Privacy Policy

Privacy Policy

The purpose, scope and amendment of the notice

The operator of the website / online store, Krisztián Tóth e.v. (hereinafter referred to as the Service Provider / Data Controller) informs the Users below about data processing on the website in accordance with Regulation No. 2016/679 of the European Parliament and Council on the General Data Protection Regulation (hereinafter: GDPR) and the domestic legislation on the right to information self-determination and freedom of information 2011 CXII of . in accordance with the Act (hereinafter: Infotv.).

The temporal validity of this data management policy lasts from May 31, 2023 until its withdrawal.

The Service Provider may unilaterally modify this Data Management Information at any time. The data management information is published on the website and comes into effect upon its publication.

Concepts used in the prospectus

Data subject: any natural person identified or – directly or indirectly – identified on the basis of personal data.

User: the person concerned who provided their personal data via the Service Provider’s website.

Personal data: data that can be associated with the data subject – in particular the data subject’s name, address, telephone number, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject – as well as the conclusion about the data subject that can be drawn from the data.

Data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or implements them with the data processor. In our case, the data controller is the Service Provider.

Data management: any operation or set of operations performed on the data provided by the data subject to the Service Provider, in particular collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, blocking, deletion and destruction , as well as preventing further use of the data.

Data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

Purpose, legal basis, scope and duration of data management

  • according to Article 6 (1) point a) of the GDPR, the user’s voluntary consent to data management based on adequate information (hereinafter: Consent);
  • according to Article 6 (1) point b) of the GDPR, data management is necessary for the performance of a contract in which the User as an affected party is one of the parties (hereinafter: Performance of the Contract);
  • according to Article 6(1)(c) of the GDPR, data processing is necessary to fulfill the legal obligation of the data controller (such as the fulfillment of accounting and bookkeeping obligations – hereinafter: Fulfillment of legal obligations);
  • according to point f) of Article 6 (1) of the GDPR, data processing is necessary to enforce the legitimate interests of the data controller or a third party (hereinafter: Legitimate interest);
  • CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act (Elkertv.) 13/A. of the data processing license granted by §, according to which the Users’ natural personal identification data (name, birth name, mother’s birth name, place and time of birth) and address can be processed without the User’s consent to create and define the content of the contract for the provision of services related to the information society, for the purposes of modifying, monitoring its performance, invoicing the resulting fees, and asserting related claims, and without the User’s consent, the User’s natural personal identification data, address, and data on the time, duration and place of the use of the service may be processed, the service related to the information society for the purpose of invoicing fees from the contract for the provision of services (hereinafter: Elkertv.)

The legal basis for data management is defined below separately for each data category and data management purpose with reference to the list above.

  • In the case of data handled on the website in general (registration, profile, order)Affected: user registered on the website
    Data category: name *, e-mail address *, phone number *, (invoicing and shipping) address *
    Data source: from the data subject
    Purpose of data management: creation of a contract, determination of its content, modification, fulfillment; invoicing fees from the contract; user identification; ensuring communication
    Legal basis for data management: fulfillment of a contract, fulfillment of a legal obligation – issuing an invoice
    Duration of data management: for contract fulfillment and invoicing: up to 8 years from the date of cancellation of the registration by the User (reason: invoicing data).

Entering the data marked with * is mandatory, without which the account registration and the use of the system (ordering) are not possible, entering these data is a prerequisite for entering into a contract.

  • In the case of data management related to customer service (for example, website contact form)

    Affected: the user contacting customer service
    Data category: name *, e-mail address *, subject of complaint
    Data source: from the data subject
    Purpose of data management: user identification; communication with the user during complaint handling; contract performance; complaint handling; claim and legal enforcement
    Legal basis for data management: legitimate interest
    Duration of data management: within the general civil law statute of limitations following a complaint, i.e. 5 years from the date of the complaint.

Management of cookies

  • The cookies typical of online stores are the so-called “cookie used for a password-protected session”, “shopping basket cookies” and “security cookies”, the use of which does not require prior consent from the data subjects.
  • The fact of the data management, the scope of the managed data: unique identification number, dates, times.
  • Scope of stakeholders: all stakeholders visiting the website.
  • The purpose of data management is to identify users, create statistics, register the “shopping basket” and track visitors.
  • Duration of data management, deadline for data deletion: session cookie: for identification upon login, PHP session id: deleted when the browser is closed.
  • The person of the possible data controllers entitled to access the data: personal data can be managed by the data controller’s employees, in compliance with the above principles.
  • Description of the rights of data subjects related to data management: the data subject has the option to delete cookies in the menu item of the browser software they use.
  • The legal basis for data management: consent is not required from the data subject if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

Application of Google Analytics

  • This website uses the Google Analytics application, which is a web analysis service of Google Inc. (Google). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
  • The information created by cookies related to the website used by the User is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
    The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
  • Within the scope of Google Analytics, the IP address transmitted by the User’s browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User’s website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link.

Name and data of the Data Controller

Company name: Krisztián Tóth e.v.
Tax number: 66988519-1-40
License number: 41985487
Headquarters: H-8900 Zalaegerszeg, Landorhegyi út 15.C 1/4.
Location: H-1138 Budapest, Párkány u. 16. 8th floor
Representative: Krisztián Tóth

Data processors, data transfer

We use different companies to manage and store the data, and we forward the data necessary for the purposes below to them. The following data processors process the data:

  • Name and address of data processor: Kft. (8900 Zalaegerszeg, Kispest utca 9. 1/4.)
    Purpose of data processing: web hosting service, website development
  • Name and address of data processor: Kft. (1031 Budapest, Záhony utca 7.)Purpose of data processing: invoicing
  • Name and address of data processor: GOOGLE LLC (USA)
    Purpose of data processing: profiling, advertising, analytical and measurement services, display of advertising
  • Name and address of data processor: Facebook, Inc. (USA)
    Purpose of data processing: profiling, advertising, analytical and measurement services, display of advertising

Information about the transfer of data abroad

Google LLC and its member companies, Facebook, Inc., are included in the European Commission’s compliance decision pursuant to Article 45 of the GDPR and Commission Implementation Decision 2016/1260, as well as on the USA – EU Privacy Shield List established based on these, i.e. the transfer of data here it does not qualify as a transfer of data to a third country outside the European Union and does not require a separate permission from the data subjects, and the transfer of data there is permitted under Article 45 of the GDPR. These companies have undertaken to comply with the GDPR.

Data security

  • The data controller plans and executes the data management operations in such a way as to ensure the protection of the privacy of the data subjects.
  • The data controller ensures the security of the data (protection by password, antivirus), takes the technical and organizational measures and establishes the procedural rules that are necessary to enforce the Info tv. and other data and confidentiality rules.
  • The data manager protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and inaccessibility resulting from changes in the technology used.
  • The data manager ensures with a suitable technical solution that the data stored in the registers cannot be directly linked and assigned to the data subject.
  • In order to prevent unauthorized access to personal data, changes and unauthorized disclosure or use of data, the data controller ensures: the creation and operation of the appropriate IT and technical environment; on the controlled selection and supervision of employees participating in the provision of services; on issuing detailed operating, risk management and service procedures
  • Based on the above, the service provider ensures that the data it manages is available to the right holder, its authenticity and authentication are ensured, and its immutability can be verified.
  • The IT system of the Data Manager and its hosting provider protects against computer fraud, espionage, computer viruses, spam, hacks, and other attacks, among other things.

User obligations

Within the framework of the website, any User, when entering his e-mail address and personal data, assumes responsibility for the fact that only he provides – correct – data from the specified e-mail address and initiates an order. In view of this responsibility, all kinds of responsibility related to logins to a specified e-mail address are borne solely by the User who registered the e-mail address. We draw the attention of Users that if they do not provide their own personal data, it is the Users’ obligation to obtain the consent of the person concerned.

The rights of the data subjects and the enforcement of the rights of the data subjects

  • Right of access: the data subject can request information about what kind of data we process, for what purpose, for how long, to whom we transfer it, and where the data we process comes from.
  • Right to rectification: if the data subject’s data changes or we recorded them incorrectly, you can request that your data be corrected, corrected, or clarified.
  • Right to erasure: in the cases defined by law, the data subject may request that we delete the data we manage.
  • The right to restrict data processing: in the cases defined by law, the data subject may request that data processing be restricted.
  • Right to data portability: the data subject may request that we release the type of data specified in the law, or pass it directly to another service provider indicated by him based on such a special request and authorization.
  • Right to withdraw consent: when we process data based on consent, the data subject has the right to withdraw consent at any time, which, however, does not affect the legality of our data processing prior to the withdrawal of consent.
  • Right to complain: if the user has suffered a violation of rights in connection with our data management, he has the right to submit a complaint to the competent supervisory authority.
  • Right to object: If, based on the above, the data is processed with data processing based on legitimate interests, the data subject may separately object to data processing based on these legitimate interests. It is also possible to object to data processing for profiling purposes. If you object, we will no longer process your personal data.

The service provider is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect its customers’ right to self-determination of information. The data subject may request information about the processing of his personal data, and may request the correction or deletion of his personal data, with the exception of data processing mandated by law, and may object to the above-mentioned data processing based on legitimate interests at the e-mail address .

In the case of submitting the above requests, we act in accordance with the provisions of the law and inform the person concerned about the measures we have taken based on the request within one month.

In addition to the above, an action can also be brought before the Zalaegerszeg Court against the Service Provider in the event of a violation of the protection of personal data.

Legal remedies and complaints can be made at the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone: +36-1-391-1400
Fax: +36-1-391-1410

Records of the Data Controller

The data controller keeps a register for the purpose of checking the measures related to the data protection incident and informing the affected parties, which includes the range of personal data concerned, the range and number of people affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the data management other data specified in the prescriptive legislation.

Regarding matters not covered in this Data Management Information, Regulation (EU) 2016/679 of the European Parliament and of the Council, CXII of 2011 on the right to informational self-determination and freedom of information. Act, Act V of 2013 on the Civil Code, as well as other relevant legislation shall govern.