Privacy notice

Privacy notice

This Data Management Notice Szabó Roland Richárd e.v. (hereinafter referred to as the Company) informs the data subject about the personal data permitted in the declarations of consent of natural persons, supplier companies and contractual partners, about the protection of personal data in terms of handling and the free flow of such data, as well as the 95/46/EC on the repeal of the Regulation (General Data Protection Regulation) based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016).

Amendments to the prospectus will take effect upon publication at the above address.

Table of Contents

The data manager and his contact details 2

Term definitions. 2

Principles for handling personal data. 3

Legal basis of data management. 3

We provide the following information about the data management carried out during the individual services of the Company. 4

  1. Billing. 4
  2. Business relations. 4
  3. Online order data management. 5
  4. Send newsletter. 5
  5. Community portals (Google Analytics) 6
  6. Management of cookies. 6

Permanent or temporary cookies. 7

Session cookies. 7

Performance cookies (analytics) 7

Targeting or advertising cookies. 7

Promoting use, so-called functional cookies. 7

Third-party cookies. 7

Browser settings. 7

  1. Other data management. 8

Transmission of data, use of data processors. 8

Method of storing personal data, security of data management. 9

Privacy incident. 10

Rights of data subjects 10

Closing. 11

The data manager and his contact details

Company name:

Szabó Roland Richard e.v.  

ZsomikoStone

Headquarters:

6000 Kecskemét, Ág utca 21

Company registration number:

55674982

Tax number:

55237905-1-23

website:

www.zsomikostone.hu

Phone number:

+36 20 344 7179

Email:

zsomikostone@gmail.com

Internal data protection officer:

Szabó Roland Richard

Term definitions

  1. "personal data": any information relating to an identified or identifiable natural person ("data subject"), a natural person who can be identified directly or indirectly, in particular an identifier such as a name, number, location data, online identifier or can be identified based on one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person,
  1. "data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or by making it available in another way, coordinating or connecting, limiting, deleting or destroying,
  1. "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of personal data management independently or together with others, if the purposes and means of data management are determined by EU or member state law and, the data controller or the special aspects regarding the designation of the data controller can also be determined by EU or member state law,
  1. "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller,
  1. "recipient": the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. or have access to personal data in accordance with the law of the Member State, they are not considered recipients, the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management,
  1. "consent of the data subject": a voluntary, specific and well-informed and clear statement of the will of the data subject, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her,
  1. "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Principles for handling personal data

The personal data:

  1. must be handled lawfully and fairly and in a manner that is transparent to the data subject ("legality, fair procedure and transparency"), collected only for specific, clear and lawful purposes, and must not be handled in a manner inconsistent with these purposes, the 89.(1) further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes ("purpose limitation") is not considered incompatible with the original purpose,
  2. they must be appropriate and relevant in terms of the purposes of data management, and must be limited to what is necessary ("data economy"),
  3. must be accurate and, if necessary, up-to-date, all reasonable measures must be taken to ensure that inaccurate personal data for the purposes of data management are immediately deleted or corrected ("accuracy"), stored in a form that allows the identification of the data subjects only allows the processing of personal data for the period necessary to achieve its goals, the storage of personal data for a longer period of time may only take place if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes line, taking into account the implementation of the appropriate technical and organizational measures prescribed in this regulation to protect the rights and freedoms of the data subjects ("restricted storage"),
  4. must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data ("integrity and confidentiality").
  5. The data controller is responsible for compliance with the above, and must also be able to prove this compliance ("accountability").

Legal basis for data management

This Privacy Policy covers only the processing of data of natural persons, given that personal data can only be interpreted in relation to natural persons.

We provide the following information about the data management carried out during some of the Company's services

  1. Billing

The purpose of the data management: the use of the services provided by the Company, the purchased products by the data subject, the determination and invoicing of the consideration for the services and goods.

Legal basis for data management: § 69 of Act C of 2000 on accounting. Fulfillment of legal obligations according to the provisions of paragraphs (1) and (2) (GDPR Article 6 (1) point c)).


Scope of personal data handled: surname, first name, company name, billing address provided for issuing the invoice, tax number.


Duration of data management: 8 years from the date of the provision of the personal data by the data subject, from the preparation of the report, business report or accounting for the given business year.


Possible consequences of failure to provide data: Business cannot issue an invoice in the name/company of the Data Subject

  1. Business relations

Like most companies, the Company maintains a business relationship with some employees of other organizations, whose name, business position and contact information we store.

Purpose of data management: communication with our partners for the purpose of cooperation.

Legal basis for data management: Legitimate interest related to the performance of the contract or the relationship between companies (GDPR Article 6 (1) point f) ).

Legitimate interest of the data controller: business continuity


Scope of processed personal data: contact person's name, business position, telephone number, e-mail address.

We store the contact details of our business contacts solely for the purpose of facilitating the establishment and maintenance of business cooperation with partner companies.

Withdrawal of data management: consent can be withdrawn at any time by sending a message to the e-mail address zsomikostone@gmail.com.

Duration of data management: we check the contact details of our business contacts at least annually and remove those that are no longer up-to-date from the system. At the partner's request, we modify or remove their data from our system.

  1. Online order data management

The Company sells its products on the website www.zsomikostone.hu. The purchase is not tied to registration, but provides the opportunity to open your own account.

Purpose of data management, use of managed data: data will be used to fulfill the order.

Legal basis for data management: prior consent of the person initiating the purchase (GDPR Article 6(1)(a)).

The range of personal data handled: when creating your own account: name, e-mail address and password; in the case of an order: order number, invoicing data (name, company name, billing address), contact details (phone, e-mail), delivery data (name, address), confirmation of purchase, name of the delivery partner, payment method.

Duration of data management: until the end of the business relationship, review every 5 years, in the case of issuing an invoice, the retention period for accounting documents is 8 years.

Possible consequences of not providing data: If you do not provide the requested data, we will not be able to fulfill your order.

Data transfer: in order to deliver the product, the delivery name and delivery address, as well as contact information (phone number), will be forwarded to Magyar Posta Zrt.

The payment can be initiated on PayPal's protected page or by cash on delivery. The Company will receive a notification about the completion of the payment (by e-mail or SMS, if it has been set up by the service provider). The order number and the amount to be paid, as well as the e-mail address of the person concerned, will be sent after selecting the payment method.

Revocation of data management: consent can be revoked at any time by sending a message to the e-mail address zsomikostone@gmail.com.

  1. Send newsletter

At the request of the Data Subject, the Company sends direct marketing (direct business acquisition) messages in an electronic newsletter, so only those who have registered for this service on the Company's website or personally (in writing) have consented to the sending of the newsletter will receive the newsletter. If the person concerned can subscribe to the newsletter on the website, he must accept the data protection policy at the place of subscription. You can do this with a check box. The Company provides the option to unsubscribe at the bottom of each newsletter at the e-mail address zsomikostone@gmail.com.

Legal basis for data management: consent of the data subject GDPR Article 6 (1) point a)

Scope of processed data: identifier, e-mail address, date, analytical data related to subscription and unsubscription, message sending, delivery, opening (date, time of the message, computer IP address, reason for undeliverability).

Duration of data processing: until the end of the operation of the newsletter service, but if the Data Subject requests the deletion of his data (unsubscribes from the newsletter), then immediately after his deletion request, or 24 months from the opening of the last newsletter or data update Possible consequences of failure to provide data: the data subject you will not be informed about the offers of the Data Controller and its partners.

Method of data management: done electronically.

  1. Community portals (Google Analytics)

The Service Provider measures visitors on the website, the number of visitors, and their characteristics with the GoogleAnalytics web analytics service. During its operation, GoogleAnalytics logs many characteristics of visitors, such as: where they came from, what browser or operating system they use, which pages they view on the website. The data stored by GoogleAnalytics is not suitable for identifying the visitor by name, however, during a subsequent visit, it can recognize that someone from the given computer, with the browser used by the given user, has already visited the website before.

For the measurement, the system uses small data files, so-called places cookies in your browser. The purpose of the measurement is to learn about user habits, thereby expanding and developing the site based on the information obtained in this way. Its purpose is also to assess the search habits of visitors to the site and to map the search terms used. Cookies are created by the web server using the browser on the visitor's device (which can be a PC, laptop, smartphone, etc.), where they are stored in a separate directory. If you do not want GoogleAnalytics to measure the above data in the manner and for the purpose described, install the blocking add-on in your browser:

https://tools.google.com/dlpage/gaoptout

The Google Analytics service is operated by Google LLC (1600 Amphitheater Parkway Mountain View, CA 94043 USA)

Google's data protection information can be read here:

https://policies.google.com/

Google information stored on the user's computer can be managed on the following page: https://www.google.com/settings/ads/preferences/


The Google Analytics "Data protection" information can be found here:

https://support.google.com/analytics/answer/6004245

  1. Management of cookies

During visits to the Company's website, one or more cookies - small information packages that the server sends to the browser and then the browser sends back to the server for every request directed to the server - are sent to the computer of the person visiting the website, which ) will enable its browser to be uniquely identified, if the person visiting the website has given his express (active) consent by continuing to browse the website after clear and unambiguous information.

Permanent or temporary cookies

Website uses both "temporary cookies" (session cookies) and "permanent cookies". Temporary cookies remain on your computer until you leave the website. Permanent cookies remain on the device for a longer time (depending on the browser settings) or until they are manually deleted.

Session cookies

Temporary cookies, they are automatically deleted from the computer only during the current visit, at the end of the session, and when the browser is closed.They are essential for navigating the website and for the website to function properly Session cookies do not collect any information that could identify the user under any circumstances.

Performance cookies (analytics)

With the help of Google Analytics cookies, we collect information about the behavior and characteristics of our visitors. This helps us to make the website even more transparent and easier to use in the future. These cookies are not able to personally identify the site visitor, for example, the name and email address are not recorded, the data is aggregated and stored anonymously. The IP address is also only partially recorded.

Targeting or advertising cookies

Information is collected about what topics and contents are of interest to visitors to the website. These cookies can also be used to measure the effectiveness of campaigns and help ensure that relevant ads are displayed later. Targeting and advertising cookies cannot identify you, they do not collect the personal information necessary for identification.

Promoting use, so-called functional cookies

With their help, we can remember your decisions regarding our website (e.g. data entered on forms, etc.). These cookies only track your activity on the visited website, not on other websites. These cookies can store personal identification data entered on the website, such as name and e-mail address.

Third Party Cookies

We may use external web services from third parties on the website. In this case, we do not supervise the storage of cookies, we have no influence on what information these external service providers collect.

Browser Setup

In the browser, it is possible to change and manage cookie settings. The default setting for most browsers is to automatically accept cookies, but this can be changed later.

You can find help for setting cookies at the following links:

  • Google Chrome (https://support.google.com/accounts/answer/61416?hl=en)
  • Firefox (https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami?redirectlocale=hu&redirectslug=S%C3%BCtik+ manage%C3%A9se)
  • Microsoft Internet Explorer (https://support.microsoft.com/hu-hu/search?query=cookies)

Although you can disable or limit cookies, please act carefully in this regard, as the use of cookies is essential for the trouble-free operation of a website, so their prohibition may affect the usability of the website and the operation of certain functions.

Purpose of data management: Technical development of the IT system, control of the operation of the service and preparation of statistics. In case of abuse, the data can also be used to determine the source of the abuse in cooperation with the visitors' Internet service provider and the authorities.


Legal basis for data management: CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. § (3) is a condition for the provision of the service.

  1. Other data management

We provide information on data management not listed in this information when the data is collected. We inform our customers that certain authorities, bodies performing public duties, and courts may contact our company for the purpose of providing personal data.Our company releases personal data to these bodies - if the relevant body has indicated the exact purpose and scope of the data - only to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request, and if the fulfillment of the request is required by law

Transmission of data, use of data processors

We use different companies to manage and store your data, with whom we have concluded a data processing and commission/enterprise contract in accordance with the law.

The data processor may only execute instructions that are recorded in writing.

Employees handling personal data are bound by confidentiality.

In order to guarantee data security, the data processor implements organizational and technical measures.

The data processor helps the data controller to fulfill its obligations.

Based on the decision of the data controller, the data processor returns all personal data to the data controller or deletes or deletes existing copies, with one exception, if national or EU law requires data storage.

The data processor facilitates and enables audits and on-site inspections carried out by the data controller or with the help of the inspector commissioned by him.

If the data processor uses the help of another data processor, the same obligations apply to him as those originally created by the contract between the data processor and the data controller.

The Company uses an external data processor to perform accounting tasks:

Company:

Famous Tax Gurus Kft.

Headquarters

6000 Kecskemét, Lombos utca 18

Availability:

+ 36 30 253 9319, horvath.ilony@gmail.com

The company's hosting provider:

Company Name:

Websupport Magyarország Kft.

Availability:

1132 Budapest, Victor Hugo utca 18-22, +36 22 78 76 74

Email server operator of the company:

Company Name:

Google LLC

Headquarters:

https://mail.google.com/

The company's online payment service provider:

Company Name:

PayPal (Europe) S.à r.l. et Cie, S.C.A.

Availability:

https://www.paypal.com/hu/home

The company's courier package delivery service provider:

Company Name:

Hungarian Post Co.

Availability:

https://www.posta.hu/

The Contractor, as a Data Controller, is entitled and obliged to transmit to the competent authorities all personal data that is at his disposal and that is legally stored by him, which he is obliged to transmit by law or legally binding official obligation. The Data Controller cannot be held responsible for the transmission of such data and the resulting consequences.

The Data Manager will transfer data not indicated above only with the prior and informed consent of the Interested Party

Method of storing personal data, security of data management

Employees performing data management at the Company, as well as persons participating in data management on behalf of the Company, are obliged to treat the personal data they learn as a business secret and to preserve them. Persons handling personal data and having access to them are required to make a Confidentiality Declaration.

In the course of their work, the employees of the Company ensure that unauthorized persons cannot access personal data (in accordance with strict authorization rules), and that personal data is stored and placed in such a way that it cannot be accessed or known by unauthorized persons , can be changed, destroyed.

The Company's computer systems and other data storage locations are located in its business premises and at its data processors. For the management of personal data, we choose and operate the IT tools used in the provision of the service in such a way that the managed data:

  • available to those authorized to do so (availability),
  • its authenticity and authentication are ensured (authenticity of data management),
  • its immutability can be verified (data integrity),
  • be protected against unauthorized access (data confidentiality).

We pay special attention to the security of the data, we also take the technical and organizational measures and develop the procedural rules that are necessary to enforce the guarantees according to the GDPR.

We protect the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

The IT system and network of the Company and our partners are both protected against computer-assisted fraud, computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. Daily data backup is done.

In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident, we take immediate action to minimize the risks and prevent damages.

Regardless of the protocol (email, web, etc.), electronic messages transmitted over the Internet are vulnerable to network threats that can lead to dishonest activity or the disclosure or modification of information. To protect against such threats, the Company takes all the necessary precautions. However, the Internet is not 100% secure, as is well known to users. The Company is not liable for any damage caused by undefended attacks that take place despite the greatest possible care.

Data protection incident

A breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data.

The Company ensures data security corresponding to the degree of risk associated with data management, in the event of a breach of which, without delay, but no later than within 72 hours of becoming aware of it, our data protection officer, or failing this, the data manager/data processor or his representative, will report to the supervisory authority and inform the data subject also

After becoming aware of the data protection incident, our company will immediately take the necessary security measures in order to eliminate and restore the damage that was the basis of the data protection incident.

The person concerned will be notified of the measures taken and their results.

Rights of data subjects

CXII of 2011 on the right to information self-determination and freedom of information. Act (Infotv.) and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the data subject's rights in relation to the above data management are the following: the right to information, the right to rectification, the right to data portability, the right to deletion , the "right to be forgotten", the right to block/restrict data, the right to withdraw, the right to protest, the right to remedy, the right to appeal to a court or authority.

The data subjects can request information and exercise their other rights by sending a statement to the contact details of the Data Controller. The Data Controller examines and responds to the declaration as soon as possible after receipt, but within a maximum of 30 days, and takes the necessary steps based on the information and the provisions of the law.

Remedy: National Data Protection and Freedom of Information Authority

t0

                                   The data subject may go to court in case of violation of his rights.

The Data Controller reserves the right to modify the Information at any time. The Data Controller shall notify the Data Subject of the amendment by publishing it on the website, at least 8 days before the amendment takes effect.

Closing

During the preparation of the information sheet, we paid attention to the following legislation:

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) ( 27 April 2016)
  • year CXII. Act - on the right to information self-determination and freedom of information (hereinafter: Infotv.)
  • year CVIII. Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
  • year XLVII. Act - on the prohibition of unfair commercial practices towards consumers;
  • year XLVIII. Act - on the basic conditions and certain limitations of economic advertising activity (especially § 6.a);
  • year XC. Act on Electronic Freedom of Information;
  • Act C. on electronic communications (specifically § 155.a);
  • 16/2011. s. opinion on the EASA/IAB recommendation on best practice for behavioral online advertising;
  • VI of 1998 on the promulgation of the Convention on the Protection of Individuals during the Machine Processing of Personal Data, dated January 28, 1981 in Strasbourg.law;
  • Recommendation of the National Data Protection and Freedom of Information Authority on data protection requirements for prior information

Effective: 14.02.2022.


    .