Privacy policy

Honlap > Privacy policy

1. INTRODUCTION

In the course of its activities, FOLKART KÉZMŰVESHÁZ KFT (hereinafter: Data Controller) pays increased attention to the protection of personal data, compliance with mandatory legal provisions, and safe and fair data management.

Data of the Data Controller:

Company name: FOLKART KÉZMŰVESHÁZ KFT

Company registration number: 01-09-720215

Headquarters: 1034 BUDAPEST GRAPES. U. 28 / A

Tax number: 13130255-2-41

Based on the notification to the National Data Protection and Freedom of Information Authority, the Data Protection Register identification number of the Data Controller is “number” or “notification in progress”.

The Data Controller handles the personal data provided to it in all cases in compliance with the valid Hungarian and European legislation and ethical requirements, and in all cases takes the technical and organizational measures necessary for the proper secure data management.

These regulations have been prepared taking into account the following applicable legislation:

• 1995 CXIX. Act on the Management of Name and Address Data for the Purpose of Research and Direct Business Acquisition
• CVIII of 2001. law. on certain aspects of electronic commerce services and information society services
• 2008 XLVIII. Act on the Basic Conditions and Certain Restrictions of Economic Advertising
• 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information
• Regulation 2016/679 / EU of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46 / EC

The Data Controller undertakes to unilaterally comply with these regulations and requests – in a notice available on its website – that its clients also accept the provisions of the regulations. The Data Controller reserves the right to change its privacy policy. If the rules are amended, the updated text will be made public.

2. INTERPRETATIVE PROVISIONS

In our policy, the terms data protection have the following meaning:

– data set: the totality of the data managed in one register;

– data processor: a natural or legal person or an organization without legal personality who, on the basis of a contract, including a contract concluded on the basis of a provision of law, processes data;

– data controller: the body performing a public task which has produced data of public interest which must be published by electronic means or in the course of the operation of which this data has been generated;

– data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or aggregation, blocking, erasure and destruction, and to prevent further use of the data, to take photographs, sound or images, and to record physical characteristics (eg fingerprints or palm prints, DNA samples, irises) that can be used to identify the person;

– data controller: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used) or implements it with the data processor;

– informant: the body performing a public task which, if the data controller does not publish the data itself, publishes the data provided to it by the data controller on a website;

– data designation: the identification of the data in order to distinguish it;

– data transfer: making the data available to a specific third party;

– erasure of data: making the data unrecognizable in such a way that it is no longer possible to recover it;

– data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.

– data blocking: the identification of data to limit their further processing definitively or for a specified period of time;

– criminal personal data: personal data obtained during or before criminal proceedings in connection with a criminal offense or in connection with criminal proceedings, bodies authorized to conduct criminal proceedings or to detect criminal offenses and the organization of penitentiary, personal data relating to the data subject and criminal record;

– EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area, as well as the State of which the European Union and its Member States are nationals and the Agreement on the European Economic Area

enjoys the same status as a national of a State party to the Agreement on the European Economic Area under an international agreement concluded between a non-State Party;

– data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;

– third country: any non-EEA state;

– third party: any natural or legal person, or any entity without legal personality, who is not the same as the data subject, controller or processor;

– consent: a voluntary and firm expression of the data subject’s will, based on adequate information, giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;

– Mandatory organizational rules: internal data protection rules binding on the controller or group of controllers, adopted by the controller or group of controllers operating in several countries, including at least one EEA State, and approved by the National Data Protection and Freedom of Information Authority (hereinafter: the Authority). , which ensures the protection of personal data in the event of a transfer to a third country through a unilateral commitment by the controller or group of controllers;

– public data in the public interest: all data which do not fall within the concept of data of public interest, the disclosure, acquaintance or making available of which is required by law in the public interest;

– special data:

• personal data concerning racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,
• personal data on health status, pathological passion and criminal personal data;

– disclosure: making the data available to anyone;

– personal data: data which may be contacted by the data subject, in particular his or her name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion which may be drawn from the data subject;

– protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;

• personal data concerning racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,
• personal data concerning racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,

-data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

-data destruction: complete physical destruction of the data carrier;

• personal data on health status, pathological passion and criminal personal data.
• personal data on health status, pathological passion and criminal personal data;

-public interest data: information or knowledge recorded in any way or form, not covered by the concept of personal data, in the management of a body or person performing a state or local government task or other public task specified by law and related to its activities or public task, regardless of its treatment information on the nature, autonomous or aggregate nature of the data, including in particular competence, competence, organizational structure, professional activity, evaluation of its effectiveness, the types of data held and the legislation governing the operation, as well as information on management and contracts;

3. PRINCIPLES OF DATA MANAGEMENT

Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. At all stages of data processing, it must be appropriate to the purpose of the data processing, and the recording and processing of data must be fair and lawful.

Only personal data that is necessary for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.

Personal data retains this quality during data processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for the restoration.

The data management line

The accuracy, completeness and, where necessary, the up-to-dateness of the data must be ensured and that the data subject can only be identified for the time necessary for the purpose of the processing.

The processing of personal data shall be considered fair and lawful if, in order to ensure the data subject’s freedom of expression, the data subject visits the data subject’s place of residence or stay, provided that the data subject’s personal data are processed in accordance with this law. is aimed at. A personal request may not be made on a public holiday in accordance with the Labor Code.

Personal data may be processed if the data subject consents to it or if it is ordered by law or – on the basis of the authorization of law, within the scope specified therein – by a decree of a local government for a purpose based on the public interest (mandatory data management).

Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. It must meet this purpose at all stages of data management.

Only personal data that is essential for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed only to the extent and for the time necessary for the realization of the purpose.

Personal data may be transferred and the various data processing operations may be combined if the data subject has consented to it or is permitted by law and if the conditions for data processing are met for each personal data.

Personal data may be transferred from the country to a controller or processor in a third country, regardless of the medium or method of data transmission, if the data subject has expressly consented to it or is permitted by law, and in the handling or processing of the transferred data in the third country. an adequate level of protection of personal data is ensured.

In the case of mandatory data processing, the purpose and conditions of data processing, the scope and familiarity of the data to be processed, the duration of data processing and the identity of the data controller are determined by the law or local government decree ordering data processing.

The law may, in the public interest, order the disclosure of personal data by explicitly indicating the scope of the data. In all other cases, disclosure requires the consent of the data subject and, in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his consent.

The consent of the data subject shall be deemed to have been given in respect of the data communicated by him or her in the course of his or her public participation or for the purposes of disclosure.

In proceedings initiated at the request of the data subject, his or her consent to the processing of his or her necessary data shall be presumed. This fact must be brought to the attention of the data subject.

The data subject may also give his / her consent in the framework of a written contract concluded with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all the information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of data processing, the purpose of use, data transfer and data processor use.

The contract must state unequivocally that, by signing, the data subject consents to the processing of his or her data as specified in the contract.

The right to the protection of personal data and the privacy rights of the data subject – unless otherwise provided by law

– other interests relating to the processing of data, including the disclosure of data of public interest, must not be prejudiced.

4. FUNDAMENTALS OF DATA MANAGEMENT

In all cases, the processing of personal data by the Data Controller is based on law or voluntary consent. In some cases, the data processing, in the absence of consent on other legal grounds or in accordance with Act CXII of 2011. rests on § 6 of the Act.

The Data Controller uses the assistance and services of the following Data Processors for its activities:

Booking:

Company name: Farfade –Stark Kft

Registered office: 1072 Budapest XII.u.25.

Company registration number: 01-09-963479

Tax number: 23392380-2-42

Transport:

Company name: Csapó 67 Bt

Headquarters: 2310 Szigetszentmiklós Határ út 3367/2

Company registration number: 13 06 054624

Tax number: 28494748-2-13

Scope of data transmitted:

customer name

His e-mail address

shipping address

billing address

phone number

Purpose of data transmission: (eg delivery of the product, collection of cash on delivery)

If the invoice is issued by another enterprise on behalf of and in the name of the enterprise

Name of the authorized company:

Headquarter :

Company registration number:

Tax number a

Scope of transmitted data: Customer’s name, billing address with postcode, name, quantity, unit price of the purchased product.

The purpose of the data transfer is to issue an invoice

For website visitor data

The Data Controller sees the websites operated by him

does not record the user’s IP address or any other personal information.

The html code of the websites operated by the Data Controller may contain independent links from and to an external server for web analytical measurements. The measurement also includes conversion tracking. The web analytics service provider does not handle personal data, only data related to browsing, which is not suitable for identifying individual individuals.

Currently, web analytics services are provided by. Performed by Google Analytics.

The description of the data protection technical solution through the Facebook and Google AdWords advertising systems of the Data Controller is the so-called runs remarketing ads. These service providers may use cookies, web beacons and similar technologies to collect or receive data from the Data Controller’s website and other Internet sites. Using this data, they provide measurement services and target ads: these can appear on additional websites in the Facebook and Google partner networks. Remarketing lists do not contain the visitor’s personal data and are not suitable for personal identification.

You can delete the use of cookies from the user’s own computer or disable their application in their browser. These options are available depending on the browser, but are typically available in Settings / Privacy.

For more information about Google’s and Facebok’s privacy policy, please visit:

http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/

Newsletter (example of technical data security solutions)

The Data Controller normally delivers online newsletters and electronic direct marketing messages containing news, news and business offers to subscribers (also known as VIP members) of the websites it operates, but not more than twice a week. To subscribe to the newsletter, you must provide a name and email address, which is essential for delivering messages.

The data will be processed until the data subject requests its deletion. The option to unsubscribe is provided by a direct link in each newsletter. The user is responsible for the authenticity of the personal data provided.

The Data Controller shall protect the data in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage. The Data Controller, together with the server operators, is technical, organizational and organizational

measures to ensure the security of the data, providing a level of protection commensurate with the risks associated with the processing.

Duration of data management, deadline for deleting data: Immediately by deleting the registration. Except in the case of accounting documents, subject to Section 169 (2) of Act C of 2000 on Accounting, which requires these data to be retained for 8 years.

The accounting document (including the general ledger accounts, analytical and detailed records) directly and indirectly supporting the accounting records must be kept in a legible form for at least 8 years, retrievable by reference to the accounting records.

Identity of potential data controllers entitled to access the data: Personal data may be processed by the data controller’s staff within the framework of the above principles.

5. SECURITY OF DATA PROCESSING

The website is operated by MAXER HOSTING Information Technology Limited Liability Company

Company: MAXER HOSTING Kft.

Headquarters: 9024 Győr, Répce utca 24. 1. em. 3.

Company tax number: 13670452208

E-mail address: info@maxer.hu

The Data Controller shall protect the data in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage. The Data Controller, together with the server operators, ensures the security of the data with technical, organizational and organizational measures that provide a level of protection appropriate to the risks associated with data management.

6. RIGHTS OF STAKEHOLDERS

The data subject may request information on the handling of his / her personal data, as well as request the correction or, except for statutory data processing, the blocking or deletion of his / her personal data at the link in the footer of the newsletters or at any contact of the Data Controller.

At the request of the data subject, the Data Controller shall provide information on the data processed by the data subject or processed by the data controller by him or her, their source, purpose, legal basis, duration, name, address and activities related to data processing, circumstances of the data protection incident. , its effects and the measures taken to remedy it, and, in the case of transfers of personal data of the data subject, the legal basis and the recipient of the transfer.

As much as

the Data Controller has an internal data protection officer, through the internal data protection officer, to keep records for the purpose of monitoring the measures related to the data protection incident and for informing the data subject, which shall contain:

• the scope of the personal data concerned,
• the number and number of people involved in the data protection incident,
• the date, circumstances, effects and remedial action of the data protection incident; and
• other data specified in the legislation prescribing data management.

In order to verify the lawfulness of the data transfer and to inform the data subject, the data controller shall keep a data transfer register containing the date of transfer of personal data processed by him, the legal basis and recipient of the data transfer, the definition of the transferred personal data

The duration of the obligation to keep the data of the data protection and data transfer register – and on this basis the information – may be limited by the legislation prescribing data management. Within this limitation, a period of less than five years may be set for personal data and twenty years for specific data.

The Data Controller is obliged to provide the information in writing in a comprehensible form as soon as possible after the submission of the request, but no later than within 25 days, upon the request of the data subject. This information is free of charge if the person requesting the information has not yet submitted a request for information to the data controller for the same data set in the current year. In other cases, reimbursement may be established. The amount of the reimbursement may also be fixed by the contract concluded between the parties. Reimbursement of costs already paid shall be reimbursed if the data have been processed unlawfully or if a request for information has led to a correction. The Data Controller is obliged to correct personal data that does not correspond to reality.

Personal data is deleted by the Data Controller if its processing is unlawful, requested by the data subject, incomplete or incorrect – and this condition cannot be legally corrected – provided that deletion is not precluded by law if the purpose of data processing has ceased. expired or ordered by a court or the Data Protection Commissioner.

It shall notify the data subject of the rectification and erasure, as well as to all persons to whom the data have previously been transmitted for data processing purposes. The notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the processing.

The data subject may object to the processing of his / her personal data if the processing (transfer) of personal data is only necessary to enforce the right or legitimate interest of the data controller or the data recipient, unless the data processing is required by law, the use or transfer of personal data or for the purpose of scientific research, the exercise of the right to protest is otherwise permitted by law.

With the simultaneous suspension of data processing, the Data Controller is obliged to examine the protest as soon as possible, but not later than within 15 days from the submission of the request, and to inform the applicant in writing of the result. If the protest is justified, the data controller is obliged to terminate the data processing, including further data collection and data transfer, and to block the data, as well as to notify all persons to whom the protested personal data have previously been transferred and who are obliged to take measures to enforce the right to protest.

The data controller is only exceptionally informed – the CXII. Act may refuse in the cases specified in Section 9 (1) and Section 19. In this case, the Data Controller shall notify the data subject in writing on the basis of which provision of this Act the refusal to provide information was made. In the event of a refusal to provide information, the controller shall inform the data subject of the judicial remedy and of the request to the Authority.

The controller shall notify the Authority of rejected applications by 31 January of the year following the year in question. In the event of a breach of his or her rights, and the Data Controller informs the complainant of this fact, he or she may file a lawsuit against the Data Controller in court or with the Data Protection Authority. Remedies and complaints can be used at the following contacts:

Name: National Data Protection and Freedom of Information Authority Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c.

Phone: 06- 1-391-1400

Fax: 06-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: www.naih.hu