Menu
Tax payer Csilla Romsics pays particular attention to the fact that during data processing, EU Regulation 2016/679 (GDPR), Act CXII of 2011 on the right to informational self-determination and freedom of information, other applicable legislation, as well as the data protection practice developed during the activities of the National Data Protection and Freedom of Information Supervisory Authority (hereinafter: the Authority), are taken into account.
The entrepreneur hereby informs the users of its online store and the visitors of its websites about the personal data it manages in connection with the website, its practices in the management of personal data, the organizational and technical measures it has taken to protect personal data, as well as the manner and possibilities of exercising the rights of those concerned.
1. Name of the data controller
Data controller: Csilla Romsics tax payer (hereinafter: Contractor)
Headquarters: 2146 Mogyoród, Árpád vezér út 27/B.
E-mail: info@eslmaterialsquad.com
Phone: +34 620 193 751
2. Legislation on which data management is based
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”) and Act CXII of 2011 on the right to informational self-determination and freedom of information.
3. Management of personal data
3.1. Personal data logged by the system
Scope of managed data and purpose of data management
Personal data Purpose of data management
IP address The identification number assigned by the internet service provider to the device of the user logging into the system. The Contractor manages it in order to ensure the IT security of the system.
Login time The login time of the user logging into the system. The Contractor manages it in order to ensure the IT security of the system.
Legal basis for data management
The legal basis for data management is the Contractor’s legitimate interest in protecting the security of the data managed in the system and the IT infrastructure that ensures the operation of the system. In order to filter out possible malicious or abusive use, to take appropriate data and information security measures (e.g. vulnerability and load testing), and for internal auditing purposes, it is absolutely necessary to log the above data in the system. The legitimate interest in ensuring the safe operation of the system is proportional to the processing of the above personal data logged in connection with logins.
Duration of data management
The system stores the data indicated here for 12 months from the date of their creation, and then they are automatically deleted.
3.2. Registration
3.2.1 Registration as “Essential”
Scope of managed data and purpose of data management
The user has to register on the website by entering his personal data to download material, such as: e-mail address, first name, last name, password.
Legal basis for data management
The legal basis for processing personal data provided at the time of registration as “Essential” is the user´s consent.
Duration of data management
Until user´s consent is not revoked.
3.2.2 Registration as “Superior” or “Deluxe”
Scope of managed data and purpose of data management
The user has to register on the website by entering his personal data in case of purchase.
In order to conclude and fulfill the contracts related to the order, the Contractor manages the appropriate contact data of the user, such as: e-mail address, first name, last name, company name (optional) , phone number, information on the chosen payment method, address (including: country / region, street, town / city, state / county, postcode / ZIP) and method which information is needed for invoicing purposes.
Legal basis for data management
The personal data provided at the time of ordering are necessary for the fulfillment of the contract or the preparation of the contract. After the performance of the contract, the legal basis for data management is the mandatory provision of the law (Act C of 2000 on accounting, hereinafter: accounting law), as well as the legitimate interest of the Contractor.
Duration of data management
The Contractor manages the personal data until the contract is fulfilled. In contrast to this, based on legal requirements, the Contractor may continue to store personal data, especially in the context of the Contractor’s mandatory data provision vis-à-vis state authorities (e.g. tax authorities). Such mandatory data management is, for example, the retention of issued invoices for a period determined by the Accounting Act (accounting documents directly and indirectly supporting accounting must be stored for 8 years). In the event of a legal dispute related to the performance of the contract, the Contractor shall keep the related data for 5 years from the date of performance of the contract.
3.3 Contact us
The user has the option to contact us on the website by entering his name, email address and message.
Legal basis for data management
The Contractor handles the personal data provided in the “contact us” form based on the user’s consent.
Duration of data management
During three months unless the user’s consent is revoked before that period is met. .
3.7. Electronic correspondence with advertising content (Mailing list): Newsletter, other correspondence
Scope of managed data and purpose of data management
The User has the option to subscribe to the Contractor’s electronic mailing list with advertising content. The Contractor’s mailing list contains advertising elements, elements that encourage the promotion and completion of purchases, so especially, but not exclusively, information in the form of a newsletter about the Contractor’s current product range, discounts, and offers that match the user’s interests. In the context of other correspondence, the Contractor also sends a reminder to the user about his/her started but not completed purchases. The Contractor then manages the data of the user’s name and email address.
Legal basis for data management
The Contractor handles the personal data provided for the purpose of electronic correspondence with advertising content based on the user’s consent.
Duration of data management
Until the withdrawal of the user’s consent.
4. Access to data and data security measures
4.1. Data access and data transfer
Designated employees of the Contractor may access personal data in order to perform their duties. The Contractor only transfers the personal data it handles to the data processors listed in point 4.2 in the manner and for the purpose specified by law.
4.2. Data processors and data security measures
The Contractor stores the personal data on servers located at the headquarters of the hosting provider commissioned by the Contractor. To store personal data, the Contractor uses a storage service provider as a data processor:
Name: DOCCA OutSource IT Zrt. & HUNET Kft.
Headquarters: H-1124 Budapest, Apor Vilmos tér 25-26.
Phone number: +36 1 488 74 90, +36 1 999 0466
E-mail address: hunet-kapcsolat@hunet.ugykezelo.hu
Website: www.docca.hu, www.hunet.hu
The Company uses appropriate IT, technical and personnel measures to protect the personal data it manages, among other things, against unauthorized access or unauthorized changes.
5. Rights related to data management
5.1. The right to access
Through the contact details given in point 1, the affected person can request information from the Contractor by email about what kind of personal data, on what legal basis, for what data management purpose, from what source, for how long, to whom, when, according to what legal basis, which personal granted access to your data or to whom you forwarded your personal data. The Contractor fulfills the request of the person concerned within a maximum of one month, in an email sent to the contact information provided by him.
5.2. Right to rectification
The person concerned can request in writing that the Contractor change some of his personal data (for example, he can change his e-mail address or postal contact information at any time) via the contact details provided in point 1. The Contractor fulfills the request within a maximum of one month and notifies him of this in an email sent to the contact address he provided.
5.3. The right to erasure
The person concerned can request the deletion of his personal data from the Contractor in writing via the contact details provided in point 1. The Contractor will reject the deletion request in the event that the Contractor is obliged to continue storing the personal data. Such a case is, for example, if the deadline prescribed by accounting legislation has not expired. However, if there is no such obligation, the Contractor shall fulfill the request within a maximum of one month, and shall notify the person concerned of this in an email sent to the contact address provided for this purpose.
5.4. The right to blocking (restriction of data processing).
The person concerned can request in writing that his personal data be blocked by the Contractor through the contact details provided in point 1 (with a clear indication of the limited nature of data management and ensuring separate treatment from other data). The blocking lasts as long as the reason specified by the data subject makes it necessary to store the data. The data subject may request blocking of the data, for example, if he believes that the Contractor has handled his application illegally, but for the sake of the official or court proceedings initiated by him, it is necessary that the Contractor does not delete the application. In this case, the Contractor will continue to store the personal data (for example, the given application) until it is required by the authority or the court, after which the data will be deleted.
5.5. The right to object
The person concerned can object to the data processing in writing via the contact details given in point 1, if the Contractor uses the personal data, e.g. it would be forwarded or used for the purpose of public opinion polls or scientific research.
6. The possibility of legal enforcement related to data management
6.1. Initiating legal proceedings
If the person concerned experiences the illegality of the processing of his personal data, he can initiate a civil lawsuit against the Contractor. Adjudication of the lawsuit falls within the jurisdiction of the court. According to the choice of the person concerned, the lawsuit can also be initiated before the court of the place of residence of the person concerned (you can view the list and contact information of the courts via the following link: http://birosag.hu/torvenyszekek).
6.2. NAIH procedure
If the person concerned experiences the illegality of the handling of his personal data, he can file an online complaint with the Supervisory Authority (In Hungary the National Data Protection and Freedom of Information Authority). The available link: https://www.naih.hu/online-uegyinditas.html.
You can make a personal appointment on Tuesdays and Thursdays between 9:00 a.m. and 12:00 p.m. and 1:00 p.m. and 4:00 p.m. by calling +36 (1) 391-1400.
Please note that the Authority investigates complaints only if the data subject has already contacted the data controller (Contractor) regarding his complaint before reporting it to the Authority, and it has not led to a result.
Budapest, October 21, 2020.