INFORMATION ON DATA MANAGEMENT
Pilis-Fa LTD. if you use your services
pursuant to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“) (“Notice“).
1. INTRODUCTION, BACKGROUND
The Pilis-Fa LTD. pay particular attention to the fact that personal data obtained in the course of its activities are subject to the provisions of Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), the Regulation on the right to information and freedom of information (Regulation (EU) No 2011. CXII. in accordance with the law and other applicable legislation.
This Information Notice is published by Pilis-Fa Ltd. as data controller (“Controller“) in order to inform data subjects about the processing of the data detailed below in accordance with Article 13. of the EU law on the processing of their data and on their rights in relation to the processing of their data.
The terms used in this Privacy Notice shall have the meanings given to them in the interpretative provisions of the GDPR.
2. IDENTIFICATION AND CONTACT DETAILS OF THE CONTROLLER
Company name: Pilis-Fa Ltd.
Registered office: 2000 Szentendre, 6 Kankalin Street.
Location: 2021 Tahitótfalu, Ifjúság út 2.
Company registration number: 13-09-090668
Court of registry: the Court of Registration of the Budapest District Court
Tax number: 12813359-2-13
EU VAT number: EN 12813359
Representative: Edgár Orbán Managing Director
Phone number: +3670 263-7801
E-mail address: info@edimatt.hu
Website: wwww.edimatt.hu
The Pilis-Fa Ltd. processes personal data for the purpose(s) set out in this notice and to the extent strictly necessary for the purposes of achieving those purposes. The personal data processed will only be used by Pilis-Fa Ltd. and only those persons who have a legitimate need to know the personal data in the context of the provision of the service are authorised to access it.
3. THE SCOPE OF THE PERSONAL DATA CONCERNED, THE PURPOSES OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING
| # | Data category | Purpose of data processing | Legal basis |
| 1. | Natural personal identification data | Contacting customers who buy the products for invoicing, mailing
|
Consent of the data subject (GDPR 6. Article (1)(a))
Processing necessary for the performance of the service (contract) (GDPR 6. Article (1)(b)) |
| 2. | Contact information | Contact about the service (contract) | Processing of data for the performance of a contract (GDPR 6. Article (1)(b)) |
| 3. | Customer payment, order processing data | Performance of the invoicing activity related to the service (contract) | Processing based on law or necessary for the performance of a service (contract) (GDPR 6. Article 2 (1) (b) and (c)) |
| 4. | Data processing in relation to the transport of goods | The data processing is carried out in order to deliver the ordered product. | Performance of a contract [processing under Article 6(1)(b) of the Regulation]. |
3.1. Information about the use of cookies
What is a cookie?
The Data Controller uses so-called cookies when you visit the website. A cookie is a bundle of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.
Some of the cookies do not contain any personal information and cannot be used to identify an individual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.
Legal background and legal basis for cookies:
The legal basis for the processing of the data is 6. Your consent pursuant to Article 4(1)(a).
Main features of the cookies used by the website:
Session cookie: these cookies store the visitor’s location, browser language, payment currency, and their lifetime is until the browser is closed or for a maximum of 2 hours.
Age-approved content cookie: these cookies record the fact that you have consented to age-approved content and that you are over 18 years old, and last until you close your browser.
Referrer cookies: they record from which external page the visitor came to the site. Their lifetime lasts until the browser is closed.
Last viewed product cookie: records the products last viewed by the visitor. Their lifespan is 60 days.
Last viewed category cookie: fixes the last viewed category. It has a lifespan of 60 days.
Mobile version, design cookie: detects the device the visitor is using and switches to full view on mobile. It has a lifespan of 365 days.
Cookie acceptance cookie: when you arrive at the site, you will be prompted to accept the cookie statement in the warning window. It has a lifespan of 365 days.
Shopping cart cookie: records the products placed in your shopping cart. It has a lifespan of 365 days.
Backend ID cookie: the ID of the backend server serving the site. Its lifetime lasts until the browser is closed.
Google Adwords cookie: when someone visits our site, the visitor’s cookie ID is added to our remarketing list. Google uses cookies – such as NID and SID cookies – to personalise the ads you see in Google products, such as Google search. It uses such cookies, for example, to remember your recent searches, your previous interactions with certain advertisers’ ads or search results, and your visits to advertisers’ websites. The AdWords conversion tracking feature uses cookies. Cookies are saved on the user’s computer when they click on an ad to track ad sales and other conversions. Some common uses of cookies include: selecting ads based on what is relevant to a particular user, improving campaign performance reporting, and avoiding displaying ads that the user has already viewed.
Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and application owners to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and generate reports on website usage statistics without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to reporting on site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to display more relevant ads in Google products (such as Google Search) and across the web.
Remarketing cookies: may appear to previous visitors or users when browsing other sites on the Google Display Network or searching for terms related to your products or services.
Strictly necessary cookies: these cookies are essential for the use of the website and allow you to use its essential functions. In their absence, many features of the site will not be available to you The lifetime of these types of cookies is limited to the duration of the session.
Cookies to improve your user experience: these cookies collect information about your use of the website, such as which pages you visit most often or what error messages you receive from the website. These cookies do not collect any information that identifies the visitor, i.e. they work with completely generic, anonymous information. We use the data from this to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.
Session cookie: these cookies store the visitor’s location, browser language, payment currency, and their lifetime is until the browser is closed or for a maximum of 2 hours.
Referrer cookies: they record from which external page the visitor came to the site. Their lifetime lasts until the browser is closed.
Last viewed product cookie: records the products last viewed by the visitor. Their lifespan is 60 days.
Last visited category cookie: records the last visited category. It has a lifespan of 60 days.
Mobile version, design cookie: detects the device the visitor is using and switches to full view on mobile. It has a lifespan of 365 days.
Cookie acceptance cookie: you accept the cookie statement in the warning window when you visit the site. It has a lifespan of 365 days.
Shopping cart cookie: records the products placed in your shopping cart. It has a lifespan of 365 days.
Backend ID cookie: the ID of the backend server serving the site. Its lifetime lasts until the browser is closed.
Facebook pixel (Facebook cookie) A Facebook pixel is a code that allows the website to report conversions, create audiences and provide the site owner with detailed analytics on how visitors use the site. Facebook pixel allows you to display personalised offers and ads to your website visitors on Facebook. You can read the Facebook Privacy Policy here: https://www.facebook.com/privacy/explanation
If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please follow the links below:
- Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Chrome: https://support.google.com/chrome/answer/95647
- Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
3.2. Recipients and processors of data processing related to the transport of goods
Name of recipient: Csomagnet.hu Ltd.
Address of the addressee: 8200 Veszprém, Egry József utca 11/E
Recipient’s telephone number: +3620/747 4857
E-mail address of the recipient: info@csomagnet.hu
Addressee’s website: www.csomagnet.hu
The courier service will assist in the delivery of the ordered goods on the basis of a contract with the Data Controller. The courier service will process the personal data received in accordance with the privacy policy available on its website.
3.3. Handling warranty and guarantee claims
Warranty and guarantee claims are governed by the 19/2014. (29.IV.) We have to follow the rules of the NGM Regulation, which also sets out how we should handle your claim.
Data processed
When dealing with warranty and guarantee claims, the 19/2014. (29.IV.) We must follow the rules of the NGM Regulation.
Under the Regulation, we are obliged to keep a record of any warranty or guarantee claim that you make to us:
(a) your name, address and a statement that you consent to the processing of your data recorded in the minutes as provided for in the Regulation,
b) the name and purchase price of the movable property sold under the contract between you and us,
c) the date of performance of the contract,
d) the date of the notification of the failure,
e ) a description of the fault,
f) the right you wish to exercise under a warranty or guarantee; and
(g) how the warranty or guarantee claim is to be settled or the grounds for rejecting the claim or the right to enforce it.
If we take delivery of the goods purchased from you, we must issue a receipt for the goods, stating.
a) your name and address,
b) the data necessary for the identification of the object,
c) the date of receipt of the item, and
d) the date when you can take delivery of the corrected item.
Duration of processing
The business must keep the record of the consumer’s warranty or guarantee claim for three years from the date of its recording and present it at the request of the supervisory authority.
Legal basis for processing
The legal basis for data processing is 19/2014. (29.IV.) Compliance with the legal obligations under the NGM Regulation [Article 4(1) and Article 6(1)] [processing under Article 6(1)(c) of the Regulation]
3.4. Handling other consumer complaints
The data management process is carried out in order to handle consumer complaints. If you have lodged a complaint with us, the processing of the data and the provision of the data are essential.
Data processed
Customer name, phone number, email address, complaint content.
Duration of processing
We keep warranty complaints for 5 years under the Consumer Protection Act.
Legal basis for processing
Whether or not to contact us with a complaint is a voluntary decision, but if you do contact us, we will apply the Consumer Protection Act 1997. CLV. Act 17/A. § (7) we are obliged to keep the complaint for 5 years [data processing under Article 6 (1) (c) of the Regulation].
3.5. Remarketing
Data management as a remarketing activity is carried out using cookies.
Data processed
Data processed by cookies as defined in the cookie notice.
Duration of processing
For more information on the retention period of a cookie, click here:
Google general cookie notice:
https://www.google.com/policies/technologies/types/
Google Analitycs brochure:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook information:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
For more information on the data retention period of a cookie, click here:
Google general cook information: https://www.google.com/policies/technologies/types/
Google Analitycs brochure: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
3.6. Data processing in connection with the sending of the newsletter
The data processing is carried out for the purpose of sending out newsletters.
Data processed
Name, address, e-mail address, telephone number.
Duration of processing
Until the data subject’s consent is withdrawn.
Legal basis for processing
Your voluntary consent, which you give to the Data Controller by subscribing to the newsletter [processing under Article 6(1)(a) of the Regulation]
The Data Processor contributes to the sending of newsletters on the basis of a contract with the Data Controller. In doing so, the Data Processor will process the name and e-mail address of the data subject to the extent necessary to send the newsletter.
3.7. Prize draw
The data processing is carried out for the purpose of running the competition.
Data processed
Name, email address, phone number.
Duration of processing
The data will be deleted after the end of the competition, except for the winner’s data, which the Data Controller is obliged to keep for 8 years under the Accounting Act.
Legal basis for processing
Your voluntary consent, which you give to the Data Controller by using the website. [Processing under Article 6(1)(a) of the Regulation]
4. DURATION OF DATA PROCESSING
Based on the data subject’s consent (GDPR 6. (a)) shall be processed by the Controller until the purpose of the processing is fulfilled or until the consent is withdrawn at the latest.
In the case of personal data where the legal basis for the processing is GDPR 6. Article 2(1)(b) (performance of the contract) The Controller shall, at the latest after the termination of the contract, process the personal data in accordance with the provisions of the Civil Code. the general limitation period (5 years).
If personal data is included in an accounting document, the Data Controller shall use the data in accordance with the provisions of Act 2000. C. law 169 of 2006, it keeps the supporting documents and thus the personal data contained therein for 8 years.
5. DATA PROCESSOR(S)
The data processors are the website operator and the e-mail address holder of the website www.edimatt.hu, through which Pilis-Fa Kft. and the provider of the storage space used to store the data.
Storage space provider:
Name: Rackforest Ltd.
Head office: 1132 Budapest, Victor Hugo utca 11.
Tax number: 14671858-2-41
E-mail: info@rackforest.com
6. DATA SECURITY MEASURES
The Data Controller shall ensure the security of the data and shall take appropriate technical, physical and procedural security measures necessary to enforce the data protection rules. Access to electronically stored data is restricted to persons authorised by their job function in order to carry out their job duties (access authorisation system).
7. TRANSFERS OUTSIDE THE EUROPEAN UNION/EEA OR TO AN INTERNATIONAL ORGANISATION
No data will be transferred outside the European Union/European Economic Area or to an international organisation.
8. AFFECTED RIGHTS
The Data Controller grants the data subjects the following rights in relation to the processing of personal data as set out in this Notice:
- Right of access;
- Right to information;
- Right to rectification;
- Right to erasure;
- Right to restriction of processing;
- Right to data portability;
- Right to object.
Some of the rights of data subjects are set out below:
8.1. Right of access and information
At the request of the data subject, the Data Controller shall provide information on whether the processing of his or her data is ongoing. If so, the Data Controller shall, in addition to providing access, inform the data subject of the categories of data processed, the purposes of the processing, the recipients or categories of recipients of the processing, the duration of the storage of the data or the criteria for determining the duration, the exercise of the rights of the data subject, the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), the source of the data and the fact of automated decision-making, including profiling. In the case of a transfer outside the European Union or the European Economic Area, the data subject will also be informed of the appropriate safeguards for the transfer.
The Data Controller shall provide the data subject with a copy of the personal data processed. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise. The right to obtain a copy must not adversely affect the rights and freedoms of others.
8.2. Right to rectification
The data subject shall have the right to request the Controller to correct his/her data in case of inaccuracy.
If it is necessary to correct the personal data processed by the Data Controller, the data subject may request in writing (by post or e-mail) the rectification of the data, indicating the correct data.
The data subject shall notify the controller in writing (by post or e-mail) of any change in any personal data processed by the controller without undue delay, but no later than 5 days after the change. The defaulting data subject shall be liable for any damage suffered by the Data Controller as a result of the failure to give or delay in giving this notification.
8.3. Right to erasure
The data subject shall have the right to obtain from the Controller the erasure of personal data relating to him or her without undue delay and the Controller shall be obliged to comply with the data subject’s request in the cases provided for in the GDPR (Article 17).
In the event that the Controller has disclosed the personal data, i.e. transmitted them to third parties, the Controller shall take reasonable steps, in case the data subject exercises his or her right to erasure, to inform the other controllers to whom the personal data have been transmitted that the data subject has requested the deletion of the links to the personal data in question or of a copy or duplicate of such personal data.
8.4. Right to restriction of processing
The data subject shall have the right to obtain from the controller, at his or her request, the restriction of processing if.
| – the data subject contests the accuracy of the personal data;
– the processing is unlawful; – The controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; – the data subject has objected to the processing.
|
- Right to data portability
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the Controller, if:
- the processing is based on consent; and
- the processing is carried out by automated means.
- Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data in accordance with 6. Article 3(1) e) or (f), including profiling based on those provisions.
The data subject may object to the processing of his or her personal data for direct marketing purposes. In this case, the personal data may no longer be processed for this purpose.
In exercising the rights listed above, the data subject is entitled to. to the Data Controller.
The data subject may withdraw his or her consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal. You can withdraw your consent by sending a declaration via the contact details above.
The data controller shall provide information in writing, in an intelligible form, on the measures taken in response to the request without undue delay, but no later than one month from the date of the request.
9. THE RIGHT TO APPLY TO THE DATA PROTECTION SUPERVISORY AUTHORITY, THE COURTS
Data subjects have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), whose contact details are:
– postal address: 1530 Budapest, Pf.: 5.
– address: 1125 Budapest Szilágyi Erzsébet fasor 22/c
– phone number: +36 (1) 391-1400
– fax: +36 (1) 391-1410
– e-mail address: ugyfelszolgalat@naih.hu
– Website: http://naih.hu
In addition to the above, the data subject may bring a civil action against the Controller in the event of unlawful processing. The court has jurisdiction to hear the case. The case can also be brought before the court of the person’s domicile (for a list of courts and their contact details, see http://birosag.hu/torvenyszekek
This document contains all relevant information on data management in connection with the operation of the webshop in accordance with the European Union’s General Data Protection Regulation 2016/679 (hereinafter referred to as the Regulation. GDPR) and the European Data Protection Supplement 2011. CXII. tv. (hereinafter: Infotv.).