I

PRIVACY POLICY

 

contents

 

1. What is the purpose of the prospectus ?. 2

2. Data controller data. 3

3. What data management processes take place on the Website ?. 3

4. What rights do Users have ?. 9

5. Our procedure for requesting the exercise of rights. 11

6. Possible recipients of personal data, data processors. 12

7. Data security. 14

8. Cookies 15

9. Other provisions .. 17

Annexes 10. 19

 

1. What is the purpose of the prospectus?

 

We accept this Prospectus for the purpose of communicating all relevant information and information to the representatives of natural and legal persons using our services (hereinafter: Users) in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible form, and to assist the Clients in the exercise of their rights under point 4.

Our information obligation is based on Regulation (EU) 2016/679 of the European Parliament and of the Council applicable from 25 May 2018. Article 12 of Decree CXII of 2011 on the right to self-determination and freedom of information (hereinafter: GDPR ). (hereinafter: Infotv. ), and Act CVIII of 2001 on certain issues of electronic commerce services and information society services. § 4 of the Act ( Elkertv. ).

 

 

The Prospectus has been prepared taking into account the GDPR, the Infotv., As well as other legal acts relevant to individual data processing. The legislation is listed in Annex 1 of the Prospectus and the most important terms are described in Annex 2.

In developing and applying this prospectus, we have acted in accordance with the findings of the Recommendation to the National Data Protection and Freedom of Information Authority on prior data protection requirements and Article 5 of the GDPR, in particular the principle of accountability in Article 5 (2).

 

2. Data controller data

 

Name

Ildikó Renáta Nagy

Website

www.reneerichardson.net

Nyilv.szám

54880995

headquarters

1215 Budapest Ady Endre út 43 6/25

Tax number

56245730-1-43

E-mail

renee.richardson.shop@gmail.com

phone number

+36706253892

 

3. What data management processes take place on the Website? [Gdpr1]

 

In this section, we detail the essential circumstances for each data controller that the GDPR and other sectoral legislation expects of all data controllers.

 

3.1. Data management related to newsletter sending

 

In order to provide visitors to our Website with up-to-date information, it is possible to subscribe to our newsletter. The following information applies to data management in this regard:

 

3.1.1. Purpose of the personal data processed and data management

personal data

purpose of data management

name

by specifying this, we can address the User in our newsletter

e-mail address

by entering this, we get to know the User's electronic contact, to which we can send our newsletter

 

 

3.1.2. Legal basis for data management

The User's consent (Article 6 (1) (a) of the GDPR and Section XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities). Act (hereinafter: Grt. ) § 6 (1)).

 

3.1.3. Duration of data management

The personal data provided will be processed until the consent is withdrawn. The User may withdraw his consent at any time by clicking on the "Unsubscribe" button in the sent letter.

 

3.1.4. Method of data management

In electronic form.

 

3.2. Contact data management

 

You can contact us through our website for any purpose. Details of the related data management are shown below.

 

3.2.1. Purpose of the personal data processed and data management

personal data

purpose of data management

name

User identification

e-mail address

contact the User

phone number

contact the User

 

3.2.2. Legal basis for data management

Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1) and (3).

 

3.2.3. Duration of data management

For 1 year after contact.

 

3.2.4. Method of data management

In electronic form.

 

 

3.3. Order data management

 

It is possible to order various products on our website. The related data management is described in this section.

 

3.3.1. Purpose of the personal data processed and data management

 

personal data

purpose of data management

name

during the fulfillment of the order, we can identify the customer of the product by providing the name

address (postal code, city, street name, house number together)

we can send the ordered product by post to the given address

phone number

contacting the customer and informing them about the details of the order

e-mail address

contacting the customer and informing them about the details of the order

 

3.3.2. Legal basis for data management

Performance of a contract to which the Data Controller and the User are parties (Article 6 (1) (b) GDPR)

If the customer is a legal entity, the legal basis for the processing of the above-mentioned personal data of its contact person is the legitimate interest of the controller and the customer (Article 6 (1) (f) GDPR). It is in the legitimate interest of both parties to communicate effectively during the order process and to provide each other's designated representative with information on any material circumstances affecting the contract between us. The infringement of the customer's contact person's right to information self-determination cannot be established, because it is his job or contractual obligation to facilitate communication between the parties and to provide his personal data for this purpose.

 

3.3.3. Duration of data management

Subject to Act V of 2013 on the Civil Code ( Civil Code ) 6:22. § (1), for the above purposes, we will store the personal data provided for 5 years after the fulfillment of the order.

3.3.4. Method of data management

In electronic form.

 

3.3.5. Provision of personal data

Given that we cannot fulfill orders without knowing the personal data in this section, the provision of personal data is a precondition for concluding a contract.

 

3.4. Invoice data management

 

After the fulfillment of the orders, we issue an accounting document in accordance with Act C of 2000 on Accounting (hereinafter: the Act ). Details of the related data management are shown below.

 

3.4.1. Purpose of the personal data processed and data management

personal data

purpose of data management

name

supporting the accounting for the execution of the order (economic event)

address / registered office of the sole proprietor (postal code, city, street name, house number together)

supporting the accounting for the execution of the order (economic event)

 

3.4.2. Legal basis for data management

Subject to statutory data management (Article 6 (1) (c) of the GDPR, Info tv. Section 5 (1) b) and the Act no. Section 166 (1) - (3)).

 

3.4.3. Duration of data management

For 8 years after the issuance of the accounting document, subject to Section 166 (6) of the Act, Section 169 (1) of the Act

 

3.4.4. Method of data management

In electronic form.

 

3.4.5. Provision of personal data

Due to the fact that we cannot issue an accounting document without knowing the personal data in this section, the provision of personal data is based on law.

 

3.5. Customer service data management

 

We maintain customer service on our Website in order to answer the Users' questions and to investigate any complaints.

 

3.5.1. Purpose of the personal data processed and data management

personal data

purpose of data management

name

User Identification

e-mail address

providing contact and information to the User

phone number

providing contact and information to the User

 

3.5.2. Legal basis for data management

Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) (b) and the CLV of 1997 on consumer protection. Act ( Fgytv. )

 

3.5.3. Duration of data management

Fgytv. 17 / A. § (7) for 5 years from the receipt of the complaint.

 

3.5.4. Method of data management

In electronic form.

 

3.6. Data management related to registration

You can register on our website for various discounts (faster ordering, recording multiple shipping addresses, viewing order history, tracking order status, using wish list [Gdpr2] ). Details of the related data management are shown below:

 

3.6.1. Purpose of the personal data processed and data management

personal data

purpose of data management

name

User identification

Home address

providing additional information for orders

e-mail address

contact with the User

phone number

contact with the User

password

performing technical operations

 

3.6.2. Legal basis for data management

Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1)

 

3.6.3. Duration of data management

Until deleted at the request of the User. If the User does not use his account, his profile will be deleted 5 years after the last order.

 

3.6.4. Method of data management

In electronic form.

 

3.7. Data management related to gift vouchers

 

On our website, Users have the opportunity to purchase and redeem gift vouchers for third parties (Recipients). Details of the related data management are shown below:

 

3.7.1. Purpose of the personal data processed and data management

personal data

purpose of data management

User name

User identification

User email address

contact with the User

Recipient's name

Recipient identification

Recipient's e-mail address

delivery of the voucher to the Recipient

 

3.7.2. Legal basis for data management

With regard to the User, our data management is based on law; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1).

With regard to the Recipient, our data processing is based on various legitimate interests (Article 6 (1) (f) GDPR); we have a legitimate interest in the User successfully gifting the Recipient with the voucher. Without the knowledge of the Recipient's personal data, we would not be able to provide our service without proper information. It is also in the User's legitimate interest that, as a result of the data processing, the Recipient designated by him / her can take advantage of the possibilities inherent in the gift voucher. As the Recipient also has a legitimate interest in availing himself of the benefits, no unjustified restriction on his right to information self-determination and privacy can be established in the context of data processing.

 

3.7.3. Duration of data management

The User's personal data will be deleted upon request. If the Recipient does not use the gift voucher, our personal data will be deleted 1 year after the voucher is issued.

 

3.7.4. Method of data management

In electronic form.

 

4. What rights do Users have?

 

It is important to us that our data management meets the requirements of fairness, legality and transparency. In the light of this, we briefly present the rights of each of the parties concerned in this section, and then explain them in more detail in Annex 3 to the prospectus.

Our user may request free information about the details of the processing of his personal data, as well as in cases specified by law, request their correction, deletion, blocking, or restriction of their processing, and may object to the processing of such personal data. Requests for information and requests in this section can be addressed by our User to our contact details in section 2.

4.1. Access right

Our users can receive feedback from us about the handling of their personal data and have access to this personal data and the details of their handling.

 

4.2. Right to rectification

At the request of our user, we will correct inaccurate personal data without undue delay, and we are entitled to request that the incomplete personal data be supplemented, inter alia, by means of an additional statement.

 

4.3. Right of cancellation

At the request of our user, we will delete personal data about him or her if we do not need to process it, or withdraw his or her consent, or object to the processing of the data, or their processing is illegal.

 

4.4. Right to forget

If we so request, we will try to notify all data controllers who have become or may have become aware of our User's possibly disclosed data of their request for deletion.

 

4.5. Right to restrict data management

At the request of our User, we restrict the data processing if the accuracy of the personal data is disputed, or the data processing is illegal, or our User objects to the data processing, or if we no longer need the provided personal data.

 

4.6. Right to data portability

Our user may receive the personal data concerning him / her in a structured, widely used, machine-readable format, or forward it to another data controller.

 

4.7. Responding to requests

The application will be examined as soon as possible after its submission, but not later than within 30 days - in case of protest - 15 days - and a decision will be made on its merits, of which the applicant will be informed in writing. If we do not comply with our User's request, we will state in our decision the factual and legal reasons for rejecting the request.

 

4.8. Remedies

The protection of personal data is important to us, and at the same time we respect the right of users to self-determination of information, therefore we try to respond to all requests in a correct manner and within the time limit. In view of this, we ask the Dear Users to contact us - in order to make a complaint - in order to settle any disputes amicably before using any official and court claims.

If the request does not lead to a result, our User

  • pursuant to Act V of 2013 on the Civil Code, you can assert your rights in court (the lawsuit can also be initiated before the court competent according to the place of residence or stay of our User; the list and contact details of the courts can be viewed at the following link: http://birosag.hu/ gymnastic chairs) and

 

 

5. Our application procedure

 

5.1. Notify recipients

We will always notify the recipients to whom or with whom the User's personal data has been communicated of rectification, deletion or data processing restrictions, unless this proves impossible or requires a disproportionate effort. At the request of the User, we will provide information about these recipients.

 

5.2. Method and deadline of information

We will provide information on the measures taken following the requests related to point 4 in electronic form within a maximum of one month from the receipt of the request, unless otherwise requested by the User. This period may be extended by a further two months if necessary, taking into account the complexity of the application and the number of applications. We will inform the User about the extension of the deadline, indicating the reasons, within one month from the receipt of the request.

Oral information may be provided at the request of the User, provided that he / she proves his / her identity in another way.

If we do not act on the request, we will inform the User of the reasons for this within a maximum of one month of its receipt, as well as of the fact that he may lodge a complaint with the NAIH and exercise his right of judicial appeal (Section 4.8).

 

5.3. Control

In exceptional cases, if we have reasonable doubts about the identity of the natural person submitting the application, we ask you to provide additional information necessary to confirm your identity. This measure is necessary in order to promote the confidentiality of data processing, as defined in Article 5 (1) (f) of the GDPR, ie to prevent unauthorized access to personal data.

 

5.4. Information and action costs

The information provided on the requests related to point 4 and the action taken on them shall be provided free of charge.

If the User's request is clearly unfounded or, in particular due to its repetitive nature, excessive, taking into account the administrative costs of providing the requested information or information or taking the requested action, we will charge a reasonable fee or refuse to act on the request.

 

6. Potential recipients of personal data [Gdpr3] , data processors

 

6.1. In connection with the operation of the Website

The hosting provider, as a data processor, has the right to access the personal data provided during the use of the Website.

Name: wix.com

Contact: www.wix.com

 

6.2. In connection with sending a newsletter

To send newsletters to the Website, there is newsletter software operated by the data processor we use. The data of the data processor are as follows:

Name: [*]

Contacts: [*]

 

6.3. In the context of a chat service

The operator of the chat service available when using the Website may also have access to the personal data of the Users as a data processor.

Name: [*]

Contacts: [*]

 

6.4. In connection with the delivery of ordered products [Gdpr4]

In order to deliver the ordered products, we use courier companies as data processors. The data of the data processors are as follows:

6.4.1.

Name: www.package.com

Contact details: info@package.com

 

6.5. In connection with the payment of the order fee

The order fee can be paid through the interface of a banking service provider as a data processor. The data of the data processor are as follows:

Name: PayPal

Contact: www.paypal.com

Name: Otp Bank Zrt

Contacts: www.otpbank.hu

 

 

6.6. In the context of social media interfaces

Our website also has several social media interfaces (e.g. Facebook, Linkedin Twitter, Google+, Instagram, You Tube); Thus, for example, if a User “likes” our site on Facebook or “follows” us on Twitter, we will learn about all the personal information that belongs to their profile and is available to the public. Relevant information on the data management arising on these pages can be found in the service provider's own data management policy.

 

6.7. In connection with the issue of an invoice

In connection with the invoicing, the tax authority is entitled to get acquainted with the personal data provided by the Users for this purpose in the course of its activities. Details of the tax authority:

Name: National Tax and Customs Administration

Website, contacts: https://www.nav.gov.hu/nav/konnectat

 

7. Data security [GDPR5]

 

We and the employees of the data processors have the right to get acquainted with the personal data of the User to the extent necessary for the performance of the tasks belonging to their job. We take all security, technical and organizational measures that guarantee the security of your data.

7.1. Organizational measures

We provide access to our IT systems with personal rights. The “necessary and sufficient rights” principle applies to the allocation of accesses, ie all employees may use our IT systems and services only to the extent necessary for the performance of their duties, with the appropriate rights and for the required period of time. Access to IT systems and services should only be granted to a person who is not restricted for security or other reasons (eg conflicts of interest) and who has the professional, business and information security knowledge necessary to use it securely.

We and the data processors agree to strict confidentiality rules in a written statement, and we are obliged to act in accordance with these confidentiality rules in the course of our activities.

7.2. Technical measures

We store the data - with the exception of the data stored by our data processors - on our own devices, in a data center. The IT devices storing the data are stored in a separate, separate closed server room, protected by a multi-stage access control system subject to authorization control.

We protect our internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located at the entry points of the applied public networks. The data is stored redundantly - ie in several places - to protect it from destruction, loss, damage, or illegal destruction due to the failure of the IT device.

We protect our internal networks from external attacks with multi-level, active protection against complex malicious code (eg virus protection). We implement the essential external access to the IT systems and databases operated by us via an encrypted data connection (VPN).

We do our best to ensure that our IT tools and software continuously comply with the technology solutions generally accepted in the operation of the market.

During our development, we develop systems in which logging can be used to control and track the operations performed, and to detect incidents, such as unauthorized access.

Our server is located on the hosting provider's separate dedicated server, protected and closed.

Taking into account the recommendation on data protection requirements for data processing on the websites of NAIH parties, we use the https protocol on the website, which means a higher level of data security compared to the http protocol.

 

8. Cookies

 

In order for our website to work properly, in some cases we place small data files on the User's computer device, similar to most modern websites.

8.1. What is a cookie?

A cookie is a small text file that the website places on the User's computer device (including mobile phones). As a result, the website can “remember” the User’s settings (e.g., language used, font size, display, etc.), so you don’t have to reset it every time you visit our website.

 

List of cookies used on the Website: [Gdpr6]

Cookie source

Cookie name

Cookie function

Cookie expiration

www.reneerichardson.net

hs

safety

session

www.reneerichardson.

smSession

login

2 days

www.reneerichardson.net

XSRF-TOKEN

safety

session

www.reneerichardson.net

svSession

Identifies unique visitors and tracks the information visitors have on your site

2 years

www.reneerichardson.net

SSR-caching

display site

20 sec

www.reneerichardson.net

TS017f4256

safety

session

reneerichardson net

TS01e85bed

safety

session

reneerichardson.net

Force Flash Site

mobile view

session

 

 

These cookies can be deleted or blocked, but in this case the Website may not work properly.

We do not use cookies to personally identify the User. These cookies are for the purposes described above only.

8.2. Google Analytics [Gdpr7]

1. The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site.

2. The information created by the cookie about the website used by you will normally be stored and stored on a Google server in the USA. By activating IP anonymization on the Website, Google will shorten the User's IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

3. The full IP address will be transmitted to and truncated to Google's server in the United States only in exceptional cases. On our behalf, Google will use this information to evaluate your use of the Website and to provide us with reports relating to website activity and to provide additional services relating to website and internet usage.

4. Within the framework of Google Analytics, the IP address transmitted by the User's browser is not reconciled with other data of Google. The User may prevent the storage of cookies by setting their browser appropriately, however, please note that in this case, not all functions of this website may be fully available. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=h

 

8.3. How are cookies handled?

Cookies can be deleted (detailed information: www.AllAboutCookies.org) or blocked by most browsers today. In this case, however, when using our website, certain settings will need to be reconfigured each time and certain services may not work.

Detailed information on deleting and blocking cookies can be found at www.AllAboutCookies.org (in English) and on the browser used by the User at the following links:

 

9. Other provisions

 

9.1. Data collection on activity

We may collect data about the activity of the Users, which cannot be combined with other data provided by the User during registration, or with data generated when using other websites or services.

 

9.2. Data management for different purposes

If we intend to use the provided data for a purpose other than the purpose of the original data collection, we will inform the Users about this and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.

 

9.3. Registration obligation [Gdpr8]

We keep a record of the data management activities carried out under our responsibility (data management activity record) in accordance with Article 30 of the GDPR.

 

9.4. Privacy Incident [Gdpr9]

A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data processed. In the event of a data protection incident, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We record data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it. 9.5. Amendment

We have the right to unilaterally amend this Prospectus at any time.

 

Effective: 2020.

 

 

Ildikó Renáta Nagy

Data Manager

 

[Gdpr1] Each website is unique; in this regard, we would like to draw your attention to the fact that when using the sample, we only indicate the data processing that is true for our own website.

 

The subsections of point 3 record the most typical data processing experienced at webshops.

[Gdpr2] The functions involved in registering depend on the particular web store, so the ones listed here are only fictitious examples.

[Gdpr3] The companies and entrepreneurs you use for your activity depend on the operation of the website. It is important to emphasize that only those who have access to users' personal data should be listed here.

[Gdpr4] It is not necessary to list all courier companies ; if this number exceeds 5, it is easier to write around courier companies only in general terms than a circle of recipients.

[GDPR5]

The descriptions in this section include technical and organizational measures in accordance with official requirements.

[Gdpr6] The IT specialist or developer of the website can provide accurate information on this issue.

[Gdpr7] Only to be listed if the website actually uses Google Analytics.

[Gdpr8] Our available product sample; "Data Management Register"

[Gdpr9] Privacy incident documentation available!