Data controller

Description of data processing during the operation of the online store

This document contains all the necessary information for data management regarding the operation of the online store in accordance with the General Data Protection Regulation of the European Union No. 2016/679 (hereinafter referred to as the Regulation, GDPR) and Act CXII of 2011 on informational self-determination and freedom of information (hereinafter referred to as Infotv.).

Information on the use of cookies

What is a cookie?
The data controller uses so-called cookies when visiting the website. A cookie is an information package consisting of letters and numbers that our website sends to your browser in order to store certain settings, facilitate the use of our website, and contribute to collecting appropriate statistical information about our visitors.
Legal basis and legal grounds for cookies:
The legal basis for data processing is your consent in the case of cookies for statistical and marketing purposes, based on Article 6 (1) letter a) of the Regulation, as well as Article 6 of the Regulation (According to letter f) of paragraph 1, the legitimate interest necessary to ensure the operation of the website, in the case of cookies necessary for operation.

Data processed for the conclusion and execution of a contract.

If you do not make a purchase through the online store and are only a visitor to the online store, then the provisions for data processing for marketing purposes may apply to you if you give us consent for marketing purposes.

For example, if you contact us with a question about a product via email, contact form, or phone. Prior contact is not mandatory; you can skip this and order from the online store at any time.

Managed Data
Data provided by you during contact.
Duration of data processing
We process the data only until the contact is completed.

Legal basis for data processing
Your voluntary consent, which you give to the Administrator by contacting us. [Data processing according to Article 6, paragraph 1, letter a) of the Regulation]

Register on the website.

During the processing of orders, data management activities are necessary for the execution of the contract.

Managed Data
During data management, the Administrator manages your name, address, phone number, email address, characteristics of the purchased product, order number, and purchase date.

Data management related to the delivery of goods.

Warranties and warranty claims are covered by 19/2014 (IV. 29.). We must act according to the rules of the NGM decree, which also defines how we should handle your claim.

Managed Data
Based on the decree, we are obliged to register the warranty or guarantee claim that we are notified of, in which we record:

  • your name, address, and a declaration that you consent to the processing of your data,
  • recorded in the protocol,
  • in accordance with the provisions,
  • the date of contract execution,
  • the description of the defect,
  • the method of resolving the warranty or guarantee claim or the reason for rejecting the complaint or the right to assert based on it,
  • your name and address data,
  • data necessary to identify the item,
  • the date of receipt of the item and the date on which you can receive the repaired item.

The data management process is carried out for the purpose of processing consumer protection complaints. If you have contacted us with a complaint, data management and providing data are essential.

Managed Data
Buyer’s name, phone number, email address, content of the complaint.
Duration of data management
Warranty claims are kept for 5 years based on the Consumer Protection Act.
Legal basis for data management
Whether you submit a complaint to us is your voluntary decision, but if you do, under Act CLV of 1997 on Consumer Protection, Section 17/A. § (7), we are obliged to keep the complaint for 3 years [data management according to Article 6 (1) letter c) of the Regulation].

Data management related to the sending of newsletters.

The data management process is carried out to send promotional content that matches the interests of the individual.

Managed Data
Name, address, email address, phone number.
Duration of data management
Until you withdraw your consent.
Legal basis for data management
Your voluntary, separate consent, which you give to the Administrator during data collection [Data processing according to Article 6 (1) letter a) of the Regulation].

Remarketing

Your rights during data management.

During the data management period, you have the following rights under the provisions of the Regulation:

  • Right to withdraw consent
  • Access to personal data and information about data management
  • Right to rectification
  • Restriction of data management
  • Right to erasure
  • Right to object
  • Right to data portability.

If you wish to exercise your rights, this includes your identification, and the Administrator must communicate with you. Therefore, for identification purposes, you will need to provide personal data (but identification can be based only on data that the data administrator manages for you anyway), and your complaints regarding data management will be accessible in the Administrator's email account within the period specified in this information about complaints. If you are our customer and want to identify yourself to process complaints or warranty claims, please provide your order ID for identification. Using this, we can also identify you as a customer.

Complaints related to data management will be answered by the data administrator no later than 30 days.

Right to withdraw consent.

You have the right to withdraw your consent for data management at any time, in which case we will delete the provided data from our systems. However, please note that if you have an order that has not yet been fulfilled, canceling may result in our inability to deliver to you. Additionally, if the purchase has already been made, based on accounting regulations, we cannot delete data related to invoicing from our systems. If you owe us a debt, we may process your data even if you withdraw your consent based on a legitimate interest in collecting the receivable.

Access to personal data.

You have the right to receive feedback from the data administrator regarding whether your personal data is being processed and, if so, you have the right to:

  • Access the personal data being managed and
  • Inform the data administrator of the following information:
    • Purposes of data management;
    • Categories of personal data being processed about you;
    • Information about the recipients or categories of recipients to whom the data administrator has disclosed or will disclose your personal data;
    • The planned period for storing your personal data or, if that is not possible, the criteria for determining that period;
    • Your right to request the administrator to correct, delete, or restrict the processing of your personal data and, in the case of data processing based on legitimate interests, to object to the processing of those personal data;
    • The right to lodge a complaint with a supervisory authority;
    • If the data was not collected from you, all available information about its source;
    • The fact of automated decision-making (if such a procedure is used), including profiling, and, at least in those cases, understandable information about the logic used, the significance of such data management, and the expected consequences for you.

The purpose of exercising this right may be aimed at establishing and verifying the lawfulness of data management; therefore, in the case of multiple requests for information, the administrator may impose a reasonable fee in exchange for providing the information.

Access to personal data is provided by the data manager, who will send you the processed personal data and information via email after your identification. If you are registered, we provide access so you can review and verify the personal data processed about you by logging into your user account.

Please specify in your request that you want access to personal data or information related to data management.

Right to rectification.

You have the right to have inaccurate personal data corrected by the administrator immediately upon your request.

Right to restriction of data processing.

You have the right to request the administrator to restrict data processing upon your request if one of the following is true:

  • You contest the accuracy of the personal data, in which case the restriction applies for a period that allows the data administrator to verify the accuracy of the personal data. If the accurate data can be determined immediately, the restriction will not apply.

  • The processing of the data is unlawful, but you object to the deletion of the data for any reason (e.g., because the data is important for you to assert a legal claim); therefore, you do not request the deletion of the data, but instead request that its use be restricted.

  • The data administrator no longer needs the personal data for the purposes of the stated data management, but you require it for the assertion, fulfillment, or defense of legal claims.

  • You have objected to the processing of data, but the legitimate interests of the data administrator may also serve as a basis for processing the data. In this case, while it is not determined whether the legitimate reasons of the data administrator take precedence over your legitimate grounds, the data processing must be restricted.

If data management is subject to restrictions, such personal data, except for storage, will only be processed with the consent of the data subject or for the presentation, application, or defense of legal claims, or for the protection of the rights of another natural or legal person, or may be considered in the public interest of the Union or a member state.

The data manager will inform you in advance (at least 3 working days before lifting the restriction on data management) about the removal of the restriction on data management.

Right to erasure - the right to be forgotten.

You have the right to request the data manager to erase your personal data without undue delay if one of the following reasons applies:

  • The personal data is no longer necessary for the purpose for which it was collected or processed in another manner by the data administrator.
  • You withdraw your consent and there is no other legal basis for data processing.
  • You object to the processing of data based on legitimate interest, and there is no overriding legitimate reason (i.e., legitimate interest) for processing the data.
  • The personal data has been unlawfully processed by the administrator, and this has been established based on a complaint.
  • The personal data must be erased to comply with a legal obligation imposed by EU or member state legislation applicable to the data administrator.

If the administrator has made personal data publicly available due to a legal reason and is required to erase it for any of the aforementioned reasons, they are obliged to take reasonable steps, considering the available technology and the costs of implementation — including technical measures — to inform other data administrators processing the data that you have requested the deletion of links to the relevant personal data or a copy or duplicate of that personal data.

The right to erasure does not apply if data management is necessary:

  • For the exercise of the right to freedom of expression and information;
  • To comply with a legal obligation under EU or member state law applicable to the data administrator that requires the processing of personal data (in this case, data processing in the context of billing, as retaining an invoice is required by law), or to perform a task carried out in the public interest or in the context of exercising public authority entrusted to the data administrator;
  • For the presentation, assertion, and defense of legal claims (e.g., if the data administrator has a claim against you that has not yet been fulfilled or if a consumer complaint is being processed).

Right to object.

You have the right to object to the processing of your personal data based on legitimate interests at any time for reasons related to your own situation. In this case, the data administrator may no longer process the personal data unless they demonstrate that the processing is justified by compelling legitimate reasons that override your interests, rights, and freedoms, or is related to the submission, fulfillment, or defense of legal claims.

If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for that purpose, including profiling related to direct marketing. If you object to the processing of personal data for the purposes of direct marketing, then the personal data may no longer be processed for that purpose.

Right to data portability.

If data processing is carried out in an automated manner or is based on your voluntary consent, you have the right to request from the Data Administrator the data you have provided to the Data Administrator. You will receive this data in a format such as XML, JSON, or CSV, if technically feasible. You can also request that the Data Administrator transfer the data in this format to another data administrator.

This right does not apply when processing is necessary:

  • For the exercise of the right to freedom of expression and information;
  • To fulfill a legal obligation under EU law or the law of a member state applicable to the data administrator, which requires the processing of personal data (for example, data processing in the context of invoicing, as the retention of invoices is required by law), or the performance of a task carried out in the public interest or in the exercise of public authority vested in the data administrator;
  • For the establishment, exercise, or defense of legal claims (e.g., if the Data Administrator has a claim against you that has not yet been fulfilled or is being investigated).

Right to Data Portability

If the data management is carried out automatically or if the data management is based on your voluntary consent, you have the right to request from the Administrator the data you have provided to the Data Administrator. You will receive what the Data Administrator provides you in XML, JSON, or CSV format, if technically feasible. You can also request the Data Administrator to transfer the data in this format to another data administrator.

Automated Decision-Making

You have the right not to be subject to a decision based solely on automated data processing (including profiling) that would have legal consequences for you or similarly significantly affect you. In these cases, the data controller is obliged to take appropriate measures to protect the rights, freedoms, and legitimate interests of the data subject, including at least the right of the data subject to request human intervention from the controller, to express their point of view, and to contest the decision.

The above does not apply if the decision is:

  • Necessary for the conclusion or performance of a contract between you and the data controller;
  • Authorized by the legislation of the EU or the member state applicable to the data controller, which also establishes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests; or
  • Based on your explicit consent.

Entry in the data protection register.

According to its provisions, the data controller was required to register certain data processing operations in the data protection register. This reporting obligation was terminated on May 25, 2018.

"Data security measures"

The data controller declares that appropriate security measures have been taken to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as from accidental loss and damage, and against becoming inaccessible due to changes in the technology used.

The data controller will do everything within its organizational and technical capabilities to ensure that its data processors also take appropriate data security measures when handling your personal data.