and provides the following III. listed in point.
2.9 Information: this data management information of the Data Controller.
III. Scope of the managed Personal Data
3.1 At the User’s discretion, the Data Controller may manage the following data in connection with the use of the Services available through the Websites: name, place of residence, postal address, postal code, telephone number, e-mail address, secondary e-mail address, last IP address, date of last entry.
3.2 If the User sends an e-mail (eg a message, a reader’s letter) to a Service, the Data Controller shall record the User’s e-mail address and manage it to the extent and for the period necessary for the provision of the Service.
3.3 In the course of its content editing activities, the data controller manages the data of all natural persons who have contributed to the production of the content, either as a source or in such a way that they are referenced in the edited content. In this case, the personal data most frequently processed by the Data Controller may be: the name, position, place of work, age, place of residence of the data subject, resp. other data that suggests how the data subject relates to the topic of the edited content.
3.4 In connection with the webshop service, the Data Controller may manage the Personal Data recorded in point 3.1 above, as well as the Personal Data relating to the billing name and address provided by the User for invoicing, and the Personal Data related to the products selected for purchase and the chosen payment method.
3.5 Notwithstanding the above, it may happen that the service provider technically related to the operation of the Services carries out data management activities on one of the Websites without informing the Data Controller. Such activity does not constitute Data Management by the Data Controller. The Data Controller will make every effort to prevent and filter out such data processing.
ARC. Scope of additional data managed by the Data Controller
4.1 The Data Controller places a small data package (so-called “cookie”) on the User’s computer in order to provide customized service. The purpose of the cookie is to ensure the highest possible level of operation of the given page, to provide personalized services, and to increase the user experience. The User can delete the cookie from his / her own computer or set his / her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie the operation of the given page is not complete.
4.2 When providing personalized services, the Data Controller uses the following Personal Data using cookies: demographic data (based on the data referred to in points 3.2 and / or 3.4 above) and information, habits, preferences (based on browsing history).
4.3 Data to be technically recorded during the operation of the systems: the data of the User’s login computer, which is generated during the use of the Service and which is recorded by the Data Management System as an automatic result of the technical processes. The data that is automatically recorded is automatically logged at the time of entry or exit without the User’s separate statement or action.
V. Purpose and legal basis of
the Data Management 5.1 The purpose of the Data Management carried out by the Data Controller:
1. online content service;
2. identification of the User, contact with the User;
3. identification of the User rights (Services available to the User);
4. facilitating the customization of the Services used by the User, the use of convenience functions;
5. handling individual user requests;
6. preparation of statistics, analyzes;
7. Inquiries for direct business acquisition or marketing purposes (eg newsletter, eDM, etc.)
8. in the case of a webshop service, creating a contract between the parties, defining its content, modifying it, monitoring its performance, delivering the ordered product or using the ordered service, invoicing the purchase price and enforcing related claims, documenting compliance, accounting fulfillment of obligations;
9. technical development of the IT system;
10. protection of the rights of the Users;
11. enforcing the legitimate interests of the Data Controller.
The Data Controller may process Personal Data in order to achieve any of the data management purposes described above.
The Data Controller will not use the provided Personal Data for purposes other than those described in these sections.
5.2 The Data Management is carried out on the basis of the voluntary, duly informed statement of the Users, which contains the express consent of the Users to the use of their Personal Data provided during the use of the site and the Personal Data generated about them. In the case of Data Management based on consent, the User is entitled to withdraw his or her consent at any time, which, however, does not affect the lawfulness of data management prior to withdrawal.
When accessing the individual Websites by the User, the Data Controller shall use the User’s IP address in connection with the provision of the Service, in view of the Data Controller’s legitimate interest and lawful provision of the Service (eg for illegal use or illegal content), without the User’s consent. also recorded.
The legal basis for Data Management in the context of content provision is the guarantee of fundamental rights to information and expression of opinion, within the framework set by law.
In case of using the webshop service, the legal basis of the Data Management may be the voluntary consent of the User, the conclusion of the contract created by the User, or and the provisions of the legislation referred to in Section 1.3 of the Regulations. By registering on the Website or using the service, the User, as a customer, consents to the Service Provider and his business partners involved in the provision of the webshop service (eg courier service) fulfilling the Personal Data provided during registration and / or purchase. stored, handled and used in accordance with the legal provisions in force at any time. The Data Controller handles the Personal Data contained in the document issued by the Data Controller in accordance with the provisions of the Accounting Act.
5.3 The transfer of data to the Data Processors specified in this Prospectus may be carried out without the separate consent of the User. The release of personal data to a third party or authorities, unless otherwise provided by law, is only possible on the basis of an official decision or with the prior express consent of the User.
5.4 The User warrants that the consent of the natural person concerned has been lawfully obtained for the processing of Personal Data provided or made available by him / her about other natural persons during the use of the Services (eg during the publication of User-generated content, etc.). The User is solely responsible for the shared user content uploaded to the Services by the User.
5.5 When providing the e-mail address of any User and the data provided during registration (eg username, ID, password, etc.), it is also responsible for ensuring that the e-mail address provided or using the data provided by him, he only uses the service. In view of this responsibility, all liability in connection with access to a given e-mail address and / or data rests solely with the User who registered the e-mail address and provided the data.
VI. Principles and method
of Data Management 6.1 The Data Controller handles Personal Data in accordance with the principles of good faith, fairness and transparency, as well as the provisions of applicable law and this Prospectus.
6.2 The Personal Data that is essential for the use of the Services is used by the Data Controller with the consent of the User concerned and only for the intended purpose.
6.3 The Data Controller shall use the Personal Data only in this Prospectus or treated for the purpose specified in the relevant legislation. The scope of the Personal Data processed is proportionate to the purpose of the Data Management and may not extend beyond it.
In all cases where the Data Controller wishes to use the Personal Data for a purpose other than the purpose of the original data collection, it shall inform the User thereof and obtain its prior, express consent, or provide him or her with an opportunity to prohibit the use.
6.4 The Data Controller does not check the provided Personal Data. The person who provided it is solely responsible for the adequacy of the Personal Data provided.
6.5 The personal data of a person under the age of 16 may only be processed with the consent of an adult exercising parental supervision over him or her. The Data Controller is not in a position to check the consent of the consenting person or the content of his / her statement, so the User or the person exercising parental supervision over him / her guarantees that the consent complies with the law. In the absence of a consent statement, the Data Controller will not collect Personal Data relating to a data subject under the age of 16, except for the IP address used when using the Service, which will be recorded automatically due to the nature of the Internet services.
6.6 The Data Controller shall not transfer the Personal Data managed by it to third parties other than the Data Processors specified in this Prospectus and in certain cases referred to in this Prospectus.
An exception to the provision of this section is the use of the data in a statistically aggregated form, which may not contain any other data suitable for the identification of the relevant User in any form, thus it does not qualify as Data Management or data transmission.
The Data Controller in certain cases – due to an official court or police request, legal proceedings due to copyright, property or other violations or their reasonable suspicion, violation of the Data Controller’s interests, endangering the provision of the Services, etc. – make the available Personal Data of the relevant User available to third parties.
6.7 The Data Management System may collect data on the activity of the Users, which may not be linked to other data provided by the Users during registration, or to data generated when using other websites or services.
6.8 The Data Controller shall inform about the correction or restriction of the Personal Data managed by it. the affected User will be notified of the deletion, as well as all those to whom the Personal Data has previously been transferred for the purpose of Data Management. The notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the Data Management.
6.9 The Data Controller shall ensure the security of the Personal Data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored and processed data are protected, and prevent their accidental loss, unauthorized destruction or unauthorized access. , unauthorized use and unauthorized alteration, unauthorized distribution. To fulfill this obligation, the Data Controller invites all third parties to whom it transmits Personal Data.
6.10 Subject to the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer.
VII. Duration of Data Processing
7.1. Automatically registered IP addresses are stored by the Data Controller for up to 7 days after they are recorded.
7.2 In the case of e-mails sent by the User, if the User does not have a registration, the requested Data Controller shall delete the e-mail address on the 90th day after the closing of the case referred to in the request, unless in individual cases the Data Controller’s legitimate interest in justifies the management of the Data Controller until this legitimate interest of the Data Controller exists.
7.3 The processing of the Personal Data provided by the User will continue until the User unsubscribes from the Service – with the given user name – or otherwise requests the deletion of the Personal Data. In this case, the Personal Data will be deleted from the systems of the Data Controller.
The Personal Data provided by the User – even if the User does not unsubscribe from the Service or by canceling his registration only terminates the access option, may be processed by the Data Controller until the User expressly requests the termination of their Data Management in writing. The User’s request to terminate the Data Management without unsubscribing from the Service does not affect his right to use the Service, however, he may not be able to use some Services due to the lack of Personal Data.
7.4 In case of illegal, misleading Personal Data or in case of a crime or attack on the system committed by the User, the Data Controller is entitled to delete his / her Personal Data immediately at the same time as the User’s registration is terminated. for the duration of the procedure.
7.5 The data that is automatically and technically recorded during the operation of the system shall be stored in the system for a period of time reasonable from the moment of their generation in order to ensure the operation of the system. The Data Controller ensures that this automatically recorded data cannot be linked to other Personal Data, except in cases required by law. If the User has terminated his / her consent to the processing of his / her Personal Data or has unsubscribed from the Service, his / her identity will not be identified from the technical data, excluding the investigating authorities or their experts.
7.6 If a court or authority legally orders the deletion of Personal Data, the deletion shall be carried out by the Data Controller. Instead of deleting, the Data Controller – in addition to informing the User – restricts the use of Personal Data if the User so requests or if, based on the information available to him, it can be assumed that the deletion would harm the User’s legitimate interest. The Personal Data will not be deleted by the Data Controller as long as the purpose of the data management that precluded the deletion of the Personal Data exists.
VIII. The User’s rights, how to enforce them
8.1 The User may request that the Data Controller inform whether he / she handles the User’s personal data and, if so, grant him / her access to the Personal Data managed by him / her.
The Personal Data provided by the User in connection with the given Service can be viewed in the settings of the access control system of the Services or on the profile pages belonging to each Service.
Regardless of this, the User may request information on the handling of Personal Data at any time, in writing, by registered mail to the address of the Data Controller or by registered letter with return receipt, or by e-mail to [email protected]. The information request sent in the letter shall be considered authentic by the requested Data Controller if the User can be clearly identified on the basis of the sent request. A request for information sent by e-mail is considered authentic by the Data Controller only if it is sent from the User’s registered e-mail address, however, this does not preclude the Data Controller from identifying the User in another way before providing the information.
The request for information may cover the User’s data managed by the Data Controller, their source, the purpose, legal basis, duration of the Data Management, the names and addresses of any Data Processors, activities related to Data Management and, in case of transfer of Personal Data, who received or received the User’s data.
8.2 The User may request the correction or modification of the Personal Data managed by the Data Controller. Taking into account the purpose of the Data Management, the User may request the completion of the incomplete Personal Data.
The Personal Data provided by the User in connection with the given Service may be modified in the settings of the access control system of the Services or on the profile pages belonging to each Service. Once the request to change personal data has been fulfilled, the previous (deleted) data can no longer be restored.
8.3 The User may request the deletion of the Personal Data managed by the Data Controller.
Deletion may be refused (i) for the purpose of exercising the right to freedom of expression and information, or, (ii) if the processing of Personal Data is authorized by law; and (iii) to file, assert or defend legal claims.
In all cases, the Data Controller shall inform the User of the refusal of the cancellation request, indicating the reason for the refusal of the cancellation. Once the request to delete personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
Newsletters sent by the Data Controller can be unsubscribed via the unsubscribe link in them. In case of unsubscription, the Data Controller deletes the User’s Personal Data in the newsletter database.
8.4 The User may request that the processing of his / her Personal Data be restricted by the Data Controller if the User disputes the accuracy of the processed Personal Data. In this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the Personal Data. The Data Controller shall mark the Personal Data managed by him / her if the User disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed Personal Data cannot be clearly established.
The User may request that the processing of his / her Personal Data be restricted by the Data Controller even if the Data Management is illegal, but the User objects to the deletion of the processed Personal Data and requests instead to restrict their use.
The User may also request that the processing of his / her Personal Data be restricted by the Data Controller if the purpose of the Data Management has been achieved, but the User requests their processing by the Data Controller in order to submit, enforce or protect legal claims.
8.5 The User may request that the Data Controller hand over the Personal Data provided by the User and handled in an automated manner by the User in a fragmented, widely used, machine-readable format and / or forward it to another data controller.
8.6 The User may object to the processing of his / her Personal Data (i) if the processing of the Personal Data is necessary only for the fulfillment of a legal obligation to the Data Controller or to enforce the legitimate interest of the Data Controller or a third party; (ii) if the purpose of the Data Management is direct business acquisition, public opinion research or scientific research; or, (iii) if the Data Processing is for the performance of a task in the public interest. The Data Controller examines the legality of the User’s protest and, if the protest is substantiated, terminates the Data Management and blocks the processed Personal Data, as well as notifies all those to whom the Personal Data affected by the protest was previously transmitted.
IX. Data Processing
9.1 The Data Controller uses the Data Processors named above in this Prospectus to perform its activities.
9.2 The Data Processors do not make an independent decision, they are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received.
9.3 The Data Controller monitors the work of the Data Processors.
9.4 Data Processors are entitled to use additional data processors only with the consent of the Data Controller.
X. External Service Providers
10.1 In connection with the provision of the Services, the Data Controller uses External Service Providers in many cases, with which the Data Controller cooperates.
With regard to the Personal Data managed in the systems of the External Service Providers, the provisions of the External Service Providers’ own data protection information shall apply. The Data Controller makes every effort to ensure that the External Service Provider handles the Personal Data transmitted to it in accordance with the law and uses them only for the purpose specified by the User or set out below in this Prospectus.
The Data Controller informs the Users about the data transfer to the External Service Providers within the framework of this Prospectus.
10.2 External Service
Providers Facilitating Registration or Access In connection with the provision of the Services, the Data Controller cooperates with External Service Providers that provide applications that facilitate registration and access for Users. Within the framework of this cooperation, certain Personal Data (eg IP address, e-mail, registration name) may be transferred by these External Service Providers to the Data Controller and / or the Data Processor. These External Service Providers collect, process and transmit Personal Data in accordance with their own privacy policies.
External Service Providers working with the Data Controller to facilitate registration or access: Facebook Inc.
10.3 Web Analytics and Ad Server External Service Providers
In connection with the pages of the Services, the Data Manager web analytics and ad server cooperates with External Service Providers.
E External Service Providers can access the User’s IP address, in addition to which in many cases cookies, sometimes a web beacon (a metric that identifies a click on a particular ad) or other click metrics to ensure the personalization or analysis of the Services and the production of statistics.
Cookies placed by these External Service Providers may be deleted from the User’s device at any time, and by selecting the appropriate settings of the browser (s), the use of cookies may generally be refused. A cookie placed by External Service Providers may be identified based on the domain associated with that cookie. There is no way to reject the web beacon, clicktag, and other click meters.
These External Service Providers handle the Personal Data transmitted to them in accordance with their own privacy notices.
Web analytics and ad server working with the Data Controller External Service Providers: Google LLC
10.4 External Service Providers for Custom Messaging
The Data Controller cooperates with an External Service Provider, which allows the User to use certain services provided by the User on other channels used by the same User (eg Facebook, Messenger, Viber, etc.). By using cookies and questionnaires, the External Service Provider by registering the User on the website or interfaces of the External Service Provider, you may collect additional data about the User, which may be suitable for the identification of the User either independently or in combination with other data.
These External Service Providers handle the Personal Data transmitted to them in accordance with their own privacy notices.
Such External Service Provider cooperating with the Data Controller: Facebook Inc.
10.5 External Service Providers providing Payment
The Data Controller enters into contracts with some of its services, which may be used for a fee, or with external Service Providers providing payment in connection with the provision of the webshop service. The External Service Providers providing the payment handle the Personal Data provided to them (eg name, bank card number, bank account number, etc.) in accordance with the provisions of their own data protection information, which is available on the website of the External Service Provider providing the payment.
External service providers cooperating with the Data Controller and providing payment: Paylike.hu
10.6 Other External Service Providers
There are External Service Providers with which none of the Data Controllers has a contractual relationship or does not intentionally cooperate with the given data management, but nevertheless to the Website / Services – either with the User’s participation (eg by linking his individual account to the Service) access and thereby collect data about Users or user activities on the websites of the Services, which may, in some cases, individually or in combination with other data collected by this External Service Provider, be suitable for identifying the User. Such Third Party Providers may include, but are not limited to: Facebook Ireland Inc., Google LLC, Instagram LLC., Pinterest Ltd., Infogram Software Inc., PayPal Holdings Inc., Playbuzz Ltd., Twitter International Company., Viber Media LLC,
These External Service Providers handle the Personal Data transmitted to them in accordance with their own privacy policies.
XI. Possibility of data transfer
11.1 The Data Controller is entitled and obliged to transfer all Personal Data at its disposal and duly stored by it to the competent authorities, which is obliged to transfer Personal Data by law or a final official decision. The Data Controller cannot be held liable for such data transfer and the consequences thereof.
11.2 The Data Controller shall keep a data transfer register in order to check the legality of the data transfer and to ensure that the User is informed.
XII. Amendments to the Data Management Information
12.1 The Data Controller reserves the right to amend this Information at any time by unilateral decision.
12.2 By entering the following, the User accepts the provisions of the Prospectus in force at any time, in addition, it is not necessary to ask for the further consent of each User.
XIII. Enforcement possibilities
13.1 The employees of the Data Controller can also be contacted at [email protected]-mail with any questions or remarks related to data management.
13.2 With the User’s complaint related to Data Management directly to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; e-mail: [email protected]; website : www.naih.hu).
13.3 In case of violation of the User’s rights, he may go to court. The trial falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where he or she resides or stays. Upon request, the Data Controller shall inform the User about the possibility and means of legal remedy.
Budapest, 23/02/2020