Privacy policy
1. Purpose of Privacy Statement
The handling of personal data is essential for the proper functioning of the website and webshop (hereinafter referred to as the “Website”) available under the almavetlenyi.com domain name. This prospectus (hereinafter referred to as the “Privacy Statement”) contains in detail all information related to the processing of personal data. We encourage you to read this Privacy Notice carefully to be aware of all facts and information regarding the handling of your personal information.
Before starting the data processing we inform you that the data processing is always based on the consent of the data subject. By registering on the Website, using the Website, placing your order and subscribing to our newsletter, you, as the User, expressly consent to the Data Controller's handling of your personal data within the framework of this Privacy Statement, in accordance with applicable Hungarian law and to the extent set forth herein. way and duration.
The website reserves the right to revise and change this data policy. Users will be notified in a timely manner of any changes. If you have any questions regarding our communication, please write to us and our colleague will answer your question shortly. The website treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data. The website describes your data management practices below.
The processing of personal data is carried out in particular in accordance with or on the basis of the following legislation:
- Act CXII of 2011 on the right to information self-determination and freedom of information. (“Infotv.”), Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (Ekertv.), Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity.
- TV., and Regulation (EU) 2016/679 / EU of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR).
Data subjects may contact the data controller with their questions related to Data Management or request further information related to Data Management.
2. Data controller data:
Website and products owner, distributor: Timeless Design Kft.
registered office: 1118 Budapest, Törökugrató utca 4. 2nd floor. 6.
Contact person: Alma Vetlényi
Mobile: +36 70 233 0706
Email address: sales@almavetlenyi.com
tax number: 28812900-2-43
company registration number: 01-09-375155
bank account number: 10102103-56571600-02005001
Chamber membership: Budapest Chamber of Commerce and Industry
3. Concept definitions
Enterprise: a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships and associations engaged in a regular economic activity.
Personal data: any information relating to an identified or identifiable living person ("data subject"). For example: name, number, location data, online identification, or information identifiable by one or more factors relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.
Data subject: Any natural person identified or identifiable, directly or indirectly, on the basis of personal data
Data management: any operation or set of operations performed on personal data or files by automated or manual means: recording, organizing, collecting, storing, transforming or altering, querying, viewing, using, transmitting, disseminating, making available, reconciling or linking, restricting, deletion or destruction.
Data controller: any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; the purposes and means of data processing may be determined by Union or Member State law.
Data Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Data Controller, who may not make decisions on data management issues, may process the data only according to the Data Controller's definitions and may not process data for personal gain.
Data Protection Officer: the Data Controller and the Data Processor must appoint a Data Protection Officer in all cases where:
- data processing is carried out by public authorities or other bodies performing public functions (except for courts acting in their judicial capacity).
- the main activities of the Data Controller or the Data Processor include data management operations which, due to their nature and purposes, require regular and systematic, large-scale monitoring of data subjects.
- the main activities of the Data Controller or the Data Processor include the processing of data relating to specific categories of personal data (eg racial or ethnic origin, political opinion, religious beliefs, etc.) and decisions and criminal offenses to establish criminal liability.
Restriction on data management: marking of stored personal data in order to limit their future processing.
Profiling: any form of automated processing of personal data in which personal data are evaluated for the assessment of certain personal characteristics of a natural person, in particular characteristics related to job performance, economic situation, interests, health, personal preferences, behavior, location, movement or used to predict.
Pseudonymisation: the processing of personal data in such a way that it is no longer possible to determine to which specific natural person the personal data relate without the use of additional information, provided that such additional information is stored separately, technical and organizational measures are taken to ensure that identified or this personal data cannot be linked to identifiable natural persons.
Registry system: a file of personal data, broken down in any way, by centralized, decentralized, functional or geographical terms, which is accessible on the basis of specific criteria.
Recipient: any natural or legal person, public authority, agency or any other body to whom personal data are communicated, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.
Third party: a natural or legal person, public authority, agency or any other body that is not the same as the data subject, the Data Controller, the Data Processor or persons who have been authorized to process personal data under the direct control of the Data Controller or Data Processor.
Consent of the data subject: a voluntary, specific and well-informed and clear statement of the will of the data subject, by which the data subject indicates, by means of a statement or unambiguous expression of consent, his or her consent to the processing of personal data concerning him or her.
Privacy Incident: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal information that is transmitted, stored, or otherwise handled.
4. Management of data of visitors to the almavetlenyi.com website
4.1. Purpose of data management and scope of managed data
Visitors to almavetlenyi.com are not required to provide personal information in order to use the website. When browsing and in connection with the website, it provides data collection services, improves the services available on the website, filters and prevents abuse, measures traffic data, enhances the user experience, and collects data for statistical purposes.
Traffic is measured and statistics are collected using Google Analytics, which transmits website traffic data to Google and, through it, to the website operator. The html code of the website contains links from and to an external server. The third-party server is directly connected to the user's computer. The link providers are able to collect user data (e.g. IP address, browser, operating system data, address of the page visited and time of visit, devices connected to the Internet) due to the direct connection to their server, direct communication with the user's browser. Data controllers can provide detailed information on the management of measurement data. Available at https://policies.google.com/privacy?hl=en_US
4.2. Legal basis for data management
The consent of the data subject or Eker. TV. The legal provisions contained in § 13 (1) - (3).
4.3. Hosting provider information
Unique Communications
Headquarters:
Company registration number:
Technical contact:
4.4. The webshop platform
Name: Shopify International Limited, Intertrust Ireland
Headquarters: Ireland, Dublin 4, D04 XN32 Haddington Road, Victoria Buildings 2nd Floor 1-2
Email address: support@shopify.com
Activity: website operation
For privacy information: https://www.shopify.com/legal/privacy
The Data Processor stores personal data on the basis of a contract concluded with the Data Controller. Not entitled to access personal information.
4.5. Duration of data management:
not limited
4.6. Data security measures
The website operates on secure servers, to which no one other than the employees of Timeless Design Kft. and the company operating the server has access. Access is personal, secure password protected, and reviewed regularly. The work environment is protected by firewalls.
4.7. Other options
The Website almavetlenyi.com may contain links to third party websites that are independent of almavetlenyi.com. When clicked on, the third-party server is directly connected to the computer used by the visitor. In this case, the data processing on the external service provider's website shall be performed by the third party concerned in accordance with its own data management information.
5. Information on the use of cookies
5.1. What is a cookie?
Our website uses cookies to provide certain functions. Cookies are small text files that are stored on your device when you visit our website. These cookies are returned by the device each time you visit our website later. We use the information stored in cookies to identify you and, for example, to make it easier to navigate our website.
Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier - a secret, randomly generated series of numbers - that is stored by your device, thus ensuring your identification. The period of operation of each cookie (cookie) is described in the relevant description of each cookie (cookie).
Cookies are not suitable for running programs or transmitting viruses to your computer. Cookies can only be read by the web servers from which they originate.
We do not share the information stored in cookies with third parties without your express permission.
You can view our website at any time without cookies. Web browsers are often configured to accept cookies. To prevent your web browser from accepting cookies, you can (1) disable the use of cookies when accessing our website via the cookie layer, or (2) disable cookies through your web browser settings. You can use the help functions of your web browser to learn how to disable and / or delete cookies in your web browser. Please note that by disabling / deleting cookies, some features of our website may not work. You can find the cookies required for each function on our website below. In addition, disabling / deleting cookies only affects the settings of the respective web browser. Accordingly, cookies must be disabled / deleted in other web browsers.
5.2. Legal background and legal basis for cookies
The legal basis for data processing under Article 6 (1) (a) of the Regulation is your consent.
5.3. The main features of the cookies used by the website
Google Analytics cookies
Google Analytics is Google’s analytics tool that helps website and application owners get a more accurate picture of their visitors ’activities. The Service may use cookies to collect information and report statistics about website usage without personally identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reporting from site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to show more relevant ads on Google products (such as Google Search) and across the web.
Remarketing cookies
For past visitors or users to appear when browsing other sites on the Google Display Network or searching for terms related to their products or services
Cookies are strictly necessary for operation
These cookies are essential for the use of the website and allow you to use the basic functions of the website. Without these, many features of the site will not be available to you. The lifespan of these types of cookies is limited to the duration of the session only.
Cookies to improve the user experience
These cookies collect information about the user's use of the website, such as which pages you visit most often or what error message you receive from the website. These cookies do not collect information that identifies the visitor, ie they work with completely general, anonymous information. The data obtained from these is used to improve the performance of the website. The lifespan of these types of cookies is limited to the duration of the session only.
Facebook pixel (Facebook cookie)
A Facebook pixel is a code that is used to report conversions on a website, compile target audiences, and give the page owner detailed analytics data about visitors ’use of the website. With the help of the Facebook pixel, you can display personalized offers and advertisements to the visitors of the website on the Facebook interface. You can read Facebook's privacy policy here: https://www.facebook.com/privacy/explanation
6. Other data controllers:
Name: DotRoll Kft.
E-mail: support@dotroll.com
Phone number: +36-1-432-3232
Website: https://dotroll.com
Headquarters: 1148 Budapest, Fogarasi út 3-5., Hungary
The data controller's privacy statement: https://dotroll.com/hu/adatkezelesi-szabalyzat/
Processing activity: Web hosting service
Brief description of the activity: The web hosting provider provides the fenced disk space created on its own server, on which the Service Provider's website has been uploaded.
Name: Google LLCCentral contact: https://www.google.com/contact/
Phone number: (650) 253-0000
Website: https://www.google.com/intl/en/about/
Headquarters: 1600 Amphitheater Parkway
Mountain View, CA 94043 USA
The privacy statement of the data controller is available at https://policies.google.com/privacy?hl=en
Processing activities: Mail server hosting service, Google Analytics operation, cloud storage serviceBrief description of the activity: The Service Provider's electronic mail is stored on external storage provided by Google and is operated by programs running there. Google performs web analytics measurements on the Service Provider's website. The Service Provider stores certain data in Google's cloud storage (Google Drive)
Data processing activities related to newsletters
Name: MailerLite
Central email address is info@mailerlite.com
Website: https://www.mailerlite.com/
Head office: Paupio st. 46, LT-11341 Vilnius, Lithuania
Contact the data protection statement of the data processor: https://www.mailerlite.com/legal/privacy-policy
Processing activity: Newsletter sending service
Name: Facebook Ireland Limited
Headquarters: 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland
Activity: Social media advertising
Privacy Policy: https://www.facebook.com/privacy/explanation
Accounting data processing
Name:
Invoicing data processing
Name: Számlázz.hu - KBOSS.hu Kft.
Central e-mail address: info@szamlazz.hu
Phone number: + 36-30-35-44-789
Website: https://www.szamlazz.hu/szamla/main
Headquarters: 1031 Budapest, Záhony utca 7 / C.
Availability of the data processing statement of the data processor: https://www.szamlazz.hu/adatvedelem/
Processing activity: Online invoicing
Brief description of the activity: The Data Processor participates in the register of accounting documents on the basis of the contract concluded with the Data Controller. In doing so, the Data Processor shall provide the name and address of the data subject to the extent necessary for the accounting records, in accordance with the provisions of the Act. It shall be managed for a period of time in accordance with Section 169 (2), after which it shall be canceled.
Data processing related to online payment
Name of the data processor: Stripe
The data processor is located at 510 Townsend Street in San Francisco, CA 94103 United States
Phone number of the data processor: 1-888-963-8955
The e-mail address of the data processor is info@stripe.com
Privacy Policy: https://stripe.com/en-hu/privacy
The Data Processor participates in the execution of the online payment on the basis of the contract concluded with the Data Controller. In doing so, the Data Processor manages the billing name and address of the data subject, the order number and the date within the civil law limitation period.
Courier broker
Company name: yolo Kft.
Headquarters: 082 Budapest, Baross utca 86.
Company registration number: 01 09 875470
Tax number: 13829917-2-42
Telephone number: (+36 20 249 3034)
Email: hello@coparcel.hu
Website: https://coparcel.hu/
Data management information: https://coparcel.hu/adatvedelmi-nyilatkozat/
Courier services
GLS General Logistics Systems Hungary Package-Logistics Ltd.
2351 Alsónémedi, GLS Európa u. 2.
Tax number: 12369410-2-44
Company registration number: 13-09-111755
E-mail: info@gls-hungary.com
Website: https://gls-group.eu/HU/hu/home
https://posta.hu/adatkezelesi_tajekoztato
Data processing activities related to the delivery of goods: The Data Processor participates in the delivery of the ordered goods on the basis of a contract concluded with the Data Controller. In doing so, the Data Processor may manage the name, address and telephone number of the customer until the end of the calendar year following the dispatch of the postal item, after which it shall be deleted immediately.
7. Data processed for contracting and performance purposes
Several data management cases may be implemented for the conclusion and performance of the contract. We would like to inform you that data processing related to complaint handling and warranty administration will only take place if you exercise one of these rights.
If you do not make a purchase through the webshop, you are only a visitor to the webshop, then what is written in the data management for marketing purposes may apply to you, if you give us consent for marketing purposes.
8. Data processing for the conclusion and performance of contracts in more detail:
8.1. Contact
For example, if you contact us by e-mail, contact form or telephone with a question about a product. Pre-contact is not mandatory, you can order it from the webshop at any time, omitting it.
Data managed:
The information you provided during the contact.
Duration of data management:
Data will only be processed until the contact is completed.
Legal basis for data management:
Your voluntary consent, which you provide to the Data Controller by contacting us. [Data processing pursuant to Article 6 (1) (a) of the Regulation]
8.2. Registration on the website
By storing the data provided during registration, the Data Controller can provide a more convenient service (eg the data of the data subject does not have to be entered again when purchasing again). Registration is not a condition for concluding a contract.
Data managed:
During data management, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product and the date of purchase.
Duration of data management:
Until the withdrawal of your consent.
Legal basis for data management:
Your voluntary consent to the Data Controller upon registration [Data processing under Article 6 (1) (a) of the Regulation]
8.3. Order processing
During the processing of orders, data management activities are required in order to fulfill the contract
Data managed:
During data management, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product, the order number and the date of purchase.
If you have placed an order in the webshop, data management and the provision of data is essential for the fulfillment of the contract.
Duration of data processing: The data will be processed for 5 years according to the civil law limitation period.
Legal basis for data management:
Performance of the contract. [Data processing pursuant to Article 6 (1) (b) of the Regulation]
8.4 Issuance of the invoice
The data management process takes place in order to issue an invoice in accordance with the law and to fulfill the obligation to keep accounting documents. The Stv. Pursuant to Section 169 (1) - (2), companies must keep the accounting document directly and indirectly supporting the accounting.
Data managed:
Name, address, e-mail address, telephone number.
Duration of data management:
The issued invoices are issued in accordance with the Act. Pursuant to Section 169 (2), it must be retained for 8 years from the date of issue of the invoice.
Legal basis for data management:
Act CXXVII of 2007 on Value Added Tax. Pursuant to Section 159 (1), the issue of an invoice is mandatory and must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [Data Management pursuant to Article 6 (1) (c) of the Decree].
8.5. Data management related to the transport of goods
The data management process takes place in order to deliver the ordered product.
Data managed:
Name, address, e-mail address, telephone number.
Duration of data management:
The Data Controller manages the data for the duration of the delivery of the ordered goods.
Legal basis for data management:
Performance of contract [Data processing pursuant to Article 6 (1) (b) of the Regulation].
8.6. Dealing with consumer complaints
The data management process is in place to handle consumer complaints. If you have made a complaint to us, data management and the provision of data is essential.
Data managed:
Customer's name, telephone number, email address, content of the complaint.
Duration of data management:
Warranty claims are retained for 5 years under the Consumer Protection Act.
Legal basis for data management:
Whether you have a complaint about your voluntary decision, however, if you do contact us, is covered by the 1997 CLV on Consumer Protection. Act 17 / A. § (7), we are obliged to keep the complaint for 5 years [data processing according to Article 6 (1) c) of the Decree].
8.7. Data processed in relation to the verifiability of consent
During registration, ordering and subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.
Data managed:
Date of consent and IP address of the person concerned.
Duration of data management:
Due to legal requirements, the consent must be able to be verified later, therefore the duration of the data storage will be stored for the limitation period after the termination of the data processing.
Legal basis for data management:
Article 7 (1) of the Regulation provides for this obligation. [Data processing pursuant to Article 6 (1) (c) of the Regulation]
9. Data management for marketing purposes
9.1. Data management related to newsletter sending
Data managed:
Name, address, e-mail address, telephone number.
Duration of data management:
Until the withdrawal of the data subject's consent.
Legal basis for data management:
Your voluntary consent to the Data Controller by subscribing to the newsletter [Data processing under Article 6 (1) (a) of the Regulation]
9.2. Data management related to the sending and display of personalized advertisements
Data managed:
Name, address, e-mail address, telephone number.
Duration of data management:
Until the withdrawal of your consent.
Legal basis for data management:
Your voluntary, specific consent to be provided to the Data Controller during the collection of the data [Data processing pursuant to Article 6 (1) (a) of the Regulation]
9.3. Remarketing
Data management as a remarketing activity is implemented with the help of cookies.
Data managed:
Data handled by cookies specified in the cookie information.
Duration of data management:
The data storage period of the given cookie, more information is available here:
Google General Cookie Information: https://www.google.com/policies/technologies/types/
Google Analytics Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en
Facebook info: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Legal basis for data management:
Your voluntary consent to the Data Controller using the website [Data processing pursuant to Article 6 (1) (a) of the Regulation].
Additional data management
If the Data Controller wishes to perform further data management, it shall provide preliminary information on the essential circumstances of the data management (legal background and legal basis of data management, purpose of data management, scope of data processed, duration of data management).
We would like to inform you that the Data Controller must comply with the written data requests of the authorities based on legal authorization. The Data Controller shall inform Infotv. In accordance with Section 15, Paragraphs (2) - (3), it keeps records (to which authority, what personal data, on what legal basis, when was transmitted by the Data Controller), the content of which the Data Controller provides on request, unless its disclosure is excluded by law.
10. Your rights during data management
Within the period of data processing, you have the following rights in accordance with the provisions of the Decree:
the right to withdraw consent
access to personal data and data management information
right of rectification
restrictions on data management,
right of cancellation
the right to protest
the right to portability.
If you wish to exercise your rights, this will involve your identification and the Data Controller must communicate with you. Therefore, you will be required to provide personal information for identification purposes (but identification may only be based on data that the Data Controller handles about you anyway) and your data management complaints will be available in the Data Controller's email account within the timeframe specified in this information. If you have been our customer and would like to identify yourself for complaint or warranty purposes, please also provide your order ID for identification. Using this, we can also identify you as a customer.
Complaints related to data management will be answered by the Data Controller within 30 days at the latest.
Right to withdraw consent
You have the right to withdraw your consent to data management at any time, in which case the data provided will be deleted from our systems. However, please note that in case of an unfulfilled order, the cancellation may result in us not being able to deliver to you. In addition, if the purchase has already been made, we will not be able to delete your billing information from our systems in accordance with the accounting rules, and if you owe us, we may process your information in the event of withdrawal of consent based on a legitimate interest in recovering the claim.
Access to personal data
You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if data is being processed, you have the right to:
have access to the personal data processed and
inform the Data Controller of the following information:
the purposes of data management;
categories of personal data processed about you;
information on the recipients or categories of recipients with whom or with whom the Personal Data has been or will be communicated by the Data Controller;
the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
your right to request the Data Controller to rectify, delete or restrict the processing of personal data concerning you and to object to the processing of such personal data in the event of data processing based on a legitimate interest;
the right to lodge a complaint with the supervisory authority;
if the data was not collected from you, all available information about their source;
the fact of automated decision-making (if such a procedure has been used), including profiling, and, at least in these cases, understandable information about the logic used and the significance of such data processing and the expected consequences for you.
The purpose of exercising the right may be to establish and verify the lawfulness of the data processing, therefore in case of multiple requests for information, the Data Controller may charge a fair fee for the provision of the information.
Access to personal data is ensured by the Data Controller by sending you the processed personal data and information by e-mail after your identification. If you have a registration, we will provide access so that you can view and verify the personal information we manage about you by logging into your user account.
Please indicate in your request whether you are requesting access to personal data or requesting data management information.
Right to rectification
You have the right, at the request of the Data Controller, to correct inaccurate personal data concerning you without delay.
Right to restrict data management
You have the right, at the request of the Data Controller, to restrict data processing if any of the following is met:
You dispute the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to check the accuracy of the personal data, if the exact data can be established immediately, the restriction will not take place;
the data processing is illegal, but you object to the deletion of the data for any reason (for example, because the data is important to you in order to enforce a legal claim), so you do not request the deletion of the data, but instead request a restriction on its use;
the Data Controller no longer needs personal data for the purpose of the specified data processing, but you request it before legal claims.
11. Remedies
If, in your opinion, the Data Controller has violated any legal provision on data processing or has not complied with any of its requests, the National Data Protection and Freedom of Information Authority may initiate an investigation procedure to terminate the alleged unlawful data processing (mailing address: 1530 Budapest, Pf .: 5., e- mail: ugyfelszolgalat@naih.hu).
We also inform you that in case of violation of the legal provisions on data processing, or if the Data Controller has not complied with any of its requests, it may file a civil lawsuit against the Data Controller in court.
Modification of data management information
The Data Controller reserves the right to amend this data management information in a manner that does not affect the purpose and legal basis of the data management. By using the website after the change takes effect, you accept the amended data management information.
If the Data Controller wishes to perform further data processing in connection with the collected data for a purpose other than the purpose of their collection, it shall inform you about the purpose of the data processing and the following information prior to the further data processing:
- the duration of the storage of personal data or, if that is not possible, the criteria for determining the duration;
- the right to request the Data Controller to access, rectify, delete or restrict the processing of personal data concerning you and to object to the processing of personal data in the case of data processing based on a legitimate interest and to request data portability in the case of data processing based on consent or contractual relationship the right to justice;
- in the case of data processing based on consent, that you may withdraw your consent at any time,
- the right to lodge a complaint with the supervisory authority;
- whether the provision of personal data is based on a law or a contractual obligation or a precondition for concluding a contract, and whether you are obliged to provide personal data, and what the possible consequences of non-disclosure may be;
- the fact of automated decision-making (if such a procedure has been used), including profiling, and, at least in these cases, understandable information about the logic used and the significance of such data processing and the expected consequences for you.
The data processing can only start after consent, in addition to the information, you must also consent to the data processing.