Privacy Policy

Szabó Csaba Tamás, the sole proprietor (registered office: 1157 Budapest, Kőrakás park 53, registration number: 55853011, tax number: 57243016-1-42) as the data controller (hereinafter referred to as the “Data Controller”) submits to the following information.

The Data Controller is subject to the provisions of Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 22 December 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, on the right of self-determination and on the freedom of information (CXII. The General Data Protection Regulation (“GDPR”) states that the data subject (in this case the website user, hereinafter referred to as the “User”) must be informed before the processing starts whether the processing is based on consent or whether it is mandatory.

Before the processing starts, the data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, and the duration of the processing.

The data subject must also be informed, pursuant to Paragraph (1) of Article 6 of the Info Act, that personal data may be processed even if obtaining the data subject’s consent would be impossible or would involve disproportionate costs, and the processing of personal data would

  • be necessary for compliance with a legal obligation to which the controller is subject; or
  • is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.

The information should also cover the rights and remedies of the data subject in relation to the processing.

Where it would be impossible or disproportionately costly to provide personal information to data subjects (such as in the present case in an online shop), the information may be provided by disclosing the following information:

a) the fact of data collection,

b) the persons concerned,

(c) the purpose of the data collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who have access to the data,

(f) the rights and remedies of the data subject with regard to the processing; and

(g) where the processing is subject to registration, the registration number of the processing.

This privacy notice governs the processing of data on the following website: https://seotailor.hu/ and is based on the above content.

It is available at: https://seotailor.hu/adatvedelmi-nyilatkozat/

Amendments to this notice will take effect upon publication at the above address.

The legislation applicable to the processing of personal data

The legislation applicable to the processing of personal data is the following: the right to the protection of personal data under Chapter VI, points (2) and (3) of the Fundamental Law of Hungary (Fundamental Law)

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, (Info tv.)

Act LXIII of 1992 on the Protection of Personal Data and the Disclosure of Data of Public Interest (Avtv.)

Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Ektv.)

Act V of 2013 on the Civil Code (Civil Code Act),

Act C of 2012 on the Criminal Code (Criminal Code) 3.

Explanation of basic terms according to Info tv.:

Data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data, in this case the user of the website.

Personal Data: data that can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from the data concerning the data subject.

Special Data:

– Personal data revealing racial or ethnic origin, nationality, political opinions or political party affiliation, religious or philosophical beliefs, membership of an interest group, sex life,

– Personal data concerning health, pathological addiction, and personal data concerning criminal offences.

Consent: a voluntary and explicit expression of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, either in full or in relation to specific operations.

Objection: a declaration by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the data processed.

Data Controller: The natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or has the data processed.

Processing: any operation or set of operations which is performed upon the data, regardless of the method used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of further use, taking of photographs, sound recordings or images, or any other physical means of identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans).

Transmission: making data available to a specified third party.

Disclosure: Making the data available to anyone.

Erasure: The rendering of data unrecognizable in such a way that it is no longer possible to recover it.

Data marking: The marking of data with an identification mark to distinguish it.

Data blocking: The marking of data with an identifier in order to limit its further processing permanently or for a limited period of time.

Data destruction: The complete physical destruction of a data medium containing data.

Data Processing: The performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

Data Processor: a natural or legal person or unincorporated body which, under a contract with a controller, including a contract entered into pursuant to a legal provision, processes data.

Data breach: unlawful processing or processing of personal data, in particular unauthorized access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction, or accidental damage.

Data set: the set of data managed in a single register.

Sales, training enrolment

1: Pursuant to Article 20(4) of Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information, the following must be defined in the scope of the processing of sales on the website:

a) the fact of data collection,

b) the data subjects,

c) the purpose of the data collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who have access to the data,

(f) a description of the data subjects’ rights in relation to the processing

2: The fact of collection, the scope of the data processed and the purposes of the processing:

Personal data: the purpose of the processing

Surname and first name: Necessary for contacting, purchasing, registering for training courses and for the correct invoicing.

E-mail address: for contacting, invoicing.

Telephone number: To contact you, to contact you more efficiently for billing or delivery issues.

Invoicing address: To issue a proper invoice and to create, define, modify, monitor the performance of the contract, invoice the fees and claim the related charges.

Delivery name and address (for physical products): To enable home delivery.

Date of purchase/registration: Performing a technical operation.

Age of purchase/login IP address: To perform a technical operation.

E-mail address does not need to contain personal data.

3: Data subjects: all data subjects who register for purchases/training on the website.

4: Except in the case of accounting records, since pursuant to Article 169 (2) of Act C of 2000 on Accounting, these data must be kept for 8 years.

The accounting documents (including general ledger accounts, analytical or detailed records) which directly and indirectly support the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.

5: Potential controllers of the data: personal data may be processed by the sales and marketing staff of the controller, in compliance with the above principles.

6: Description of data subjects’ rights in relation to data processing: Data subjects may request the deletion or modification of personal data in the following ways:

– By e-mail to csaba.szabo@seotailor.hu

7: Legal basis for processing: the consent of the User, in accordance with the Infotv. 5 (1) of the Privacy Policy, and in the case of electronic commerce services and information society services, the use of the personal data of the user. (3) of Article 13/A of Act CVIII of 2001 on certain aspects of electronic commerce and information society services (hereinafter referred to as “Elker Act”):

The service provider may process personal data that are technically necessary for the provision of the service. The service provider shall, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only when absolutely necessary for the provision of the service and for the fulfillment of the other purposes laid down in this Act, but even in this case only to the extent and for the duration necessary.

Data processors

Hosting provider

1. Activity performed by the data processor: Hosting

2. Name and contact details of the data processor:

Name of Data Controller.: Nethely Kft.

Postal address: 1115 Budapest Halmi utca 29.

Address of registered office: 1115 Budapest Halmi utca 29.

Phone: +36 1 445 2040

E-mail address: info@nethely.hu

www.nethely.hu

3. Fact of processing, scope of data processed.

4. Data subjects: all data subjects using the website.

5. Purpose of the processing: to make the website available and to ensure its proper functioning.

6. Duration of processing, time limit for deletion of data.

7. Legal basis for data processing: the User’s consent, the Infotv. Article 5 (1), and Article 13/A(3) of Act CVIII of 2001. on Electronic Commerce Services and Certain Aspects of Information Society Services.

The Data Controller reserves the right to terminate the contract(s) with external service provider(s) and to engage new service provider(s).

Management of cookies

1. Pursuant to Article 20 (4) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be specified in the scope of the cookie processing of the website:

a) the fact of data collection,

b) the data subjects concerned,

c) the purpose of the data collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who have access to the data,

(f) a description of the data subjects’ rights in relation to the processing.

2. Fact of processing, scope of data processed: unique identifier, dates, times

3. Data subjects: all data subjects visiting the website.

4. Purpose of processing: identification of users, tracking of visitors.

5. Duration of data processing, time limit for deletion of data.

6. Who are the potential controllers of the data: no personal data are processed by the controller through the use of cookies.

7. Description of data subjects’ rights in relation to data processing.

8. Legal basis for processing: no consent is required from the data subject where the sole purpose of the use of cookies is for communication or transmission over an electronic communications network or where it is strictly necessary for the service provider to provide an information society service explicitly requested by the subscriber or user.

Using Google Analytics

1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site you have visited.

2. The information generated by the cookie about the website you use is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the User’s IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.

3. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.

4. The IP address transmitted by the User’s browser within the framework of Google Analytics will not be merged with other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting and processing information (including your IP address) about your use of this website by means of cookies by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=hu

Newsletter, DM activity

1. Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, the User may expressly consent in advance to being contacted by the Data Controller with advertising offers and other mailings at the contact details provided by the User by e-mail or by telephone.

2. In addition, the Customer may, subject to the provisions of this Privacy Policy, consent to the processing of personal data by the Service Provider for the purpose of sending advertising offers.

3. The Service Provider shall not send unsolicited commercial messages and the User may unsubscribe from receiving such offers free of charge, without any restriction and without giving any reason. In this case, the Service Provider shall delete all personal data necessary for sending advertising messages from its records and shall not contact the User with further advertising offers.

The User may unsubscribe from advertising by clicking on the link in the message.

4. Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be specified in the data processing of the newsletter:

a) the fact of data collection,

b) the data subjects,

(c) the purpose of the collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who have access to the data,

(f) a description of the data subjects’ rights in relation to the processing.

5. The fact of collection, the scope of the data processed and the purposes of the processing:

Personal data: purpose of the processing

Name, e-mail address: identification, to enable subscription to the newsletter.

Date of registration: to carry out a technical operation.

IP address at the time of subscription: To carry out a technical operation.

6. Data subjects: all data subjects subscribing to the newsletter.

7. Purpose of processing: sending electronic messages (e-mail, SMS, push messages) containing advertising to the data subject, providing information on current information, products, promotions, new features, etc.

8. Duration of data processing, deadline for deletion of data: until the consent is withdrawn, i.e. until the unsubscription.

9. Potential data controllers who may access the data: personal data may be processed by the controller’s staff, in compliance with the principles set out above.

10. Processing registration number: not necessary for the present activity.

11. Description of the data subjects’ rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge.

12. Data processor used: None

13. Legal basis for data processing. The advertiser, the advertising service provider or the publisher of the advertisement – within the scope specified in the consent – shall keep a record of the personal data of the persons who have given their consent. The data recorded in this register – relating to the recipient of the advertising – may be processed only in accordance with the consent given in the consent form, until the consent is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.

Social networking sites

1. Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the scope of data processing of social networking sites:

a) the fact of data collection,

b) the scope of the data subjects,

c) the purpose of the data collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who have access to the data,

(f) a description of the data subjects’ rights in relation to the processing.

2. The fact of data collection, the scope of the data processed: the name of the user registered on Facebook/Youtube/Instagram, etc. social networking sites, or the user’s public profile picture.

3. Data subjects: all data subjects who have registered on LinkedIn/Facebook/Twitter/Pinterest/Youtube/Instagram/TikTok etc. and have “liked” the website.

4. Purpose of the data collection: to share or “like” the website, to promote certain content, products, promotions or the website itself on social networking sites.

5. The duration of the processing, the time limit for the deletion of the data, the identity of the possible controllers of the data and the rights of the data subjects in relation to the processing of the data. The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.

6. Legal basis for processing: the data subject’s voluntary consent to the processing of their personal data on social networking sites.

Protection of personal data

1. According to the Info Act, personal data may only be processed for specific purposes, for the exercise of a right and the fulfilment of an obligation. At all stages of data processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful.

2. Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.

3. The personal data shall retain this quality during the processing for as long as its relationship with the data subject can be re-established. The link with the data subject may be re-established if the controller has the technical conditions necessary for its restoration.

4. The processing must ensure that the data are accurate, complete and, where necessary for the purposes for which they are processed, kept up to date, and that the data subject can be identified only for the time necessary for the purposes for which they are processed. The processing of personal data shall be regarded as fair and lawful if, in order to ensure the freedom of expression of the data subject, the person who wishes to obtain the opinion of the data subject visits the data subject at his or her place of residence or stay, provided that the personal data of the data subject are processed in accordance with the provisions of this Act and the personal inquiry is not for commercial purposes. The personal inquiry shall not take place on a public holiday within the meaning of the Labour Code.

5. According to Article 5(1) of the Info Info Act, personal data may be processed

a) with the consent of the data subject, or

b) if it is ordered by law or – on the basis of the authorisation of the law and within the scope specified therein – by decree of a local government for a purpose in the public interest (hereinafter: mandatory data processing).

6. Personal data may only be processed with informed consent.

7. The data subject shall be informed in a clear, plain and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.

8. The controller shall plan and carry out the processing operations in such a way as to ensure the protection of the privacy of the data subject in the application of this Act and other rules applicable to processing.

9. The data controller or, in the scope of his activities, the data processor shall ensure the security of the data and shall take the technical and organisational measures and establish the procedural rules necessary to enforce this Act and other data protection and confidentiality rules.

10. In particular, appropriate measures must be taken to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

11. In order to protect the electronically processed data files in the various registers, appropriate technical arrangements should be in place to ensure that data stored in the registers cannot be directly linked and attributed to data subjects, except where permitted by law. The controller and the processor should take additional measures to ensure that, when personal data are processed by automated means.

12. A controller or processor subject to the Info Act may transfer personal data to a controller processing in a third country or to a processor processing in a third country if the data subject has given his or her explicit consent or if the law so permits and the third country ensures an adequate level of protection for the personal data concerned during the processing and handling of the data transferred.

13. An adequate level of protection of personal data is ensured if it is laid down in a binding legal act of the European Union or if an international treaty is in force between the third country and Hungary containing safeguards for the exercise of the rights of data subjects, the right to a judicial remedy and independent supervision of the processing of personal data.

Transfers to an EEA State shall be considered as if they were transfers within the territory of Hungary.

Complaints handling

1. Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined as part of the processing of complaints:

a) the fact of data collection,

b) the data subjects concerned,

c) the purpose of the data collection,

(d) the duration of the processing,

(e) the identity of the potential controllers who are entitled to access the data,

(f) a description of the data subjects’ rights in relation to the processing.

2. The fact of collection, the scope of the data processed and the purposes of the processing:

Personal data: purpose of the processing

Surname and first name: Identification, contact.

E-mail address: contact.

Telephone number: contact.

Billing name and address: Identification, handling of quality complaints, questions and problems regarding the products ordered.

3. Stakeholders: all stakeholders who shop on the webshop website and who have quality complaints and complaints.

4. Duration of data processing, deadline for deletion of data: copies of the record, transcript and reply to the recorded complaint shall be kept for 5 years pursuant to Article 17/A (7) of Act CLV of 1997 on Consumer Protection.

5. Potential data controllers who may have access to the data: personal data may be processed by the controller’s staff, in compliance with the principles set out above.

6. Description of data subjects’ rights in relation to data processing:

– by e-mail to csaba.szabo@seotailor.hu

7. Legal basis for processing: the consent of the User, in accordance with the Infotv. 5(1) of the Privacy Policy and Article 17/A(7) of Act CLV of 1997 on Consumer Protection.

Miscellaneous

1. By registering on the website, the data subject expressly consents to the Data Controller processing and using his/her personal and other data for the purpose of improving and developing the quality of the service, as well as for the purpose of monitoring and enforcing the interests of the user, for the purpose of implementing its information activities related to the provision and use of the service.

2. At the end of the period of data processing, the Controller shall delete the personal data of the data subject in a way that makes it impossible to identify the data subject.

3. The Data Controller undertakes to ensure the security of the data and to take technical measures to ensure that the data collected, stored or processed are fully protected and to prevent their destruction, unauthorised use or alteration. It also undertakes to require any third party to whom it may transfer or disclose the data to comply with its obligations in this respect.

4. The Data Controller reserves the right to unilaterally modify this Privacy Statement by giving prior notice to Users. After the entry into force of the amendment, the User accepts the amended Policy by using the Service.