Adatkezelési Tájékoztató-GDPR

Privacy Policy

Briefly and concisely

We collect and process personal data only in accordance with laws and regulations.

We make every effort to securely store data.

Personal data is only transferred to third parties with consent.

Anyone can request information about the data stored about them by writing to: international@worldwidesimcards.com

Requests for deletion or modification of personal data can be made to: international@worldwidesimcards.com

Introduction

World Wide SIM FZE (hereinafter: Service Provider, data controller) adheres to the following information.

The 2011 Act on Information Self-Determination and Freedom of Information states that users (hereinafter: users of the webshop/website/blog) must be informed before data processing begins, whether the data processing is based on consent or is mandatory.

Before starting data processing, the user must be clearly and comprehensively informed about all aspects of data management, especially the purpose and legal basis of data processing, the person authorized to process and process the data, and the duration of data processing. According to Section 5(1) of the Info TV, it must also be informed that personal data may be processed if necessary to avert or prevent direct danger and it is proportionate, or if the data subject has expressly disclosed personal data for the purpose of achieving the purpose of data processing and it is proportionate.

The information must also cover the rights of the data subject regarding data processing and their legal remedies.

This data protection notice governs the data processing of the following websites:

www.worldwidesimcard.com

Changes to the notice take effect upon publication at the above address. Legal references are displayed behind certain parts of the notice.

Definitions (Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))

1. "personal data": any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. "processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. "restriction of processing": the marking of stored personal data with the aim of limiting their processing in the future;

4. "profiling": any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

5. "pseudonymisation": the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

6. "filing system": any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

7. "controller": the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

8. "processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

9. "recipient": a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

10. "third party": a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

11. "consent of the data subject": any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

12. "personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

13. "genetic data": personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

14. "biometric data": personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

15. "health data": personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

16. "main establishment": a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions shall be considered to be the main establishment; b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor's in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;

17. "representative": a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor regarding their respective obligations under this Regulation;

18. "enterprise": a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

19. "group of undertakings": a controlling undertaking and its controlled undertakings;

20. "binding corporate rules": personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within the same enterprise group or group of enterprises engaged in a joint economic activity, pursuant to this Regulation;

21. "supervisory authority": an independent public authority which is established by a Member State pursuant to Article 51;

22. "lead supervisory authority": the supervisory authority which is competent pursuant to Article 56 by reason of the location of the controller or processor's main establishment or because the processing substantially affects or is likely to substantially affect data subjects residing in the Member State;

23. "cross-border processing of personal data": a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State or b) processing of personal data which takes place in the Union and which substantially affects or is likely to substantially affect data subjects in more than one Member State;

24. "relevant and reasoned objection": an objection to a decision by the supervisory authority concerned, whether a decision taken in accordance with this Regulation or whether it finds that the processing of personal data by the controller or processor infringes this Regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects, and where applicable, to the free flow of personal data within the Union;

25. "information society service": the service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council;

26. "international organisation": an organisation and its subordinate bodies governed by public international law, or any other body which is set up by two or more countries by virtue of an agreement between them or which is established by a treaty;

Legal Basis of Data Processing (Act No. CXII of 2011 on Informational Self-Determination and Freedom of Information, Section 5)

1. Personal data may only be processed if:

a) it is ordered by law or – based on the authority of the law, in the scope specified therein, except for special data or non-criminal personal data – by local government regulation for a purpose based on public interest,

b) in the absence of the provisions of point (a), it is absolutely necessary for the performance of the controller's tasks

based on a contract with the data subject or for the implementation of pre-contractual measures taken at the request of the data subject,

c) it is necessary for the performance of a legal obligation applicable to the controller, or

d) the data subject has given his/her consent.

2. The processing of personal data – in relation to data processing ordered by law, based on the authority of the law, for a purpose based on public interest – may only take place to the extent and for the duration necessary for the performance of the task.

3. The legal basis for data processing must be specifically defined and indicated in relation to every data processing action. If the legal basis of data processing is consent, the data subject must be informed of his/her right to consent or refuse, as well as the consequences of refusal. The data subject must also be informed of the fact that he/she may withdraw consent at any time without limitation, by means as simple as the method of giving consent.

4. Personal data may only be processed if it is essential for the purpose of the data processing, and if the purpose of the data processing may be achieved in no other way, or only by processing personal data.

5. During data processing, personal data may only be processed to the extent and for the duration necessary to achieve the purpose of the data processing, to be prescribed by law.

6. Personal data may not be recorded, amended, deleted, transmitted, disclosed, made publicly available or connected for a purpose other than that specified, with the exception of cases specified in legal regulation.

7. Only personal data which is essential for achieving the purpose of data processing and suitable for achieving the purpose of data processing may be processed.

8. Personal data may only be processed if it is justified by the purpose of data processing, and if the processing of personal data is necessary and suitable for achieving the purpose of data processing.

9. Personal data may be processed in a form that allows the identification of data subjects only for the period necessary for achieving the purpose of data processing.

10. The accuracy, completeness and – where necessary for the purpose of data processing – up-to-dateness of personal data shall be ensured, and the fact that they may be identified only for the period necessary for the purpose of data processing.

11. The confidentiality and security of personal data must be ensured during data processing.

12. If the data subject has given his/her consent, he/she shall not be authorized to refuse it, and the legal consequences of the refusal shall be communicated to him/her in advance.

13. During data processing, the rights of the data subject must be respected in accordance with the provisions of this Act.

**Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Customer's tax number:

Registration as the purpose

Related services as the purpose

Operation of webshop as the purpose

Building a database as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Client contact person's name:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Client's phone number:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Client's delivery address:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Client's bank account number:

Sweepstakes as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Registration as the purpose

Related services as the purpose

Operation of webshop as the purpose

Building a database as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Website:

Email:

Marketing as the purpose

Robinson list

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Name (First and/or last name, company name):

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Residential address (country, postal code, city, street, house number, floor/door):

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Tax number (linked to the individual):

Registration as the purpose

Related services as the purpose

Operation of webshop as the purpose

Building a database as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Phone number:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Date of birth:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Username:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Blog:

Email:

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Name (First and/or last name, company name):

Marketing as the purpose

Robinson list as the purpose

Related services as the purpose

Operation of webshop as the purpose

Sending newsletters as the purpose

Building a database as the purpose

Electronic communication as the purpose

Unofficial stat as the purpose

Mandatory data management as the purpose

Customer relationship as the purpose

Agency activities as the purpose

Debt collection as the purpose

Direct marketing as the purpose

Periodic promotion as the purpose

Sweepstakes as the purpose

Survey as the purpose

Loyalty program as the purpose

Discount offering as the purpose

Satisfaction survey as the purpose

Registration as the purpose

Timeframe of data processing, deadline for data deletion: Immediately upon registration. Except in the case of accounting records, as per Section 169 (2) of Act C of 2000 on Accounting, such data must be retained for a minimum of 8 years. Accounting documents directly and indirectly supporting the accounting settlement (including general ledger accounts, analytical or detailed records) must be preserved in a readable form, retrievable based on accounting entries, for at least 8 years.

Email address on website

Name on website

Address on website

Tax number on website**

Here is the English translation of the provided text:

**Personal Data Management Policy**

• On the website, the phone number

• Modify-birthdate-on-website

• Username on the website

• Email address in the blog

• Name in the blog

The deletion or modification of personal data can be initiated by the data subject in the following ways:

8. Legal basis of data processing: User consent, Section 5(1) of Act No. CXII of 2011 on Information Self-Determination and Freedom of Information (Infotv.), and Section 13/A(3) of Act No. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society (hereinafter: Elker tv.):

The service provider may process personal data necessary for the provision of the service. In case of identity verification, the service provider must select and operate the tools used in the provision of information society services in such a way that personal data processing takes place only when necessary for the provision of the service and the fulfilment of other purposes defined in this Act, but even in this case, only to the extent and for the period necessary.

Hosting provider (web store) data used during data processing:

Name: www.shopify.com

Data security and rights of data subjects (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)):

The processing of personal data must be lawful and fair. It must be transparent to natural persons how their personal data are collected, used, accessed, or otherwise processed, as well as in connection with the extent to which personal data are or will be processed. The principle of transparency requires that information and communication relating to the processing of personal data should be easily accessible and easy to understand, expressed in clear and plain language. This principle applies especially to informing data subjects about the identity of the data controller and the purpose of data processing, as well as additional information aimed at ensuring fair and transparent processing of personal data, and providing information that data subjects have the right to confirmation and information about the data processed about them. Natural persons must be informed about the risks, rules, guarantees, and rights related to the processing of personal data, as well as how they can exercise their rights concerning data processing. The specific purposes of personal data processing must be explicitly formulated and lawful, and must be determined at the time of data collection. Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed, and the scope of data must be restricted to the minimum necessary for those purposes. To ensure that personal data are stored for the shortest possible period of time, the data controller shall establish deletion or regular review deadlines. All reasonable steps must be taken to correct or erase inaccurate personal data. Personal data must be processed in a manner that ensures appropriate security and confidentiality, including preventing unauthorized access to personal data and unauthorized use of personal data and the tools used for processing personal data. In order to ensure that the processing of personal data is lawful, it must be based on the consent of the data subject or on another lawful basis established by law, whether in this Regulation or in other Union or Member State law mentioned in this Regulation, including the need to comply with legal obligations imposed on the data controller, the performance of any contract concluded by the data subject, or steps taken at the request of the data subject prior to entering into a contract. Data transfer __________________________________________ __________________________________________ 1. Based on Act No. CXII of 2011 on Information Self-Determination and Freedom of Information, the following must be specified in the context of website/data transfer activities: a) the fact of data collection, b) the circle of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the persons authorized to access the data, f) description of the data subject's rights regarding data processing. 2. The fact of data processing, the scope of data processed. a) The scope of data transmitted for delivery processing: Delivery name, delivery address, telephone number, amount payable. b) The scope of data transmitted for online payment processing: Billing name, billing address, amount payable. 3. Circle of data subjects: All data subjects requesting home delivery/online purchase. 4. Purpose of data processing: Delivery of ordered product/processing of online purchase. 5. Duration of data processing, deadline for data deletion: Until the completion of home delivery/online payment processing. 6. Persons authorized to access the data: Personal data may be processed by the following, respecting the above principles: Service provider, data controller. 7. Description of the data subject's rights regarding data processing: Data subjects may request the immediate deletion of their personal data from the service provider ensuring home delivery/online payment. 8. Legal basis for data transfer: User consent. External data transferred to companies: Social media External online billing. • Name: szamlazz.hu Transmitted data: 0409. If the user disables remarketing cookies, personalized offers will not appear for them on the webshop/website/blog. • google analytics The service provider measures the website/webshop/blog's visitation data using Google Analytics. During use of the service, data is transmitted. The transmitted data is not suitable for identifying the data subject. More information about Google's privacy policies can be found here: http://www.google.hu/policies/privacy/ads/ Facebook • For advertising purposes Newsletter sender • I use an internal newsletter sender Internal service provider: www.shopify.com Newsletter sending (Act No. XLVIII of 2008 on the fundamental conditions and restrictions of economic advertising activity, Section 6) ____________________________________ ____________________________ (1) Unless otherwise provided by law, the direct approach method of a natural person as a recipient of advertising (hereinafter: direct business acquisition), in particular electronic mail or other individual communication methods equivalent thereto - except as provided for in paragraph (4) - may only be communicated if the advertising recipient has clearly and expressly consented thereto in advance. (2) * Consent may be made in any manner that includes the name of the declarant or, if the advertising to which the consent relates is addressed only to persons of a specified age, the place and time of birth, and the scope of personal data to be processed by the declarant. that the consent is voluntary and expressed in full knowledge. (3) The declaration of consent pursuant to paragraph (1) may be withdrawn at any time without restriction or justification, free of charge. In this case, the name of the declarant and any other personal data must be immediately deleted from the register specified in paragraph (5), and advertising of the type described in paragraph (1) may no longer be communicated to the recipient by the direct business acquisition. (4) * A recipient of advertising mail addressed to a natural person as the recipient of advertising may be sent by direct business acquisition without the explicit and express consent of the recipient of the advertisement, but the advertiser and the advertising service provider must ensure that the recipient of the advertisement is free to prohibit the sending of advertising at any time and without restriction. In the event of prohibition, advertising on direct business acquisition shall no longer be sent to the person concerned. (5) The advertiser, the advertising service provider, or the advertiser - within the scope of consent in paragraph (1) - keeps a record of the personal data of persons who have made a declaration of consent. The data concerning the advertising recipient may be processed in accordance with the declaration of consent in paragraph (5), and may only be transferred to a third party with the prior consent of the person concerned. (6) The declaration of withdrawal pursuant to paragraph (3), or the prohibition of sending advertising pursuant to paragraph (4), must be made possible both by post and by electronic mail, in such a way that the person making the declaration can be clearly identified. (7) * In connection with advertising sent in the manner described in paragraphs (1) and (4), the recipient must be clearly and prominently informed of the address and other contact information where the declaration of consent for such advertising can be revoked, or where the request for prohibition of sending advertising can be made, and - in the case described in paragraph (4) - for this purpose, the first advertising mail sent to the same recipient for the same advertiser after 1 October 2009 must include a reply letter that can be sent by post, free of charge, as a registered item that can be delivered in a verifiable manner. (8) A direct approach requesting a declaration of consent pursuant to paragraph (1) may not contain advertising, excluding the business name and designation. (9) * In the application of this section, an addressee's advertising mail: exclusively containing advertisements, business acquisition or advertising material - sent simultaneously to at least 500 recipients, not individually named by the nature of the message, and not altering the data of the recipient, and must comply with the laws on postal services. Cookie management (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)): By using the website/web store, the person acknowledges the following: Natural persons can be associated with online identifiers provided by the devices, applications, tools, and protocols they use, such as IP addresses and cookie identifiers, as well as other identifiers, such as radio frequency identification tags, creating traces that can be used in conjunction with unique identifiers and other information received by servers to create a natural person's profile and identify the

person. In order for the service provider to improve the performance of its website/webshop, the service provider and its partners need to store small data packets (so-called cookies) on the person's computer. For further information on the storage of small data packets, the person may obtain information on the webshop's website, the direct link for which is below: [here] Unsubscribing from the newsletter and promotional email (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)): By using the website/webshop, the person acknowledges the following: Data processing shall be prohibited for the purposes of direct marketing, and the personal data shall be deleted without delay, based on the data subject's request._________________________________________ _________________________________________ "a) the fact of data collection, b) the circle of data subjects, c) the purpose of data collection, d) the duration of data processing, e) the persons authorized to access the data, f) description of the data subject's rights regarding data processing. 2. The fact of data processing, the scope of data processed. a) The scope of data transmitted for delivery processing: Delivery name, delivery address, telephone number, amount payable. b) The scope of data transmitted for online payment processing: Billing name, billing address, amount payable. 3. Circle of data subjects: All data subjects requesting home delivery/online purchase. 4. Purpose of data processing: Delivery of ordered product/processing of online purchase. 5. Duration of data processing, deadline for data deletion: Until the completion of home delivery/online payment processing. 6. Persons authorized to access the data: Personal data may be processed by the following, respecting the above principles: Service provider, data controller. 7. Description of the data subject's rights regarding data processing: Data subjects may request the immediate deletion of their personal data from the service provider ensuring home delivery/online payment. 8. Legal basis for data transfer: User consent. External data transferred to companies: Social media External online billing. • Name: szamlazz.hu Transmitted data: 0409. If the user disables remarketing cookies, personalized offers will not appear for them on the webshop/website/blog. • google analytics The service provider measures the website/webshop/blog's visitation data using Google Analytics. During use of the service, data is transmitted. The transmitted data is not suitable for identifying the data subject. More information about Google's privacy policies can be found here: http://www.google.hu/policies/privacy/ads/ Facebook • For advertising purposes Newsletter sender • I use an internal newsletter sender Internal service provider: www.shopify.com Newsletter sending (Act No. XLVIII of 2008 on the fundamental conditions and restrictions of economic advertising activity, Section 6) ____________________________________ ____________________________ (1) Unless otherwise provided by law, the direct approach method of a natural person as a recipient of advertising (hereinafter: direct business acquisition), in particular electronic mail or other individual communication methods equivalent thereto - except as provided for in paragraph (4) - may only be communicated if the advertising recipient has clearly and expressly consented thereto in advance. (2) * Consent may be made in any manner that includes the name of the declarant or, if the advertising to which the consent relates is addressed only to persons of a specified age, the place and time of birth, and the scope of personal data to be processed by the declarant. that the consent is voluntary and expressed in full knowledge. (3) The declaration of consent pursuant to paragraph (1) may be withdrawn at any time without restriction or justification, free of charge. In this case, the name of the declarant and any other personal data must be immediately deleted from the register specified in paragraph (5), and advertising of the type described in paragraph (1) may no longer be communicated to the recipient by the direct business acquisition. (4) * A recipient of advertising mail addressed to a natural person as the recipient of advertising may be sent by direct business acquisition without the explicit and express consent of the recipient of the advertisement, but the advertiser and the advertising service provider must ensure that the recipient of the advertisement is free to prohibit the sending of advertising at any time and without restriction. In the event of prohibition, advertising on direct business acquisition shall no longer be sent to the person concerned. (5) The advertiser, the advertising service provider, or the advertiser - within the scope of consent in paragraph (1) - keeps a record of the personal data of persons who have made a declaration of consent. The data concerning the advertising recipient may be processed in accordance with the declaration of consent in paragraph (5), and may only be transferred to a third party with the prior consent of the person concerned. (6) The declaration of withdrawal pursuant to paragraph (3), or the prohibition of sending advertising pursuant to paragraph (4), must be made possible both by post and by electronic mail, in such a way that the person making the declaration can be clearly identified. (7) * In connection with advertising sent in the manner described in paragraphs (1) and (4), the recipient must be clearly and prominently informed of the address and other contact information where the declaration of consent for such advertising can be revoked, or where the request for prohibition of sending advertising can be made, and - in the case described in paragraph (4) - for this purpose, the first advertising mail sent to the same recipient for the same advertiser after 1 October 2009 must include a reply letter that can be sent by post, free of charge, as a registered item that can be delivered in a verifiable manner. (8) A direct approach requesting a declaration of consent pursuant to paragraph (1) may not contain advertising, excluding the business name and designation. (9) * In the application of this section, an addressee's advertising mail: exclusively containing advertisements, business acquisition or advertising material - sent simultaneously to at least 500 recipients, not individually named by the nature of the message, and not altering the data of the recipient, and must comply with the laws on postal services. Cookie management (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)): By using the website/web store, the person acknowledges the following: Natural persons can be associated with online identifiers provided by the devices, applications, tools, and protocols they use, such as IP addresses and cookie identifiers, as well as other identifiers, such as radio frequency identification tags, creating traces that can be used in conjunction with unique identifiers and other information received by servers to create a natural person's profile and identify the person. In order for the service provider to improve the performance of its website/webshop, the service provider and its partners need to store small data packets (so-called cookies) on the person's computer. For further information on the storage of small data packets, the person may obtain information on the webshop's website, the direct link for which is below: [here] Unsubscribing from the newsletter and promotional email (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)): By using the website/webshop, the person acknowledges the following: Data processing shall be prohibited for the purposes of direct marketing, and the personal data shall be deleted without delay, based on the data subject's request