Data management information
Information on data management - www.spycraft.hu
Which was created by visiting the website http://www.spycraft.hu/ operated by the clothing designer and manufacturer Annamária Varga (registration number: 55054229, hereinafter: " Data controller "), and during the purchase of clothing products through the online store, the detailed data management of natural persons in order to explain the rules of Regulation 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of EC Regulation 95/46 (General Data Protection Regulation, hereinafter: " GDPR " ) in accordance with its provisions:
The Data Controller publishes this notice for its customers interested in its products advertised and offered for purchase (hereinafter: " Customer ") on its -above- website, in a prominent place, which comes into effect upon publication and remains in effect until the Data Controller publishes a new Data Management Notice does. The Data Controller reserves the right to unilaterally amend this Data Management Notice, in which case the previous notice applies to browsing, product purchases, and data management that began but have not yet been completed before the publication of the amended notice. For the sake of transparency and customer focus, the Data Controller publishes a separate announcement on its website about possible amendments to this Information.
However, the Data Controller undertakes to regularly review the Data Protection Notice published on its website and, if necessary, update it, so that its personal data management activities comply with the laws in force at all times.
I. The legal authorizations regarding your personal data are, in particular, but not limited to the following:
- CXII of 2011. Act on the right to information self-determination and freedom of information
- CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society (Electoral Act)
- Act V of 2013 on the Civil Code
- the GDPR regulation indicated above
II. Definitions:
personal data : any information relating to an identified or identifiable natural person ("data subject"); a natural person who can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
identifiable natural person: the natural person who directly or indirectly, in particular, has an identifier, such as a name, identification number, location data, online identifier, or the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable by one or more factors;
data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);
data controller: the natural or legal person or organization without legal personality who - within the framework defined by law or a mandatory legal act of the European Union - independently or together with others determines the purpose of the data management, the data management (including the device used) makes and implements relevant decisions or can implement them with the data processor;
data processing: the totality of data processing operations performed by a data processor acting on behalf of or at the request of the data controller;
data processor: the natural or legal person or organization without legal personality who - within the framework and conditions defined by law or a mandatory legal act of the European Union - processes personal data on behalf of or on the basis of the order of the data controller; who performs purely technical tasks related to data management operations (e.g. recording data);
data transfer: making the data available to a specific third party;
data protection incident: a breach of data security that results in the accidental or unlawful destruction, loss, modification, unauthorized transmission or disclosure of personal data transmitted, stored or otherwise handled, or unauthorized access to them;
recipient: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party;
third party: a natural or legal person, or an organization without legal personality, who is or is not the same as the data subject, the data controller, the data processor or the persons who carry out operations aimed at processing personal data under the direct control of the data controller or data processor.
III. Principles used during data management:
The processing, safe use and recording of the personal data provided by the Buyers in accordance with the relevant legislation and other regulations, the full enforcement of the Buyers' informational self-determination rights, and the provision of detailed information on personal data management are of particular importance to the Data Controller.
The Data Controller manages your data in accordance with the principles of legal, fair and transparent data management, purposefulness, data saving, accuracy, limited storage, integrity and confidentiality, as well as accountability, which fully obligates its employees and staff to enforce these principles.
The principle of purpose-bound data management applies during data management for specific and clear purposes explained below, while data saving means that the Data Controller only manages data that is absolutely necessary to achieve the goal, in accordance with the principle of limited storage capacity, i.e. only only for as long as is absolutely necessary.
The Data Controller informs you that after the expiry of the period or the criteria for determining the duration specified below, the Data Controller will irrevocably destroy your personal data and will only keep data for the purpose of statistical analyzes and calculations, for the purpose of development, which cannot be associated with you in any way. based on which you can no longer be identified at all.
ARC. Legality of our data management - legal bases used:
1./ Consent-based data management: the voluntary, definite and clear declaration of the Buyer's will based on adequate information, with which the affected person indicates through a statement or other behavior that clearly expresses his will that he gives his consent to the processing of his personal data, consented to it;
2./ Data management in order to fulfill a contract: fulfillment of a contract in which the Buyer is one of the contracting parties;
3./ Data management in order to fulfill a legal obligation: data management is necessary to fulfill the legal obligation of the Data Controller (e.g.: fulfillment of accounting and bookkeeping obligations);
4./ Data management for legitimate interests: data management is necessary to enforce the legitimate interests of the Data Controller or a third party;
5./ The Elker. Act 13/A. data management based on the provisions of §: according to which the Data Controller may process the natural personal identification necessary for the identification of the Customer for the purpose of creating, defining, amending, and monitoring the fulfillment of the contract for the provision of services related to the information society, invoicing the resulting fees, and enforcing related claims your data.
V. Data assets map
In the following, we will inform you about the scope of your personal data managed by us and the legality of data management, as well as its purpose-related use.
The persons concerned can visit our website and use our online store service, which can be divided into the following groups, through which you can buy the "Spycraft" brand, self-designed and custom-made, customized clothes. The range of personal data managed and registered is provided below:
User group 1 – Browser status :
If you find information and collect information on our website, you use our website service as a browser (hereinafter: "Browser") until you make a purchase from our online store. As a browser, we do not acquire any personal data relating to you, on the basis of which you can be identified, and in this case we do not store any data about you. However, when you browse, we create a technical identifier, a so-called cookie (an information package consisting of letters and numbers), which, however, does not collect information related to you, but rather transmits information to us about the usage habits of the computer on which you have just logged in. . Therefore, we receive information about the pages opened on the computer, clicks and the browser used, but we can only connect this information to the computer you are using at that moment, not to you. The cookie serves to make the use of our website more convenient, efficient and enjoyable, as well as to communicate special offers and advertisements to you. In order to create the technical identifier, you do not provide us with the necessary data, but taking into account the above, we collect them during the use of the website. Thus, the data exchange is actually carried out automatically during communication between computers.
The legal basis for the use of cookies is your consent, since by clicking the "I accept" button on an automatically pop-up window when you open the page, you give your consent to the legal use of the former. You can delete cookies from your computer at any time, or block their use in your browser. Cookies can usually be managed in the Tools/Settings menu of the browsers under the Data protection settings, with the name cookie or cookie, which is considered as a withdrawal of your consent in this way.
We would also like to inform you that we also use a web beacon when visiting our site. A web beacon is a small, usually imperceptible image placed on a website. By placing web beacons, your actions on the website as a browser can be tracked and statistics can be created from the obtained data.
2nd user group - Buyer status:
If you wish to purchase the products offered in the online store published on our website, you can do so by entering your personal data below.
This data is provided by the Buyer during the online purchase and during the personal consultation must provide.
|
Data category |
Source of data |
Purpose of data management |
Legality of data management (legal bases) |
Duration of data management |
|
1. surname and first name* |
Provided by customer |
Customer identification |
Contract performance (IV. 2./ point) |
until the termination of the contract |
|
ensuring communication |
Contract performance (IV. 2./ point) |
until the termination of the contract |
||
|
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract performance (IV. 2./ point) |
until the termination of the contract |
||
|
invoicing the resulting fees (purchase price) in the event of the creation of a contractual relationship |
Elker. Act 13/A. § (IV. 5./ point) and fulfillment of legal obligations (IV. 3./) |
until the termination of the contract |
||
|
possible claim enforcement and prevention of fraud |
Legitimate interest (IV.4./) |
until the expiration of the limitation period |
||
|
2. email address* |
Provided by customer |
Customer identification |
Buyer's consent (IV. 1./ point) |
until withdrawal of consent, failing which, for 5 years |
|
ensuring communication and confirming the purchased product |
Contract performance (IV. 2./ point) |
until the contract is terminated |
||
|
creating a contract, defining its content, amending it and monitoring its performance |
Contract performance (IV. 2./ point) |
until the termination of the contract |
||
|
3. phone number |
Provided by customer |
ensuring communication |
Contract fulfillment (IV. 2./ point) |
until the termination of the contract |
|
4. billing address* |
Provided by customer |
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract performance (IV. 2./ point) |
until the termination of the contract |
|
possible claim enforcement and prevention of fraud |
Legitimate interest (IV.4./) |
until the expiration of the limitation period |
||
|
invoicing the resulting fees (purchase price) in the event of the creation of a contractual relationship |
Elker. Act 13/A. § (IV. 5./ point) and fulfillment of legal obligations (IV. 3./) |
until the termination of the contract |
||
|
5. delivery address* |
Provided by customer |
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract fulfillment (IV. 2./ point) |
until the termination of the contract |
|
possible claim enforcement and prevention of fraud |
Legitimate interest (IV.4./) |
until the expiration of the limitation period |
||
|
6. the amount of the purchase, the precise definition of the purchased clothing and its quantity* |
Provided by customer |
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract fulfillment (IV. 2./ point) |
until the termination of the contract |
|
invoicing the resulting fees (purchase price) in the event of the creation of a contractual relationship |
Elker. Act 13/A. § (IV. 5./ point), Contract performance (IV. 2./ point) and fulfillment of legal obligations (IV. 3./) |
until the termination of the contract |
||
|
possible claim enforcement and prevention of fraud |
Legitimate interest (IV.4./) |
until the expiration of the limitation period |
||
|
7. Date of purchase* |
Given by the Buyer with the completed payment |
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract performance (IV. 2./ point) |
until the termination of the contract |
|
possible claim enforcement and prevention of fraud |
Legitimate interest (IV.4./) |
until the expiration of the limitation period |
||
|
8. Buyer's individual body measurements* (especially but not limited to: waist and bust, hip, height) |
Provided by customer |
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract performance (IV. 2./ point) |
until the warranty period expires |
|
9. Bank data, which must be entered in the case of online card payment* (name, bank card number, name of the issuing bank, card expiry date, CVV code) |
Provided by customer |
creating a contract, defining its content, amending it and monitoring its performance |
Elker. Act 13/A. § (IV. 5./ point) and Contract performance (IV. 2./ point) |
until the termination of the contract |
|
possible claim enforcement and prevention of fraud |
Legitimate interest (IV.4./) |
until the expiration of the limitation period |
We would like to inform our dear Customer that, in order to make a purchase in the webshop, entering the data marked with * in the above table is absolutely necessary for the conclusion of the contract, these data are prerequisites for the conclusion of the contract, so their provision cannot be omitted. In the absence of the above personal data, we will not be able to enter into a contract with you or fulfill it.
Please note that you must provide the shipping address if it is different from the billing address.
VI. Data manager and data processors
A.) Data manager:
The personal data specified in point V shall be handled by the following person as Data Controller:
|
Annamária Varga is an individual entrepreneur |
registration number: 06302315151
registered office: 1122 Budapest, Alma utca 2/c.
tax number: 56412150-1-43
You can request information about data management at the email address below, and you can also use the letter sent to this email address in VIII. with the rights specified in paragraph: info@spycraft.hu
We would like to inform you that only the Data Controller has access to the data specified in point V.
Pursuant to the GDPR regulation, a data protection officer has not been appointed, as the extent and method of data management do not make it necessary.
B.) Data processors:
The data controller transfers your personal data specified in point V to the following companies, and these companies have access to the data we have registered for the following purposes, which are absolutely necessary to achieve the goal:
Shopify Inc. (located at 150 Elgin Street, 8th Floor Ottawa ONK2p1L4 Canada ), which maintains the IT system (website) of the Data Controller.
Kvartilis kft. (company registration number: 01 09 994445 registered office: 1157 Budapest, Zsókavár utca 29. ground floor 3. tax number: 24182823-2-42) accounting office, which performs accounting for the Data Controller.
We conclude a data processing contract with all the service providers indicated above, in which the data processors undertake and provide a guarantee for the protection of their personal data, however, the Data Controller does not guarantee and expressly excludes its responsibility for the existence, compliance and implementation of data protection regulations in accordance with the existing laws of the data processors.
VII. Email marketing law - newsletters
We would like to inform you that if you entered your email address on our website for any reason (even during a purchase), we will periodically send you newsletters that contain advertising, offers and other information, thus ensuring that you are informed of the latest news as soon as possible. The legal basis for the processing of personal data defined in this point is the legitimate interest of the Data Controller, given that, based on the above, he is entitled to the right of email marketing for the purpose of obtaining direct business. We process your data received in this form until the newsletter service used by the Data Controller is operational, however, if you object to this and the conditions laid down in the GDPR exist, we will delete your personal data specified in this point and we will no longer send you newsletters.
We would also like to inform you that if you unsubscribe from the newsletter, you will be put on a special list of people who no longer wish to receive newsletters.
VIII. Your rights in relation to the management of your personal data
Right of access: You have the right to request information from us about the purpose for which your data is processed, which data category this data belongs to, the categories of recipients, i.e. those to whom we communicate or will communicate your personal data - including in particular recipients from third countries and international organizations - the on the duration of data storage or aspects of determining the duration. You can request a one-time free copy of your data managed by us, while we charge a fee for additional copies.
Right to rectification, erasure (right to be forgotten) : You have the right at any time to ask the Data Controller to correct, correct, amend or supplement your personal data if you notice that they have been recorded incorrectly or that there have been changes in them. After receiving this request, the Data Controller is obliged to comply without delay. You can ask us to delete the data in the cases defined by law, which we will carry out if Article 17 of the GDPR or Info tv. The existence of the conditions contained in § 20 can be established. In such a case, we will permanently and irrevocably delete your data from our records.
Right to limit data processing: in Article 18 of the GDPR and Info tv. In the cases specified in § 19, you can request that we limit your data processing.
In relation to the rights defined above, we also inform you that in the case of requests with the above content, we will inform all recipients to whom we previously disclosed their personal data of these operations, as long as it does not pose a disproportionate difficulty.
Right to data portability: The GDPR. On the basis of Article 20, you can request that we release your personal data processed on the basis of your consent or contract performance to you, or that we directly forward this data to another data controller at your request.
Right to object: You may object at any time to the processing of your data, the legal basis of which is the Data Controller's legitimate interest.
Withdrawal of consent: If our data processing is based on your consent, you have the right to withdraw this consent at any time. Please note, however, that the revocation is not retroactive, so it does not affect the legality of our data processing prior to that time.
Right to file a complaint : If you notice illegal handling of your data, or if you suffer a violation of rights in connection with our data processing, you have the right to file a complaint with the supervisory authority or initiate civil litigation before the competent court.
Contact details of the supervisory authority:
National Data Protection and Freedom of Information Authority
address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
email address: ugyfelszolgalat@naih.hu
website: https://naih.hu/
IX. Ensuring data security
If we become aware of a data protection incident, we will notify the VIII. to the supervisory authority named in point If we determine that the data protection incident is likely to pose a high risk to your rights and freedoms, we will notify you within 72 hours at the latest.
We would like to inform you that we have an internal data protection policy in accordance with the law, and we implement and maintain measures that ensure the safe handling of your personal data in both our organizational and technical systems, as described above.
Handling the data of persons under the age of 16:
The Data Controller does not manage the personal data of a person under the age of 16, taking into account that, according to the relevant provisions of the General Terms and Conditions, the Data Controller does not establish a business relationship with such a person
Budapest, August 2020 03.