This is an unofficial translation of a Hungarian legal document. In case of any dispute, the original Hungarian version is authoritative.
1. INTRODUCTION
It is very important to us to comply with the data protection regulations and laws currently in force. The following sets out in detail the data protection measures of the szermann.hu website and SZERMANN Kft., together with our data collection processes. The data is processed by SZERMANN Kft., and this company is responsible for the processing of personal data.
Contact details:
Full legal name: SZERMANN Kft.
E-mail address: vezetes@szermann.hu
Postal address: 1118 Budapest Ménesi út 22. ( Ménesi Office Center )
2. WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSE?
Personal data is information that uniquely identifies a natural person. On szermann.hu we process the following categories of personal data, with the precise indication of the legal basis:
COMMUNICATION DATA
This includes any message you send to us through the website, by e-mail, social media or any other form of communication. We process and retain this data so that we can fulfil orders and have a record on which to base decisions in the event of any legal claim. The legal basis for this processing is the user's demonstrable interest in our activities, as expressed in messages addressed to us.
CUSTOMER DATA
This includes all data relating to the purchase of products and services, such as the customer's name, shipping and billing addresses, e-mail address, telephone number and details of the products purchased. We process this data in order to successfully fulfil orders and to keep legally compliant records of purchases. The legal basis for processing is the performance of the contract concluded with the order between the customer and SZERMANN Kft.
USER DATA
This includes the data generated by the use of the website, which enables the technical operation of the site, the preservation of its security, the storage of records of user activity, and access to the most relevant content at all times. The legal basis for processing this data is the user's clear interest in our activities, the safeguarding of which and the technical operation of the site requires the storage of such data.
TECHNICAL DATA
This includes data generated during the use of the site, such as IP address, login information, browser data, the time spent on individual pages, page views and navigation paths, the number and time of visits, time zones and the data of the device from which you view the site. The data is sourced from our analytics software. We process this data in order to analyse user habits on the site, to maintain its secure operation, and to understand the usefulness of our marketing decisions. The legal basis for processing is the user's clear interest in our activities, allowing us to process this data in line with security requirements and to use it for business growth and more effective operation.
MARKETING DATA
This includes visitor preferences as to the marketing content they are willing to receive from us. We process this data in order to enable participation in prize draws and to send advertising for our products/services in which the user has expressed interest. The data we collect may from time to time be used for purposes such as serving targeted, relevant advertising on the Facebook(TM) platform and various dynamic ad inventories, and measuring ad performance. In the course of our activities we do not collect sensitive data such as ethnicity, religious belief, sexual life and orientation, political opinions and trade union membership, or health background and genetic or biometric information.
3. HOW DO WE COLLECT DATA?
We may collect personal data in such a way that the user provides it directly to us (for example by placing an order or sending a message). In addition, certain data is collected automatically during the use of the site, for example via so-called "cookies" and similar technologies. These are activated only after the user's consent has been given. For more information please consult our Cookie Policy. Certain data is received from external partners, such as analytics providers like Google (a non-EU partner), advertising networks like Facebook(TM) (a non-EU partner), and payment providers such as PayPal (a non-EU partner) and Barion.
4. PRACTICAL STEPS RELATING TO DATA PROTECTION
SZERMANN Kft. attaches the utmost importance to the protection of user data and to compliance with applicable regulations. Following the data protection impact assessment carried out on the site, we have compiled a list of the data collected, its necessity and legal basis, and its compliance with the law. To protect the data provided in forms and generated on the site, we apply SSL certification across the entire website (Let's Encrypt Authority X3 certificate). To protect the site against attacks, we use premium security software (iThemes Security Pro) to safeguard the stored data against so-called brute force and viral attacks. Purchase and user data is stored in encrypted form (pseudonymised) in the site databases and is therefore not readable by external parties. This privacy policy provides users with forms to request information about, modify or erase their personal data. From time to time it is necessary, in the interest of our business operations, to provide data to service partners (such as hosting providers, courier companies, newsletter software). In such cases we always choose partners that meet the requirements of the GDPR; for US-based partners we ensure they participate in the EU-US Privacy Shield framework, and we conclude data processing agreements with them to safeguard responsible data handling.
5. MARKETING COMMUNICATIONS
Marketing communications are essential to the activities of the business. The legal basis for the related data processing is the expression of interest in our services or the express consent of users. Pursuant to the Privacy and Electronic Communications Regulations (PECR) of the European Union, we send marketing messages to our users if they have purchased from us or have expressly consented to receive marketing messages. The withdrawal of consent and unsubscription from messages is made readily available in every case. Each e-mail contains an unsubscribe link at the bottom, or removal from the database may be requested at vezetes@szermann.hu. Even after unsubscribing from marketing communications, we may still send messages relating solely to the fulfilment of orders.
6. NOTE ON PERSONAL DATA
From time to time it is necessary to share certain personal data with certain partners in order to maintain normal business operations: IT service providers and providers that perform troubleshooting and maintenance on IT systems; professional partners such as lawyers, accountants, bankers and insurers; government bodies which require reporting on our activities; payment service providers that securely process payment card data; courier services that deliver incoming orders to the specified shipping address. International data transfers: Users' data may from time to time need to be shared with service partners outside the European Economic Area (EEA) in order to maintain business operations. Countries outside the EEA often do not provide an equivalent level of data protection, and European law therefore prohibits the export of data without the appropriate conditions being met. Whenever personal data is transferred outside the EEA, in addition to the steps described in point 4 we take the following measures to ensure the safe handling of the data: we only transfer data to countries that the European Commission considers adequate from a data protection standpoint; we only use US-based services that participate in the EU-US Privacy Shield data protection framework. If the above conditions are not met, we request the explicit consent of users to make the transfer. Consent may be withdrawn at any time. Links to external sites: This site may from time to time contain links to external sites or have embedded code that provides external services. Clicking on such links or using the embedded solutions may enable external partners to collect data about users. While we make every effort to vet such partners, we have no control over their data protection principles and are not responsible for their data processing practices.
7. PERIOD OF DATA PROCESSING
We retain users' data only for as long as our legal, accounting and reporting obligations require, or for as long as is necessary for the operation of the service. When deciding on the storage period we take into account the volume, nature and sensitivity of the data and the potential impact of disclosure in the event of a data breach. For tax reasons, we are obliged to retain invoicing and purchase data of customers for at least 8 years in order to comply with our legal obligations. In certain circumstances we may use data in anonymised form for statistical purposes, in which case we may store it indefinitely without notice.
8. RIGHTS OF THE VISITOR
As a citizen of the European Union, the General Data Protection Regulation (GDPR) grants users of the site the following rights: a) Access to personal data. Users have the right to request a copy of the personal data held about them by SZERMANN Kft. The request is generally fulfilled free of charge within 14 days of submission. In the case of repeated, abusive or unjustified data requests, SZERMANN Kft. may charge a reasonable fee for providing the data and may require additional time. SZERMANN Kft. may also require proof of identity before releasing the data, in order to prevent abuse. To request personal data please write to us at vezetes@szermann.hu.
MODIFICATION OF PERSONAL DATA
If personal data has changed or has been entered incorrectly, users have the right to request its modification. To modify personal data please contact us at vezetes@szermann.hu.
REQUEST FOR ERASURE OF PERSONAL DATA
Users have the right to request the deletion of all their personal data. The request is fulfilled free of charge within 14 days. After deletion of personal data, the user's account will no longer be available, and any purchased materials may also become inaccessible, as the personal data linked to the account is essential for accessing the service. SZERMANN Kft. may require proof of identity before deletion to prevent abuse. To request deletion of personal data please write to us at vezetes@szermann.hu.
REQUEST CONCERNING THE PROCESSING OF PERSONAL DATA
Users have the right to request the restriction of the transfer of their data to third parties (service partners). When submitting the request, the specific service partners to be restricted may be identified. Please note that cooperation with certain service providers is essential for the operation of the site (e.g. Barion as a payment provider); restricting them may make the site's services unavailable. SZERMANN Kft. may require proof of identity before restricting transfers in order to prevent abuse. To request such a restriction please write to us at vezetes@szermann.hu.
In Hungary the official body responsible for data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find further information about their data protection rights on the NAIH website.
National Authority for Data Protection and Freedom of Information,
1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary
Postal address: 1530 Budapest, P.O. Box 5, Hungary
Phone: +36.1.391.1400
Fax: +36.1.391.1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
9. ANONYMISED DATA AND "COOKIES"
On the szermann.hu website, and in e-mails and advertisements, we use so-called "cookies" and similar technologies such as tracking codes, re-marketing tags and pixels, which are activated after user consent. These technologies help us to better understand user behaviour and interests, supporting higher quality and more efficient operation. Our goal is to make the use of szermann.hu as user-friendly and personalised as possible. If a user wishes to prevent these technologies from recording non-personal data, this can be done as follows: by using the cookie notices that appear on the site to block their loading; by disabling "cookies" in the browser. For more information on the other cookies and tracking codes used on szermann.hu, please consult our <a href="/cookie-nyilatkozat">Cookie Policy</a>.