Data protection


Data protection

 

1. The nature and purpose of the Personal Data Protection Policy

2. The Data Controller’s details

2.1 The Data Protection Officer

3. The scope of personal data processed

3.1 Personal information provided during the registration process

3.2 Technical Data

3.3 Cookies

3.3.1 The purpose of using cookies

3.3.2 Mandatory session cookies

3.3.3 Third party cookies (analytics)

3.3.4 Cookies used for advertising purposes

3.3.5 Disabling cookies

3.3.6 Social Media extensions

3.4. Newsletter-related data

4. Intended use and retention period of the data processed

5. Purpose, method and legal basis for data processing

5.1 General data processing principles

6. Data transmission, data processing, parties who might receive personal data

7. Rights of the Data Subjects

7.1 The right to information

7.2 The right of access by the Data Subject

7.3 Right to rectification

7.4 Right to erasure

7.5 Right to restriction of processing

7.6 Right to data portability

7.7 Right to object

7.8 Right of withdrawal

7.9 Right to lodge a complaint with a supervisory authority

7.10 Data protection authority procedure

8. Miscellaneous provisions

 

1. The nature and purpose of the Personal Data Protection Policy

AMA SHOP Ltd. (Seat: 41 Viktor Hugo Street #1 First Floor, 1132 Budapest) hereinafter referred to as “Data Controller”, acknowledges the contents of this legal notice. The Data Controller undertakes to ensure that all data processing related to its activities comply with the requirements set out in this Policy and in applicable national legislation as well as the legal acts of the European Union.

AMA SHOP Ltd.’s privacy policy regarding processing personal data is available at www.amashop.hu/en/data-protection.

AMA SHOP Ltd. reserves the right to update or make changes in this policy at any time. In such a case the concerned parties will be duly notified of the changes. Should you have any questions regarding this policy, please contact me and I will provide you with an answer.

AMA SHOP Ltd. is committed to protecting the privacy of its committed customers, employees, and partners, and is committed to respecting its customers’ right to informational self-determination.

AMA SHOP Ltd. keeps all personal data confidential and takes all security, technical, and organizational measures to guarantee the security of your data.

AMA SHOP Ltd. describes its data processing practices below.

2. The Data Controller’s details

To contact the Data Controller please email Zsuzsánna Bagoly at Ez az e-mail-cím a szpemrobotok elleni védelem alatt áll. Megtekintéséhez engedélyeznie kell a JavaScript használatát.

AMA SHOP Ltd. will delete all e-mails it receives including personal data within one year from the received date.

Name: AMA SHOP LTD.

Seat: 41 Viktor Hugo Street #1 First Floor, 1132 Budapest

Company Registration Number: 01-09-981777 / 24

Name of Registrar: Metropolitan Court of Registration

Tax ID: 23860269-2-41

Phone number: 36204578541

E-mail: Ez az e-mail-cím a szpemrobotok elleni védelem alatt áll. Megtekintéséhez engedélyeznie kell a JavaScript használatát.

2.1 The Data Protection Officer

Name: Bagoly Zsuzsánna

Phone number: 36204578541

3. The scope of personal data processed

3.1 Personal information provided during the registration process

The purpose of processing data is to record user data, grant access and keep in contact in order to facilitate receiving our services.

During the login session, a further purpose of data processing is to identify the user to provide permissions, to verify the user, to ensure the modification of data and to simplify the order process.

The legal basis for data processing is voluntary consent, the range of data processed: contact details: name and email address, password.

The duration of data processing: Until the consent is withdrawn. The user can terminate his or her registered status at any time for free. If the user unsubscribes, his or her personal data relating to the registered status will be deleted without undue delay.

3.2 Technical Data

AMA SHOP Ltd. shall select and operate the IT tools used for processing personal data during the provision of services in such a way that the data processed is accessible to the authorized persons (availability); its authenticity and authentication are assured (authenticity of data processing); its unchangeability can be demonstrated (data integrity); and it is protected from unauthorized access (data confidentiality).

AMA SHOP LTD. shall protect data by taking appropriate measures against unauthorized access, alterations, transmission, disclosure, deletion or destruction of data, and accidental destruction of data.

AMA SHOP LTD. shall ensure that the security of data processing is protected by technical, organizational and organizational measures which ensure a level of protection appropriate to the risks represented by data processing.

AMASHOP LTD. processes all data confidentially: protects information so that only the persons authorized thereto can have access to it; maintains integrity: protects the accuracy and completeness of the information and the method of processing; Availability: ensures that when an authorized user needs the information, he or she can have access to it and all instruments relating thereto will be available.

3.3 Cookies

3.3.1 The purpose of using cookies

– to gain information on site visitors and their devices

to remember personal preferences of site visitors which may be used for e.g. online transactions, therefore they do not have to be typed in again.

– to make the website easier to use;

– to provide quality user experience;

In order to provide customized service, a small data packet called a cookie is placed on the user’s computer and the website can read it back during a later visit.

If the browser returns a previously saved cookie, the cookie management service provider may link the user’s current visit to the previous cookie, but only for its own content.

3.3.2 Mandatory session cookies

The purpose of these cookies is to enable visitors to browse the AMASHOP LTD.’s website fully, seamlessly, and to use its features and services easily. Cookies of this type expire during the session (browsing), and as the browser is closed, these type of cookies are automatically deleted from your computer or other device used for browsing.

3.3.3 Third party cookies (analytics)

The webpage of AMA SHOP LTD. uses Google Analytics cookies as third party cookies.

By using Google Analytics for statistical purposes, AMASHOP LTD.’s website collects information about how visitors use the website. Collected data is used in order to improve the website and improve user experience. These type of cookies will remain on the visitor’s computer or other browsing device until their expiration date, or until they are deleted by the visitor.

If the visitor does not wish to allow Google Analytics to collect the abovementioned data, a plug-in such as AdChoices can be installed on his or her computer to block its operation.

3.3.4 Cookies used for advertising purposes

The online marketing solutions used by AMASHOP LTD. such as Google AdWords and Facebook ads also use cookies during operation. AMASHOP LTD. uses remarketing codes and thus cookies provided by Google AdWords and Facebook. These type of cookies do not transmit personal data to the service provider.

The user may opt out of using cookies at any time and personalize ads settings at the settings interface of Google and Facebook:

– https://myaccount.google.com/privacy

– https://www.facebook.com/ads/preferences

3.3.5 Disabling cookies

Help function in the browser’s menu offers information on how to disable cookies or prevent the browser from accepting new cookies.

3.3.6 Social Media extensions

By default, extensions that are considered cookies are disabled on this site. Extensions are only enabled if the user clicks on a specific button for this purpose. This happens if the user clicks the Facebook button on the page and starts following AMASHOP LTD.’s Facebook page.

By clicking the button, the user agrees, expressly gives his or her consent to the transfer of his or her data to Facebook, Instagram, and to the storage of his or her data on these social media sites as described in their privacy policies.

Visitors of the website acknowledge fact that by using the website, they give their consent to the processing of their data by Google.

3.4. Newsletter-related data

The purpose of data processing is to record user data, grant access and facilitate communication.

The legal basis for data processing is consent given on a voluntary basis, the range of processed data: contact details: name and email address, password.

Site users may cancel their newsletter subscription at any time, free of charge.

If a user unsubscribes, his or her personal data related to the registered status will be deleted without undue delay.

4. Intended use and retention period of the data processed

Scope of data processing: data related to purchasing, invoicing, and employee status:

Purpose: communication, fulfillment of orders, documentation of purchases and payments, fulfillment of accounting obligations, marketing activities.

Legal basis: legal obligation, fulfillment of the contract, freely given consent

Retention period: AMA SHOP LTD. stores users’ personal data until the fulfillment of the contract, unless the law requires further mandatory storage of the user’s data due to the transmission or disclosure of data to the authorities (e.g. tax authorities).

Such mandatory data processing is, for example, the retention of issued invoices for a period specified by the Accounting Act (according to Section 169 (2) of the Act on Accounting, accounting documents for direct or indirect support of bookkeeping records are required to be retained for 8 years).

5. Purpose, method and legal basis for data processing

5.1 General data processing principles

The data processing of AMA SHOP LTD sole trader is based on voluntary consent and legal authorization. In case of data processing based on voluntary consent, the data subject may withdraw this consent at any stage of the data processing. In certain cases, the processing, storage and transmission of a given set of data is required by law, of which I will notify my clients separately.

I would like to draw all informants’ attention that, if they do not provide their own personal data, they are obliged to obtain the consent of the person concerned.

Our Privacy Policy is in compliance with applicable data protection laws, in particular:

CXII of 2011. Law – on the Right of Informational Self-Determination and on Freedom of Information (Infotv.);

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 positioning (General Data Protection Regulation, GDPR);

Act V of 2013 – on the Civil Code (Civil Code);

Act C of 2000 on Accounting;

LIII of 2017 Act – Preventing and Combating Money Laundering and Terrorist Financing;

CCXXXVII of 2013 Act on Credit Institutions and Financial Enterprises.

Data storage

Your personal data (any information that may be related to an identifiable natural person) may be collected in the following ways:

On the one hand, by maintaining internet connection: technical data is automatically generated in our system about your computer, browser, IP address and visited websites. On the other hand, you may provide your name, contact details or other information while using the website to contact us personally.

6. Data transmission, data processing, parties who might receive personal data

Business unit: Finance
Purpose: Payroll (employment-related administration)
Category of persons: Employees
Range of data: Contact data (name, address, etc.)
Recipient: NTCA
Data processor: SZTV Audit Ltd. - Katalin Győrfi
Retention period: 5 years after the termination of the work contract
Legal basis: Legal obligation
Storage location: Encrypted shared drive
Business Unit: Sales/marketing
Purpose: Invoicing/communication
Category of persons: Clients/potential clients
Range of data: Contact details (name, address, e-mail address)
Recipient: NAV
Data processor: SZTV Audit Ltd. – Katalin Győrfi / AMA SHOP LTD.
Retention period: According to Accounting Law / until consent is withdrawn
Legal basis: Legal obligation
Storage location: Encrypted shared drive

7. Rights of the Data Subjects

The Data Subject may request information on the processing of his or her personal data, request the rectification, erasure, cancellation of his or her personal data – except in cases of mandatory data processing – and may exercise the right to protest as described when recording the personal data, or by contacting the Data Controller via the abovementioned contact details.

7.1 The right to information

AMASHOP LTD. shall take appropriate measures in order to provide the Data Subject with all information regarding the processing of his or her personal data referred to in Articles 13 and 14 of the GDPR and all references in Articles 15 to 22 and 34, in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner.

7.2 The right of access by the Data Subject

The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of data processing;

the categories of personal data concerned;

the recipients or categories of recipients the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

the envisaged period for which the personal data will be stored;

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;

the right to lodge a complaint with a supervisory authority;

available information on data sources;

the existence of automated decision-making, including profiling, and intelligible, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

The Data Controller shall provide the requested information within a maximum of one month from the submission of the request.

7.3 Right to rectification

The Data Subject may request the correction of inaccurate personal data processed by AMASHOP LTD. and the completion of incomplete data.

7.4 Right to erasure

The Data Subject shall have the right to obtain from AMASHOP LTD. the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;

the Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing;

the personal data have been unlawfully processed;

the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

the personal data have been collected in relation to the offer of information society services.

The right to obtain the erasure of personal data shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;

for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

or for the establishment, and for the establishment, exercise or defence of legal claims.

7.5 Right to restriction of processing

The Data Subject shall have the right to obtain from AMASHOP LTD. restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

or the data subject has objected to processing;

in such a case restriction applies pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.

Where processing has been restricted, the personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7.6 Right to data portability

The Data Subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Data Controller in a structured, commonly used,and machine-readable format and have the right to transmit those data to another Data Controller.

7.7 Right to object

The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or to object to processing data when they are necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on these provisions.

The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

Automated decision-making on individual issues, including profiling.

The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

7.8 Right of withdrawal

The Data Subject shall have the right to withdraw his or her consent at any time.

7.9 Right to lodge a complaint with a supervisory authority

The Data Subject may lodge a complaint against the Data Controller upon violation of his or her rights. The court will deal with the matter out of turn.

7.10 Data protection authority procedure

The Data Subject may lodge a complaint with the Hugarian National Authority for Data Protection and Freedom of Information.

Name: National Authority for Data Protection and Freedom of Information

Seat: Szilágyi Erzsébet fasor 22/C., 1125 Budapest

Mailing address: P.O.B.: 5., 1530 Budapest

Telephone: 0613911400

Fax: 0613911410

E-mail: Ez az e-mail-cím a szpemrobotok elleni védelem alatt áll. Megtekintéséhez engedélyeznie kell a JavaScript használatát.

Website: http://www.naih.hu

8. Miscellaneous provisions

I will provide information on data processing not listed here upon recording of the data.

I hereby inform my clients that the courts, the public prosecutor, the investigating authority, the authority dealing with administrative offences, the administrative authority, the National Authority for Data Protection and Freedom of Information, the National Bank of Hungary, or other bodies upon statutory authorisation may ask the Data Controller to give information, disclose or transfer data, or provide documents to them.

AMASHOP LTD. – if the authority precisely specified the purpose and the scope of data – will disclose personal data to authorities only to the extent strictly necessary for achieving the purpose of the inquiry.