Briefly
- SzWe collect and process personal data only in accordance with the law.
- DM mail will only be sent with your specific consent. We can send a system message without this.
- We store your data as securely as possible.
- We only disclose personal data to third parties with your consent.
Anyone can obtain information about the data we hold about them, and can also request the deletion of their data at any time by contacting us.
Introduction
TEXTIL-HOLDING Kereskedelmi Korlátolt Felelősségű Társaság (5540 Szarvas, Betű utca 2/1., company registration number: 04-09-013369, tax number: 25278703-2-04) (hereinafter referred to as the “Service Provider”, “Data Controller”) is subject to the following information.
The 2011 Act on the right to information self-determination and freedom of information. CXII. Act No 20. § (1) states that the data subject (in this case, the webshop user, hereinafter referred to as the “user”) must be informed before the processing begins whether the processing is based on consent or whether it is mandatory.
The data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, and the duration of the processing , before the processing starts.
The person concerned must be informed about the Info tv. 6. § (1) that personal data may also be processed if obtaining the data subject’s consent would be impossible or would involve disproportionate costs and the processing of the personal data would.
- necessary for compliance with a legal obligation to which the controller is subject; or
- is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.
The information should also cover the rights and remedies of the data subject in relation to the processing.
Where it would be impossible or disproportionate to provide personal information to data subjects (such as in the present case in an online shop), the information may be provided by disclosing the following information:
- a) the fact of data collection,
- b) the persons concerned,
- (c) the purpose of the data collection,
- (d) the duration of the processing,
- (e) the identity of the potential controllers who have access to the data,
- (f) a description of the data subjects’ rights and remedies with regard to data processing; and
- (g) where the processing is subject to registration, the registration number of the processing.
This privacy statement governs the processing of data on the following website: https://toltoanyag.hu and is based on the content of the above. It is available at: https://toltoanyag.hu/adatvedelmi-iranyelvek
Amendments to the Prospectus will enter into force upon publication at the above address.
Definitions (§ 3)
- Data Subject/User: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data;
- personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and the conclusions which can be drawn from the data concerning the data subject;
- controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf;
- data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data or any prevention of their further use, taking of photographs, sound recordings or images and any physical features which permit identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans);
- data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
- data processor: a natural or legal person or unincorporated body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision;
- personal data breach: unlawful processing or handling of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage.
Data processing related to the operation of the webshop
- The 2011 Act on the right to information self-determination and freedom of information. CXII. (1) of the Act on Freedom of Information and Access to Personal Data, the following shall be defined in the scope of data processing related to the operation/operation of the webshop:
- a) the fact of data collection,
- b) the persons concerned,
- (c) the purpose of the data collection,
- (d) the duration of the processing,
- (e) the identity of the potential controllers who have access to the data,
- (f) a description of the rights of data subjects with regard to data processing.
- The fact of collection, the scope of the data processed and the purpose of the processing:
Personal data | Purpose of data processing |
Password | It is used for secure access to the user account. |
Surname, first name, company name | It is required for contacting, making a purchase and issuing a correct invoice. |
E-mail address | Staying in touch. |
Phone number | Maintaining contacts, coordinating more efficiently on billing or delivery issues. |
Billing name and address | To issue proper invoices, and to create, define, amend, monitor the performance of, invoice the fees arising from, and enforce the claims related to the contract. |
Delivery name and address | Enabling home delivery. |
Date of purchase/registration | Perform a technical operation. |
IP address at the time of purchase/registration | Perform a technical operation. |
The e-mail address does not need to contain any personal data.
- Data subjects: all data subjects registered/customers of the webshop website.
- Duration of data processing, deadline for deletion of data: immediately upon cancellation of registration. Except in the case of accounting records, since the Accounting Act 2000. C. of 2000 Act No. 169. § (2) of the Accounting Law 169 C.A., these data must be kept for 8 years.
The accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.
- Potential controllers of the data: the personal data may be processed by the sales and marketing staff of the controller, in compliance with the above principles.
- Description of data subjects’ rights in relation to data processing: data subjects may request the erasure or modification of their personal data in the following ways:
- by post to 5540 Szarvas, Betű utca 2/1. at the address,
- by e-mail at info@toltoanyag,
- by phone at 06302012891.
- The data of the data processor (hosting provider) used for the processing:
DiMa.hu Kft.
Office address: 4026 Debrecen, Honvéd u. 1/A 1/1.
Tax number: 14079665-2-09
Company registration number: 09-09-014017
Telephone: 06-52-322-121
Fax: 06-52-500-312
E-mail: info@dima.hu
- Registration number of data processing: ongoing…
- Legal basis for data processing: the User’s consent, the Infotv. 5. § Paragraph (1) of Article 5.2 of the Privacy Policy, and the provisions of the Act of 2001 on certain issues of electronic commerce services and information society services. CVIII. 13/A. § 13(3) of the Act on the Electronic Commerce Act (hereinafter referred to as the “Elker Act”):
The service provider may process personal data that are technically necessary for the provision of the service. The provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but only to the extent and for the duration necessary.
Cookie management (cookies)
- The 2011 Act on the right to information self-determination and freedom of information. CXII. (1) of the Act on Freedom of Information and Access to Personal Data of the European Union, the following shall be specified in the cookie management of the webshop website:
- a) the fact of data collection,
- b) the persons concerned,
- (c) the purpose of the data collection,
- (d) the duration of the processing,
- (e) the identity of the potential controllers who have access to the data,
- (f) a description of the rights of data subjects with regard to data processing.
- Typical cookies for web shops are so-called “password-protected session cookies”, “shopping cart cookies” and “security cookies”, which do not require prior consent from the data subject.
- Fact of processing, scope of data processed: unique identifier, dates, times
- Data subjects: all data subjects visiting the website.
- Purpose of data processing: to identify users, to register the “shopping cart” and to track visitors.
- Duration of data processing, time limit for deletion of data: the duration of data processing for session cookies is until the end of the visit to the websites.
- Identity of the potential data controllers who may access the data: no personal data is processed by the data controller through the use of cookies.
- Description of data subjects’ rights in relation to data processing: data subjects have the possibility to delete cookies in the Tools/Preferences menu of their browsers, usually under the Privacy settings.
- Legal basis for processing: no consent is required from the data subject where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the service provider strictly needs the cookies to provide an information society service explicitly requested by the subscriber or user.
Use Google Adwords conversion tracking
- The data controller uses the online advertising program “Google AdWords” and makes use of Google’s conversion tracking service within its framework. Google Conversion Tracking is an analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
- When you visit a website through a Google ad, a cookie is placed on your computer for conversion tracking. These cookies have a limited validity and do not contain any personal data, so they do not identify the User.
- When the User browses certain pages of the website and the cookie has not expired, Google and the data controller may see that the User has clicked on the advertisement.
- Each Google AdWords client receives a different cookie, so they cannot be tracked through AdWords clients’ websites.
- The information, which is obtained through the use of conversion tracking cookies, is used to provide conversion statistics to AdWords customers who choose to track conversions. Clients are then informed about the number of users who click on their ad and are referred to a page with a conversion tracking tag. However, they do not have access to information that would allow them to identify any user.
- If you do not wish to participate in conversion tracking, you can opt-out by disabling the option to set cookies in your browser. You will then not be included in the conversion tracking statistics.
- More information and Google’s privacy statement can be found at: google.de/policies/privacy/
Using Google Analytics
- This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site you have visited.
- The information generated by the cookies on the website used by the User is usually transferred to a Google server in the USA and stored there. By activating the IP anonymisation on the website, Google will previously shorten the IP address of the User within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.
- The full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.
- The IP address transmitted by the User’s browser within the framework of Google Analytics will not be merged with other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting and processing information about your use of the website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=hu
Newsletter, DM activity
- The 2008 Act on the Basic Conditions and Certain Restrictions on Commercial Advertising. XLVIII. Act XL. §-The User may expressly consent in advance to being contacted by the Service Provider with advertising offers and other mailings at the contact details provided upon registration.
- In addition, the Customer may, subject to the provisions of this notice, consent to the processing of personal data by the Service Provider necessary for the sending of advertising offers.
- The Service Provider will not send unsolicited commercial messages and the User may unsubscribe from receiving offers without any restriction and without giving any reason, free of charge. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The User may unsubscribe from advertising by clicking on the link in the message.
- The 2011 Act on the right to information self-determination and freedom of information. CXII. (1) of the Act on Freedom of Information and Access to Information of the European Union, the following shall be specified in the data management of the newsletter:
- a) the fact of data collection,
- b) the persons concerned,
- (c) the purpose of the data collection,
- (d) the duration of the processing,
- (e) the identity of the potential controllers who have access to the data,
- (f) a description of the rights of data subjects with regard to data processing.
- The fact of processing, the data processed: name, e-mail address, date, time.
- Data subjects: all data subjects who subscribe to the newsletter.
- Purpose of the processing: sending electronic messages containing advertising to the data subject, providing information on current information, products, promotions, new features, etc.
- Duration of data processing, deadline for deletion of data: data processing lasts until the consent is withdrawn, i.e. until unsubscription.
- Potential data controllers who may have access to the data: personal data may be processed by the controller’s staff, in compliance with the principles set out above.
- Description of the data subjects’ rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge.
- Legal basis for data processing: the data subject’s voluntary consent, the Infotv. Article 5 (1) of the Act on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities of 2008. XLVIII. . Article 6(5) of the Act on the General Conditions and Restrictions on the Use of Personal Data:
The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope specified in the consent. The data recorded in this register, relating to the recipient of the advertising, may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
Community sites
- The 2011 Act on the right to information self-determination and freedom of information. CXII. Act No 20. § (1), the following shall be determined in the processing of data on social networking sites:
- a) the fact of data collection,
- b) the persons concerned,
- (c) the purpose of the data collection,
- (d) the duration of the processing,
- (e) the identity of the potential controllers who have access to the data,
- (f) a description of the rights of data subjects with regard to data processing.
- Fact of data collection, scope of data processed: Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. közösségi oldalakon regisztrált neve, illetve a felhasználó nyilvános profilképe.
- Data subjects: all data subjects who are registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. Social networking sites and have “liked” the website.
- Purpose of the data collection: to share or “like” certain content, products, promotions or the website itself on social networking sites.
- Duration of data processing, time limit for deletion of data, the identity of the possible controllers entitled to access the data and the rights of the data subjects in relation to data processing: the data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer on the relevant Community site. The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.
- Legal basis for processing: the data subject’s voluntary consent to the processing of his or her personal data on social networking sites.
Data transmission
- The 2011 Act on the right to information self-determination and freedom of information. CXII. (1) of the Act on Freedom of Information and Access to Personal Data of the European Union, the following shall be defined in the scope of the data transfer activities of the webshop website:
- a) the fact of data collection,
- b) the persons concerned,
- (c) the purpose of the data collection,
- (d) the duration of the processing,
- (e) the identity of the potential controllers who have access to the data,
- (f) a description of the rights of data subjects with regard to data processing.
- The fact of processing, the scope of the data processed.
- The scope of the data transmitted for the purpose of the delivery: delivery name, delivery address, telephone number.
- The data transmitted for the purpose of online payment: billing name, billing address, e-mail address.
- Stakeholders: all stakeholders requesting home delivery/online shopping.
- Purpose of data processing: delivery of the ordered product / online shopping, confirmation of transactions and fraud-monitoring to protect users.
- Duration of data processing, deadline for deletion of data: until the delivery/online payment is completed.
- Potential controllers of the data: personal data may be processed by the following, in compliance with the principles set out above:
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
2351 Alsónémedi, Európa u.
2.
info@gls-hungary.com
Phone number: +36 1 802 0265https://gls-group.eu/HU/hu/adatvedelmi-szabalyzat
Barion Payment Zrt.
Authorisation number: H-EN-I-1064/2013
Institution ID: 14859034
Telephone: + 36 1 464 70 99
E-mail: support@barion.com
GTC: https://www.barion.com/hu/vasarlok/arak-vasarloknak/
- Description of the data subject’s rights in relation to data processing: the data subject may request the data controller of the door-to-door delivery/online payment service provider to erase his/her personal data as soon as possible.
- The legal basis for the transfer of data: the User’s consent, the Infotv. 5. § Paragraph (1) of Article 5.2 of the Act on electronic commerce services and certain aspects of information society services of 2001. CVIII. 13/A. § 13(3) of the Act of Access to the Information Society.
Customer relations and other data management
- If the data subject has any questions or problems when using our services, he or she can contact the data controller by the means indicated on the website (telephone, e-mail, social networking sites, etc.).
- The Data Controller will process your incoming emails, messages, telephone, Facebook, etc. together with the name and e-mail address of the interested party and any other personal data voluntarily provided by the interested party, will be deleted after a maximum of 2 years from the date of the communication.
- Information about data processing not listed in this notice is provided at the time of collection.
- In exceptional cases, the Service Provider shall be obliged to provide information, disclose data, hand over data or make documents available upon request of a public authority or other bodies authorised by law.
- In such cases, the Service Provider shall disclose personal data to the requesting party only to the extent and to the extent strictly necessary for the purpose of the request, provided that the requesting party has indicated the exact purpose and scope of the data.
Data security (§ 7)
- The controller shall design and implement the processing operations in such a way as to ensure the protection of the privacy of data subjects.
- The data controller shall ensure the security of the data (password and antivirus protection), shall take the technical and organisational measures and shall establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.
- The controller shall take appropriate measures to protect the data, in particular by
- unauthorised access,
- the change,
- the transmission,
- the disclosure of,
- deletion or destruction,
- accidental destruction and damage,
- against inaccessibility due to changes in the technology used.
- The controller shall ensure, by appropriate technical means, that the data stored in the records cannot be directly linked and attributed to the data subject.
- The data controller shall take measures to prevent unauthorised access, alteration and unauthorised disclosure or use of personal data:
- the development and operation of an appropriate IT and technical environment,
- the controlled selection and supervision of staff involved in the provision of services,
- issuing detailed operational, risk management and service procedures.
- On the basis of the above, the service provider ensures that the data it processes
- be available to the rightful claimant,
- authenticity and verification,
- is unchanged,
should be.
- The IT system of the Data Controller and its hosting provider protects, among others.
- computer fraud,
- espionage,
- computer viruses,
- spam,
- the hacks
- and other attacks.
Rights of data subjects
- The data subject may request the Service Provider to provide information about the processing of his/her personal data, request the rectification of his/her personal data and request the erasure or blocking of his/her personal data, except for mandatory processing.
- At the request of the data subject, the controller shall provide information about the data of the data subject processed by the controller or by a processor appointed by the controller or on its behalf, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, the circumstances of the personal data breach, its effects and the measures taken to remedy the personal data breach, and, in the case of the transfer of personal data of the data subject, the legal basis and the recipient of the transfer.
- The controller shall, where it has an internal data protection officer, through the internal data protection officer, keep a record of the personal data concerned, the number and categories of data subjects affected by the personal data breach, the date, circumstances, effects and measures taken to remedy the personal data breach and other information specified in the legislation providing for the processing, for the purposes of monitoring the measures taken in relation to the personal data breach and informing the data subject.
- For the purposes of monitoring the lawfulness of the transfer and informing the data subject, the controller shall keep a record of the transfer, which shall include the date of the transfer of personal data processed by the controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation providing for the processing.
- Upon the User’s request, the Service Provider shall provide information about the data processed by it, their source, the purpose, legal basis and duration of the data processing, the name and address of any data processor and its activities related to data processing, and – in the case of the transfer of personal data of the data subject – the legal basis and recipient of the data transfer. The service provider shall provide the information in writing and in an intelligible form within the shortest possible time from the date of the request, but not later than 25 days. The information shall be provided free of charge.
- If the personal data is not accurate and the accurate personal data is available to the data controller, the Service Provider shall correct the personal data.
- Instead of deletion, the Service Provider shall block the personal data if the User so requests or if, based on the information available to it, it can be assumed that deletion would harm the legitimate interests of the User. The blocked personal data may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists.
- The Service Provider shall delete the personal data if the processing is unlawful, the User requests it, the processed data is incomplete or incorrect – and this situation cannot be remedied by law – provided that the deletion is not excluded by law, the purpose of the processing has ceased, or the statutory deadline for storing the data has expired, or the court or the National Authority for Data Protection and Freedom of Information has ordered it.
- The controller shall mark the personal data that it processes if the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established.
- Rectification, blocking, flagging and erasure must be notified to the data subject and to all those to whom the data were previously disclosed for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing.
- If the controller does not comply with the data subject’s request for rectification, blocking or erasure, it shall, within 25 days of receipt of the request, communicate in writing the factual and legal grounds for refusing the request for rectification, blocking or erasure. In the event of refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of judicial remedy and of recourse to the Authority.
Remedies
- You may object to the processing of your personal data if.
- the processing or transfer of personal data is necessary solely for the fulfilment of a legal obligation to which the Service Provider is subject or for the purposes of the legitimate interests pursued by the Service Provider, the data recipient or a third party, unless the processing is required by law;
- the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes;
- in other cases specified by law.
- The service provider shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision. If the Service Provider establishes that the objection of the data subject is justified, it shall terminate the processing, including further recording and transmission of the data, and block the data, and shall notify the objection and the measures taken on the basis of the objection to all those to whom it has previously transmitted the personal data concerned by the objection and who are obliged to take action to enforce the right to object.
- If the User does not agree with the decision of the Service Provider, the User may appeal against it to the court within 30 days from the date of its notification. The court shall act out of turn.
- Complaints against possible infringements by the data controller can be lodged with the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. Box 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Judicial enforcement
- The controller must prove that the processing is in compliance with the law. It is for the recipient to prove the lawfulness of the transfer.
- The court has jurisdiction to hear the case. The action may also be brought, at the option of the person concerned, before the court of the place of residence or domicile of the person concerned.
- A person who does not otherwise have legal capacity to sue can also be a party to the lawsuit. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
- If the court upholds the application, the data controller shall be obliged to provide the information, rectify, block or erase the data, annul the decision taken by automated processing, take into account the right of the data subject to object, or disclose the data requested by the data subject.
- If the court rejects the data subject’s request, the controller is obliged to delete the data subject’s personal data within 3 days of the judgment. The controller shall also be obliged to delete the data if the data subject does not apply to the court within the time limit.
- The court may order the publication of its judgment, with the publication of the controller’s identification data, if the interests of data protection and the protected rights of a large number of data subjects so require.
Damages and compensation
- If the controller infringes the data subject’s right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the controller.
- The controller is liable to the data subject for any damage caused by the processor and the controller is also liable to pay the data subject the damages due in the event of a personal data breach caused by the processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unavoidable cause outside the scope of the processing.
- No compensation shall be due and no damages shall be payable where the damage or injury to the person concerned has been caused by the intentional or grossly negligent conduct of the victim or by an infringement of a right relating to personality.
Closing words
The following legislation has been taken into account in the preparation of this information:
- CXII. Act on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
- CVIII. Act on certain aspects of electronic commerce services and information society services (in particular § 13/A)
- XLVII. Act on the Prohibition of Unfair Commercial Practices against Consumers;
- XLVIII. Act on the basic conditions and certain restrictions on commercial advertising (in particular § 6)
- XC. Act on Freedom of Electronic Information
- Act C of 2006 on electronic communications (specifically § 155)
- 16/2011. sz. vélemény a viselkedésalapú online reklám bevált gyakorlatára vonatkozó EASA/IAB-ajánlásról
- Recommendation of the National Authority for Data Protection and Freedom of Information on data protection requirements for prior information