Thank you for your interest in our website and webshop. This Data Protection Notice is provided by Béla Borászati Kft. (registered office: 6238 Imrehegy, Szarkás 56., tax number: 12793880-2-03, company registration number: 03-09-109637), as data controller (hereinafter referred to as the Data Controller) available on the website www.belaboraszat.hu domain (hereinafter referred to as the “Website”).
contains information related to the data management of the webshop located there (hereinafter: webshop). In connection with the processing of data, the Data Controller hereby informs the Users using the Website, the Customers and other data subjects (hereinafter collectively: User) about the personal data he/she manages on the Website, the principles and practices followed by the processing of personal data, the organizational and technical measures taken to protect personal data and the possibilities for exercising the rights of the User concerned. In all cases, the
Data Controller handles the personal data disclosed by the User in accordance with the applicable Hungarian and European laws and this Data Protection Notice in compliance with ethical requirements, respecting the User’s right to privacy and privacy. The Data Controller is committed to the protection of the User’s personal data, and considers it very important to respect the informational self-determination rights of the Users of the Website. The provider shall keep the personal data confidential and shall take all security, technical and organisational measures to ensure the security of the data. If you have any questions that are not clear on the basis of this Privacy Policy, please write to or . By using the Website, the User accepts the provisions of the Privacy Policy and consents to the data management specified below. The Service Provider is entitled to modify this Data Management unilaterally.
The amended provisions shall become effective by posting on the Website. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), B. on the right of informational self-determination and freedom of information Act CXII of 2011 (hereinafter: Info Act), C. Act C of 2000 on Accounting; D. Act V of 2013 on the Civil Code (Civil Code); E. Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Elker) . tv.)
1. Personality of the Data Controller: Béla Borászati Kft. Registered office: 6238 Imrehegy, Szarkás 56. Tax number: 12793880-2-03 Company registration number: 03-09-109637 E-mail address: , or Phone number: +36 20 938 6161
Hosting provider: Name: Inteligent Computer Kft. Mailing address: 6725 Szeged, Katona József utca 7. E-mail address: Phone number: 06/62 492-020
2. Personal data means any information relating to a specific (identified or identifiable) natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to a natural person’s physical, physical or physical activity. can be identified on the basis of one or more factors relating to the genetic, genetic, mental, economic, cultural or social identity. Personal data will retain this quality during data processing as long as its relationship with the data subject can be restored. Data Subject/User: any natural person identified or identifiable, directly or indirectly, on the basis of specific personal data. Consent of the data subject/User is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Objection: a statement by which the data subject objects to the processing of his or her personal data and requests the termination of the data processing or the deletion of the processed data. Controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Data transfer: making the data available to a specific third party. Disclosure: making the data available to anyone. Data deletion: making the data unrecognizable in such a way that it is no longer possible to restore it. Data destruction: complete physical destruction of the data-containing media. Data processing: performing technical tasks related to data processing operations, irrespective of the method and device used to carry out the operations, as well as the location of the application, provided that the technical task is performed on the data. Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Third party/third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. Personal data breach: any breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorised access to personal data transmitted, stored or otherwise processed.
3.
1. the processing of personal data lawfully, fairly and transparently to the data subject (“legality, fairness and transparency”);
2. the personal data shall only be collected for a specific, unambiguous and legitimate purpose and shall not be processed in a manner incompatible with these purposes (“purpose limitation”);
4. Ensure that the personal data are accurate and, where necessary, up-to-date and that all reasonable measures are taken to ensure that the personal data that are inaccurate for the purposes of the processing are immediately deleted or rectified (“accuracy”);
6. the personal data are processed in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). character).
4,. The purpose and legal basis of data management We inform you that the use of the Website, registration and ordering of your personal data from the Webshop is voluntary. If the User does not wish to provide personal data, this does not have any consequences other than the fact that the User is not able to use our services to a limited extent.
The personal data provided on the Website and in the Webshop will only be retained for as long as is necessary to achieve the purpose for which the Data Controller processes the data. Where retention periods provided for by commercial and tax legislation are to be taken into account, the retention period may extend to up to 10 years for certain data. There may be a different retention period due to the protection of the legitimate interests of the Data Controller (e.g., the preservation of data security, the prevention of unauthorized use of the data, or the conduct of proceedings against offenders). The Service Provider does not verify the authenticity of the personal data provided to it. The user is solely responsible for the adequacy and authenticity of the data provided. When entering the e-mail address of any User, he/she assumes responsibility for the fact that he/she only uses the service from the given e-mail address, or that unauthorized persons do not have access to it. With regard to this responsibility, any liability associated with access to a given e-mail address shall only be borne by the User who provided the e-mail address. Legal basis for data processing pursuant to GDPR: • the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (Art. 6 para. 1 lit. a GDPR) • the processing is necessary for the performance of a contract (Art. 6 para. 1 lit. b GDPR). the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Art. 6 (1) (f) GDPR).
The purpose and legal basis of data processing on the Website is to visit our website and to use our online services. The IP address used by the User’s device (such as a computer or mobile phone), the date and time, the type and operating system of the device’s browser, and the pages visited are recorded. Data is collected in order to optimize and improve data security and our online services. In this case, the legal basis for data processing is Art. 6 (1) (f) GDPR and the Info tv. Section 6 (1) b), i.e. the legitimate interest of the Data Controller is the enforcement of the Data Controller, as it is the legitimate interest of the Data Controller to protect its Website and to develop its services for Users. In addition, personal data will only be processed and stored if the User voluntarily discloses them, such as during registration, on the basis of his consent or for the purpose of fulfilling a contract. The Data Controller has taken appropriate technical precautions to ensure that the data is protected from unauthorised access when logging in to the registration or other services.
A) During registration on the Website, the following data must be provided to the Service Provider: 1. primarily the user’s e-mail address, 2. password to be used Before submitting the registration, the User must declare that he/she has become familiar with the provisions of this Privacy Policy and the General Terms and Conditions, with which he/she fully agrees and consents to the processing of his/her data. By entering the e-mail address alone, the User consents to the Data Controller to send only technical e-mail messages to him or her. The personal data provided can be changed after entering the User Account, which you can change in the “Account Data” menu item. The personal data provided during registration will only be processed for the purpose of creating and maintaining your User Account if you have given your consent to data management. The legal basis for data processing is Art. 6 (1) (a) GDPR and the Info. tv. Section 5 (1) a) provides in this case. The provision of personal data is not mandatory and the provision of personal data is not necessary for the fulfilment of legal or contractual requirements. If the User does not provide us with his/her personal data, it does not have any consequences for the User, only that the User Account registered on the Website is not created for the User. The personal data provided by the User during registration will only be stored until the User Account is terminated. You can delete your user account by clicking on the … link, and then select the Delete Personal Data button here. If you terminate your account in the above manner, your personal data will be deleted without undue delay. Please note that after termination you will no longer be able to use your User Account, it cannot be restored. The deletion of the User Account and the deletion of the personal data provided in this respect shall not affect the processing of the User’s other data on the basis of consent or other legal basis. The Data Controller – in addition to the above – deletes the data from the system after written request of the User or after 5 years of user inactivity, in other cases it takes until your consent is withdrawn.
B) Personal data provided during the use of our webshop The webshop located at www.belaboraszat.hu can be used without registration, the products shown in the webshop can also be ordered as unregistered Users. To complete the order, you must provide the following data: 1. first name, 2. surname, 3. address (country, postal code, county, local name, street, house number), 4. phone number, 5. e-mail address. If you request to deliver the ordered product to a shipping address other than your address, you must provide the delivery address and the following data: 1. first name, 2. surname, 3. shipping address (country, postal code, county, local name, street, house number). The e-mail address is required for the confirmation of orders placed in the Webshop and for other contacts. The personal data provided during the order is processed in the Webshop for the purpose of identifying the orders, delivering the products, i.e. concluding a contract with the User and fulfilling the concluded contract. The legal basis for data processing in this case is Art. 6 (1) (b) GDPR. The provision of personal data is voluntary, but in order for a contract to be concluded between the Data Controller and the User and the Data Controller to perform it properly, the User must provide the personal data listed above. It is not possible to process your order without the User’s personal data and the contract cannot be concluded either. The data will be retained for 5 years after the Civil Code’s general limitation period, i.e. the performance of the contract.
C) Data processing in relation to the issue of an invoice The purpose of data processing in this case is to issue an invoice in accordance with the law and to fulfil the obligation to keep the accounting document. It’s S.T.D. Pursuant to Subsections (1) and (2) of Section 169, companies shall keep an accounting document supporting the accounting account directly and indirectly. The legal basis for the processing and storage of the User’s personal data on the basis of a statutory obligation and the transmission to the authorities is Art. 6 para. 1 lit. c GDPR, the Info tv. § 5 (1) b) and CXXVII of 2007 on value added tax. § 159 (1) and § 169 (2) of Act C of 2000 on Accounting. The bills are issued by the Statute. Pursuant to Paragraph (2) of Article 169, the invoice shall be retained for 8 years from the date of issue of the invoice. Please note that if you withdraw your consent to the issuing of the invoice, the Data Controller is Infotv. Pursuant to Subsection (a) of Subsection (5) of Section 6, you have the right to keep the personal data you know during the issuance of the invoice for 8 years.
D) Data processing related to the delivery of goods If the User and the Data Controller conclude a contract, the User’s data is provided by the courier service located in the Transport Information (who processes the User’s data in a Data Processing capacity, see section 6) in order for the Data Controller to be able to deliver the product ordered by the User on behalf of the Data Controller. This processing is necessary for the performance of a contract with the User and is based on Art. 6 (1) (b) GDPR. The courier service shall process and store the User’s personal data only until the delivery of the ordered goods, unless the law provides for the further storage of the User’s data by the courier service for the provision of data to the authorities (e.g. tax authority). Any User may subscribe to our newsletter on the Website during or after the registration of the User Account. If the User has subscribed and consented to receive newsletters, the User will receive an e-mail message from the Controller to the e-mail address provided. The processing of personal data provided during registration or for the purpose of sending the newsletter to the e-mail address of the User shall take place if the User has given his or her consent to the processing. The legal basis for data processing is Art. 6 (1) (a) GDPR and the Info tv. Section 5 (1) (a) provides. The purpose of sending the newsletter and the processing of the User’s data in this context is to notify the Users of the promotions and other important information introduced on the Website. Your personal data processed in connection with the newsletter will only be stored until you unsubscribe from the newsletter by clicking on the “Unsubscribe” link at the bottom of our newsletters or by e-mail at or . If the User unsubscribes, the personal data that he provided during the newsletter subscription will be deleted without undue delay. Please note that after the deletion of your personal data you will not receive any more newsletters or discount notices from the Data Controller or the Online Store. The processing process is carried out in order to manage the warranty claims. If you submit a warranty claim to the Controller, the processing and the provision of data is essential for examining the claims and, in the event of their legality, fulfilling them. The Data Controller manages the name, address, telephone number, e-mail address of the User/Buyer and any other data provided by the User in his/her application. The legal basis for the processing is Article 6(1)(b) of the GDPR, i.e. the processing is necessary for the performance of the contract. The warranty claims and the personal data contained therein shall be retained for 5 years pursuant to Section 17/A (7) of Act CLV of 1997 on Consumer Protection.
G) Cookies and tracking on the Website are used by the Data Controller in order to make your visit to the Website and the Webshop more favourable and to allow you to use certain features called “cookies”. These are small text files that are stored on the User’s device. Some of the cookies used by the Data Controller are deleted after the end of the browsing, i.e. by closing the browser (so-called temporary cookies). Other cookies remain on the User’s device and allow the Data Controller to recognize the User’s browser on the next visit (permanent cookies). You can set your browser so that you are informed about the placement of cookies and decide whether you accept cookies or, in certain cases, refuse cookies in general. Find more information in your web browser Help Center. If the User does not accept cookies, the usability of the Website and the Store may be limited, some functions may be inaccessible. If the User uses various tools to view and access the Website and the Web Store (e.g., computer, smartphone, tablet, etc.), please make sure that each browser on these devices has been configured according to your user needs. By accepting the “cookie information” that pops up on the first day of your visit to the Website, the User consents to the processing of data through cookies. The legal basis for data processing is Art. 6 (1) (a) GDPR and the Info tv. Section 5 (1) (a) provides. The Data Controller uses Google Analytics, a web analytics service provided by Google Inc. (“Google”), which uses cookies in the course of its operation. The information generated by the cookie about your use of the website is transmitted to a Google server and stored there. On behalf of the operator of this website, Google will evaluate your use of the website on the basis of this information and generate reports on website activity and provide further services related to website and internet usage to the controller. By selecting the appropriate settings on your browser, you may refuse the use of cookies, as well as forbid Google to collect and process the data generated by cookies and relating to your use of the website (including your IP address). To do so, download and install the plug-in on the following link: https://tools.google.com/dlpage/gaoptout?hl=en
H) Revocation of consent Please note that if the processing is based on point (a) of Article 6(1) of the GDPR (data processing based on the consent of the data subject), the consent is any can be withdrawn at the time. The withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent before the withdrawal. The withdrawal of consent may be made in writing through the contact details of the Data Controller indicated in section 1.
6. The Data Controller may transfer the data to the following recipients: – Employees and employees of the Data Controller – currently none, if in the future, this Privacy Policy will be updated; – Contracted courier service (Processor); – Accounting office (Processor); – authorities, court, supervision. To the above addressees, the Data Controller shall only provide the data that are absolutely necessary and justified for the performance of the tasks.
a) Data controller1: Accounting – accounting related data processor Name of data processor: György-Barabás Ágnes Individual Entrepreneur Seat of data processor Seat: 6237 Kecel, Soltvadkerti utca 33/1. Phone number of the data processor: 06/78 890 582 Individual Entrepreneur registration number: 6669784 The Data processor shall contribute to the accounting of accounting documents in accordance with the conditions of the written contract concluded with the Data Controller and the confidentiality clause. In doing so, the Data Processor shall have the name and address of the data subject at the level necessary for the accounting records of the Statute.
b) Data processing related to the delivery of the order Data processor Name of the data processor: Magyar Posta Zrt. Seat of data processor: 1138 Budapest, Dunavirág utca 2-6. The data processor’s telephone number: MPL – Magyar Posta Logistics – 06/1 333 7777 The data processor’s e-mail address: The Data processor contributes to the delivery of the ordered goods on the basis of the contract concluded with the Data Controller. In doing so, the Data Processor may manage the customer’s name, address and telephone number and e-mail address by the end of the calendar year following the postal delivery, and shall immediately delete it thereafter. Seven. The duration of data processing shall be processed by the Data Controller for as long as the claim in connection with the concluded contract can be enforced or a statutory retention obligation is required, or in the case of data processing based on consent until the consent of the data subject is withdrawn. The bills of the purchase are issued by the Sztv. Pursuant to Paragraph (2) of Article 169, the invoice shall be retained for 8 years from the date of issue of the invoice. Please note that if you withdraw your consent to the issuing of the invoice, the Data Controller is Infotv. Pursuant to Subsection (a) of Subsection (5) of Section 6, you have the right to keep the personal data you know during the issuance of the invoice for 8 years. In other cases, the personal data will be retained for the strictly necessary period of time, which periods can be found above each data processing. In addition, the data subject has the possibility of objecting to this processing. Eight. In connection with the processing of the rights of the data subject If you, as a data subject, wish to exercise your rights under the GDPR and the Info Act, you can contact the Data Controller at any time via the contact details set out in section 1, to which you do not have to fill out any form. You have the following rights:
1. Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her by the European legislator, or by the European legislator, in accordance with Article 15(1) of the GDPR. If necessary, taking into account the complexity of the application and the number of requests, this deadline may be extended by a further two months. The extension of the deadline shall be communicated to the data subject within one month of receipt of the request, indicating the reasons for the delay. If the data subject has submitted the request by electronic means, the information shall be provided as far as possible by electronic means, unless otherwise requested by the data subject. In connection with data management, requests for information may be submitted on the contact details of the Data Controller specified in section
1. The Data Controller is ready to provide the staff with information on data management. If the Controller does not take action on the request of the data subject or refuses to comply with the request, he or she shall inform the data subject without delay, but at the latest within one month of receipt of the request, of the reasons for failure to act and of the possibility of submitting a complaint to a supervisory authority and of exercising his or her right of judicial remedy.
2. Each data subject shall have the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to personal data and the following information: the existence of the right to request from the data subject rectification, erasure, blocking or restriction of processing of personal data concerning the data subject, or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
3. Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4,.Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay. the personal data concerning him or her, and the controller shall have the obligation to erase the personal data concerning him or her without undue delay where required by law.
5. Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies, as long as the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. whether the legitimate grounds of the controller override those of the data subject.
6. Each data subject shall have the right granted by the European legislator to obtain from the controller the personal data concerning him or her in a structured, commonly used, machine-readable format, or to request the transfer of this data to another controller (Article 20 of the GDPR).
7, Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her for such marketing. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her for such marketing. b) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
8. You have the right to withdraw your consent at any time in order to terminate the processing carried out on the basis of your consent. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal (right to withdraw consent, Art. 7 GDPR), 9. The right to lodge a complaint with a supervisory authority if you consider that the processing is contrary to the provisions of a law (right to complain to a supervisory authority, Art. 77 GDPR).
9. As a data subject, you have the following legal remedies regarding the processing of your personal data:
A. You can request further information on the processing of your personal data at the contact details of the controller specified in section 1.
B. You can file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).
Contact details of NAIH: Address: 1125 Budapest, Széchenyi Erzsébet fasor 22/c., Tel.: +36-1-391-1400, Fax: +36-1-391-1410, Internet: www.naih.hu, E-mail:
C. In addition to the initiation of the NAIH procedure, the data subject has the possibility to take legal action in order to enforce the law. You can file a lawsuit before the court of your place of residence or place of residence, more information about this can be found on the www.birosag.hu website. If the Data Controller causes damage to others by unlawful processing of the data of the data subject or by breach of the requirements of data security, he/she is obliged to reimburse it. If the Data Controller violates the data subject’s right to privacy by unlawful processing of the data of the data subject or by breaching the requirements of data security, the Data Subject may request damages from the Data Controller. The Data Controller is liable for the damage caused by the Data Processor and the Data Controller is also obliged to pay the data subject for the damages caused by the Personal Infringement of the Data Processor. The Data Controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the violation of the data subject’s right of personality was caused by an unavoidable reason outside the scope of data management. There is no need to compensate for the damage and no damage to the extent that the damage resulted from the intentional or grossly negligent conduct of the person concerned.
10. In the interests of data security, the Data Controller protects the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, as well as from inaccessibility due to changes in the applied technology. The Data Controller shall keep the data confidential and take all security, technical and organizational measures that guarantee the security of the data. The Data Controller shall keep the paper-based documents at its registered office in a closed location and only those employees who are authorized to do so under this policy shall have access to the data. The electronically recorded and stored data are stored in the closed IT systems of the Data Controller. Please note that the Data Controller does not perform automated decision-making and profiling at the moment. Please note that you are not a data protection officer at the Data Controller, because you are not subject to Article 37 of the GDPR. The Data Controller does not transfer the data outside the European Union (third country) and to international organisations.