Proceed to cart
Customer support:office@imachinetools.hu
    Currency
    HUF
    Language
    English
    Home / Privacy Policy

    Privacy Policy

    1. Identification of the data controller
      The web shop, which can be accessed at www.imachinetools.hu, is operated by(z) Company name: iMachine Consulting and Services Limited Liability Company 

    Company registration number: 13 09 172030
    Tax number: 11684514-2-13
    Registered office: 2120. Dunakeszi, Északi utca 31/1.
    Location: 7100 Szekszárd, Korsófölde u. 3.
    Place of business: 7100 Szekszárd, Korsófölde u. 3.
    Phone: +36-20-565-2650
    E-mail address: ugyfelszolgalat@imachinetools.hu 

    (hereinafter referred to as the "Data Controller"). 

    Purpose of the privacy notice 

    iMachine Kft. (hereinafter referred to as the "Service Provider", "Data Controller") as the Data Controller, acknowledges the contents of this legal notice as binding. It undertakes to ensure that any processing of data related to its activities complies with the requirements set out in this policy and in the applicable national legislation and European Union legal acts. 

    The privacy policy relating to the Data Controller's data processing is available on an ongoing basis at http://.... 

    The Data Controller reserves the right to change this information at any time. It will of course inform its audience of any changes in due time. 

    If you have any questions about this communication, please contact us at the following e-mail address and we will answer your question. 

    The Data Controller is committed to protecting the personal data of its customers and partners and attaches great importance to respecting the right to information self-determination of its customers. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures to ensure the security of the data. 

    The Data Controller describes its data management practices below. 

    1. Legislation applicable to data processing, scope of the information notice 

    2.1. The Data Controller shall primarily process Users' data 

    • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (The EU General Data Protection Regulation), (hereinafter referred to as GDPR), 
    • Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, 
    • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Act on electronic commerce services) 

    based on the provisions of. 

    2.2 The scope of this notice applies to the processing of data during the use of the website available at the above Internet address (hereinafter referred to as the "Website"), the use of the services available there and the fulfilment of orders placed in the online store. 

    2.3 For the purposes of this Policy, User means: natural persons browsing the Website, using the services of the Website, and ordering products from the Data Controller. 

    1. Legal basis for processing 

    3.1 The legal basis for the processing carried out by the Data Controller is the consent of the User pursuant to Article 6(1)(a) of the GDPR for certain processing, and Article 6(1)(b) of the GDPR for processing relating to an order, which states that the processing is necessary for the performance of a contract to which the User is a party. 

    3.2 In the case of processing based on consent, the User gives his/her consent by ticking the box in front of the data processing statement in the relevant places. The User may read the privacy notice at any time by clicking on the "Privacy Notice" at the bottom of each page of the website or by clicking on the link marked "Privacy Notice" in the privacy notice referred to in this point, whereby the Data Controller ensures that the User is provided with clear and detailed prior information. By ticking the checkbox in front of the Privacy Statement, the User declares that he/she has read the Privacy Statement and, being aware of its contents, consents to the processing of his/her data as described in this Privacy Statement. 

    3.3 In certain cases, the Data Controller may be required by law to carry out certain processing operations or may have a legitimate interest as a legal basis for processing the data. You can read more about these below in the chapters on specific processing operations. 

    1. Data processing related to the provision of an information technology service 

    4.1 The Data Controller uses cookies for the operation of the website and to collect technical data about visitors to the website. 

    4.2 The Data Controller provides a separate information on the data management implemented by cookies: information on the use of cookies. 

    1. Data processing related to the receipt and reply to a message 

    5.1. Data subjects: Users who send messages to the Data Controller using the messaging interface available from the "Contact Us" section of the website or by e-mail using the e-mail address(es) indicated on the website. 

    5.2. Legal basis for processing: the User's consent pursuant to Article 6(1)(a) of the GDPR. 

    5.3. Definition of the scope of the data processed: 

    The User sending the message: 

    • name, 
    • your e-mail address, 
    • any additional information that the User may provide in the message. 

    With regard to any additional data that the User may provide in the message, the Data Controller only processes the data in relation to the content of the message sent but does not request the User to provide any personal data that may be provided there. When such unexpected personal data is provided, the Data Controller shall not store the unexpected personal data and shall delete it from its IT system without delay. 

    5.4 Purpose of processing: to enable the User to exchange messages with the Data Controller. 

    Related services: 

    • writing a message on the website, 
    • receive messages sent by e-mail (using the e-mail address(es) indicated on the website), 
    • reply to messages sent to the Data Controller by the above means, which the Data 

    Controller will do within 2 working days. 

    5.5 Duration of data processing: until the message is answered or the User's request is fulfilled. The Data Controller shall delete the data processed for this purpose after the message has been replied to/ the request has been fulfilled. If the exchange of information takes place through several messages on related subjects, the Data Controller shall delete the data after the exchange of information has ended or the request has been fulfilled. 

    If the exchange of messages results in the conclusion of a contract and the content of the messages is relevant to the contract, the legal basis and duration of the processing will be as described in the chapter "Order-related processing" (order-related processing). 

    5.6. Method of storage of data: in a separate processing list in the IT system of the Data Controller. 

    1. Data processing related to the sending of newsletters 

    6.1 Data subject: the User who subscribes to the newsletter by filling in the newsletter subscription fields on the website and ticking the consent box. 

    6.2. Legal basis for processing: article 6 (1) (a) GDPR and Art. Article 6 (1) and (2) of the GDPR. Voluntary consent is given by the User by reading this Privacy Policy and by filling in the fields for subscribing to the newsletter and ticking the consent form provided therein. By doing so, the User declares that he or she consents to the processing of his or her data in accordance with the processing set out in the privacy policy and to the sending of the newsletters. 

    In addition to sending useful information, the newsletter service also aims at direct marketing by the Data Controller. The User may subscribe to this service independently of the use of other services. The use of this service is voluntary and based on the User's decision, after having been duly informed. If the User does not use the newsletter service, he/she will not be disadvantaged in using the website and its other services. The Data Controller does not make the use of its direct marketing service a condition for the use of any of its other services. 

    6.3. Definition of the scope of the data processed: 

    • name,
      e-mail address. 

    6.4 Purpose of processing: sending newsletters by the Data Controller to the User by e-mail. The sending of newsletters means sending information about the Controller's services, news and updates, attention-grabbing offers, advertising, and promotional content. 

    6.6 Duration of data management: the Data Controller manages the data processed for the purpose of sending the newsletter until the User's consent is withdrawn (unsubscribe) or until the data is deleted at the User's request. 

    6.7. Method of storage of the data: in a separate processing list in the IT system of the Data Controller. 

    1. Data processing related to registration 

    7.1. Data subjects: users who register on the website. 

    7.2 Legal basis for processing: the User's consent pursuant to Article 6(1)(a) of the GDPR. Voluntary consent is given by the User by filling in the form that appears during registration and by ticking the box in front of the data processing statement, and finally by clicking on the button required to finalize registration. 

    7.3. Definition of the scope of the data processed: in the case of registering users, the data processing concerns the scope of personal data and contact details to be filled in on the registration form referred to above. 

    Scope of the data: 

    • surname, 
    • first name, 
    • e-mail address, 
    • password. 

    Purpose of the processing: to facilitate registration on the website, regular purchases. Related services: 

    • create a personal account for the User, 
    • to facilitate the online ordering of products by storing the data necessary for the fulfilment 

    of the order and to allow the User to modify these data independently, 

    • storing and making available to the User the previous orders in the User account. 

    7.4. Duration of data processing: for registered Users, the duration of data processing lasts until the deletion of the data at the request of the registered User. Data processing may also cease upon the User's deletion of the registration or upon the deletion of the User's registration by the Data Controller. The User may at any time delete his/her registration or request the deletion of his/her registration by the Data Controller, which request shall be executed by the Data Controller without delay, but no later than 10 working days after receipt of the request. 

    7.5. Method of storage of data: in a separate processing list in the IT system of the Data Controller. 

    1. Order-related data processing 

    8.1. Data subjects: users who place an order on the website. 

    8.2 Legal basis for processing: article 6(1)(b) of the GDPR, which states that processing is necessary for the performance of a contract to which the User is a party. 

    8.3 Definition of the scope of the data processed: the processing concerns the following personal data and contact details. 

    The User 

    • Last name 
    • first name 
    • billing address 
    • telephone number 
    • your e-mail address 
    • delivery address 
    • identification of the product(s) ordered 
    • the purchase price of the product(s) ordered 
    • pick-up/delivery method 
    • payment method 
    • any other information provided by the User at the time of ordering, which may be necessary to fulfil the order 
    • order date 
    • payment date 

    8.4. Purpose of data processing: conclusion and performance of the contract resulting from the order. 

    8.5. Duration of data processing: the Data Controller processes the above data for the fulfilment of the order for the period necessary to fulfil the obligation to keep records arising from the Accounting Act. This period shall be at least 8 years from the date of issue of the invoice within the meaning of the Accounting Act, after which the Data Controller shall delete the data within one year. 

    During the delivery necessary for the fulfilment of the order, the processing of the data required for this purpose (name, delivery address, telephone number) lasts until the delivery is completed. When transmitting the data necessary for the fulfilment of the delivery to the carrier, the Data Controller shall apply a data processing restriction, whereby the carrier may process the transmitted data only to the extent and for the duration necessary for the fulfilment of the delivery. 

    However, the transport company may have a legitimate interest in keeping some or all of the above data for a certain period of time in case of complaints, claims or civil disputes. However, this is already done as a separate Data Controller, for further information please refer to the data management information of the respective service provider. Such service providers used by the Data Controller can be found in the section of this notice entitled "Use of a Data Processor", where the contact details of their website containing their privacy policy are also indicated. 

    Any additional data processed during the order process, such as messages between the User and the Data Controller with relevant content related to the order, will be processed by the Data Controller until 5 years after the conclusion of the contract, which is the general limitation period applicable to civil law claims. 

    8.6. Method of storage of data: in a separate data management list in the Data Controller's IT system, or in accounting records required for the proper accounting in order to fulfil the obligation to keep records required by the Act on Accounting. 

    1. Data transmission 

    9.1. Data subjects concerned by the transfer: users who choose to pay online when placing an order on the website, regardless of the use of other services provided by the website. 

    9.2. Recipient of the transfer:
    Barion Payment Zrt
    Company registration number: 01-10- 048552
    Tax ID: 25353192-243
    Headquarters: 1117 Budapest, Irinyi József utca 4-20. 2. floor
    a company as the provider of an online payment service available on the Controller's website. 

    9.3 Legal basis for the transfer: legitimate interest of the Recipient pursuant to Article 6(1)(f) GDPR. 

    The Recipient is obliged under the legislation applicable to it to operate a fraud prevention and detection system in connection with the provision of payment services and is entitled to process the personal data necessary for this purpose. The Recipient has established a system in accordance with its legal obligation, the operation of which requires the transfer of data by the Data Controller. Accordingly, it is in the legitimate interest of the Recipient to be able to operate the fraud prevention and detection system to fulfil its legal obligation. 

    The legitimate interest of the Data Controller and the Recipient is to prevent fraud and ensure the proper functioning of online payments. The main source of revenue for both organizations is linked to the proper functioning of the payment service. It is also in the interest of the User, to avoid misuse of credit card data. 

    The transmission of data allows fraud to be detected, detected and any obstacles to the payment process to be removed. 

    The data processed by the User during the booking/ordering process will be transmitted via an encrypted electronic channel, exclusively to the Recipient and only in the case of online payment by credit card and will not be used by the Recipient for any other purpose. It follows from the above that the transmission of data does not entail any significant risk for the Recipient, nor does it have any further appreciable effect on him. 

    The transfer of data is necessary to achieve the purposes described here and is also suitable to make the payment service more secure. 

    Considering the above and the safeguards in place, the transfer of data does not constitute an unwarranted intrusion into the privacy of Users and is therefore a necessary and proportionate processing operation. 

    9.4. Scope of the data transmitted: 

    • the products placed in the shopping cart and the purchase data (prices, costs) displayed in the cart, 
    • name, 
    • phone number, 
    • e-mail address, 
    • title. 

    The User provides the credit card data provided during payment directly to the payment service provider, so they are not in the possession of the Data Controller. 

    9.5. Purpose of data transmission: to ensure the proper operation of the payment service and the technical processing of payments, to confirm transactions, to operate fraud-monitoring - a fraud detection system supporting the control of banking transactions initiated electronically - to protect the interests of users, and to provide customer service assistance to the User. 

    9.6. The User can find out more about the data processing carried out by the company providing the online payment service, the further circumstances of data processing - including the legal basis, purpose, the exact scope of the data processed, the duration of data processing - on the company's website. 

    9.7 The Data Controller does not transfer data to third parties for business or marketing purposes. 

    9.8 Apart from the above, the Data Controller shall only transmit data to public authorities in the event of a legal obligation. 

    1. Use of a data processor
      The Data Controller uses the following entities as data processors. 

    10.1. Hosting provider 

    10.1.1.1 The data subjects concerned by the processing: the Users visiting the Site, regardless of their use of the services provided by the Site. 

    10.1.2. 

    Shoptet, as 

    Company registration number: 28935675
    Tax number: CZ28935675
    Head office: Dvořeckého 628/8, 169 00 Prague 6, Czech Republic Telephone: +420 604 600 444
    E-mail address: info@shoptet.cz
    Website: https://www.shoptet.cz/
    as a web hosting provider (hereinafter referred to as the "Data Processor"). 

    10.1.3 Definition of the scope of the data concerned by the processing: the processing concerns all the data indicated in this notice. 

    10.1.4 The purpose of the processing is to ensure the information technology operation of the website. 

    10.1.5 Duration of processing: the same as the processing periods indicated for the processing operations governed by the purposes of the processing for each of the categories of data covered by this notice. 

    10.1.6 The processing of data is limited to the provision of the hosting necessary for the operation of the website in the IT sense. 

    10.2. Website developer 

    10.2.1. The data subjects concerned by the processing: the Users visiting the Site, regardless of their use of the services provided by the Site. 

    10.2.2. The Data Controller uses as a data processor 

    Shoptet, as 

    Company registration number: 28935675
    Tax number: CZ28935675
    Head office: Dvořeckého 628/8, 169 00 Prague 6, Czech Republic
    Telephone: +420 604 600 444
    E-mail address: info@shoptet.cz
    Website: https://www.shoptet.cz/
    as the developer of the website (hereinafter referred to as the "Data Processor"). 

    10.2.3. Definition of the data subject of the processing: the processing concerns all the data specified in this notice. 

    10.2.4 The purpose of the processing is to ensure the information technology operation of the website by processing the data through the necessary information technology operations. 

    10.2.5 Duration of processing: the same as the processing periods indicated for the processing operations governed by the purposes of the processing for each of the categories of data covered by this notice. 

    10.2.6 The processing of data is limited to the technical operations necessary for the operation of the website in the IT sense. 

    10.3. Processing of data related to the sending of newsletters. 

    10.3.1. Data subjects concerned by the processing: users who subscribe to the newsletter on the Website, regardless of their use of other services provided by the Website. 

    10.3.2. 

    Company name: iMachine Consulting and Services Limited Liability Company 

    Company registration number: 13 09 172030 

    Tax number: 11684514-2-13 

    Registered office: 2120 Dunakeszi, Északi utca 31/1. 

    Location: 7100 Szekszárd, Korsófölde u. 3. 

    Place of business: 7100 Szekszárd, Korsófölde u. 3. 

    Phone: +36205652650 

    E-mail address: ugyfelszolgalat@imachinetools.hu 

    as the developer and maintainer of the newsletter software used by the Data Controller (hereinafter referred to as the "Data Processor"). 

    10.3.3 Definition of the data subject of the processing: the processing concerns the name and e- mail address of the User subscribing to the newsletter. 

    10.3.4 The purpose of the data processing: to ensure the operation of the software used by the Data Controller for sending newsletters in the information technology sense, by means of data processing in the technical operations necessary for the secure operation of the software. 

    10.3.5. Duration of data processing: until the User's consent to receive the newsletter is withdrawn (unsubscribe) or until the data is deleted at the User's request. 

    10.3.6. The processing of the data is limited to the technical operations necessary for the operation of the newsletter sending software in the IT sense. 

    10.4. Processing of data related to the delivery of a product. 

    10.4.1. The data subjects concerned by the processing of the data: the Users who order the product by delivery to the address indicated by them. 

    10.4.2. 

    GLS Hungary Kft.
    Company registration number: 13-09-111755 Tax number: 12369410-2-44
    Location: 2351 Alsónémedi GLS Európa u. 2. 

    as the service provider delivering the products (hereinafter referred to as the "Processor"), 

    10.4.3. Definition of the scope of the data processing: the processing of the data concerns the following data of the User in order to fulfil the contract (delivery) resulting from the User's order: 

    • surname, 
    • first name, 
    • phone number, 
    • delivery address. 

     

    10.4.4 The purpose of the processing of data: to carry out the delivery of the ordered product within the framework of the performance of the contract resulting from the User's order, by delivering it to the address indicated by the User, if necessary by telephone agreement on the place and time of delivery. 

    10.4.5 Duration of data processing: for the time necessary to complete the delivery and service. 

    10.4.6 The processing of the data consists solely of the processing operations necessary for the performance of the delivery and service. 

    10.5. Data processing related to the production of invoices. 

    10.5.1. Data subjects concerned by the processing: users who place an order on the Website, regardless of whether they use other services provided by the Website. 

    10.5.2. 

    Shoptet, as 

    Company registration number: 28935675
    Tax number: CZ28935675
    Head office: Dvořeckého 628/8, 169 00 Prague 6, Czech Republic 

    Telephone: +420 604 600 444 

    E-mail address: info@shoptet.cz 

    Website: https://www.shoptet.cz/ 

    as the developer and maintainer of the billing software used by the Data Controller (hereinafter referred to as the "Data Processor"). 

    10.5.3. Definition of the data subject of the processing: the processing concerns the name and address of the user placing the order, the identification of the ordered good(s) and/or service(s), the date of purchase and the receipts containing the purchase price, delivery charges and any other charges. 

    10.5.4 The purpose of the processing: to ensure the operation of the software used by the Data Controller for issuing invoices in the information technology sense, by means of data processing consisting of technical operations necessary for the secure operation of the software. 

    10.5.5 Duration of data processing: for the period necessary to fulfil the obligation to keep records under the Accounting Act, i.e., for 8 years from the date of issue of the invoice. 

    10.5.6 The processing of the data shall be limited to the technical operations necessary for the IT operation of the software used to issue the invoice. 

    10.6. Processing of data in connection with accounting services. 

    10.6.1. Data subjects concerned by the processing: the Users placing the order. 10.6.2. The Data Controller uses as a data processor
    4Sales Systems Ltd.
    Company registration number: 17-09-004173 

    Tax number: 12631186-2-17
    Office: 7100 Szekszárd, Korsófölde utca 3. 

    as the accountant of the economic activity of the Data Controller (hereinafter referred to as the "Data Processor"). 

    10.6.3. Definition of the scope of the data processing: the data processing concerns the name and address of the User placing the order, the identification of the ordered item(s), the date of 

    purchase and the data contained in the receipts containing the purchase price, delivery charges and any other charges. 

    10.6.4 The purpose of the processing is to fulfil the statutory accounting obligations relating to the economic activity carried out by the Data Controller by using the services of the above-mentioned Processor. 

    10.6.5 Duration of data processing: for the maximum period necessary to fulfil the obligation to keep supporting documents under the Accounting Act, until the deletion of the invoice in the year following the 8th year after its issue. 

    10.6.6 The processing of the data shall be limited to operations necessary for the fulfilment and verification of accounting obligations. 

    10.7 No other processing of data will take place. 

    10.8 The Data Controller does not use any other data processor than the Data Processors indicated above. 

    1. User rights in relation to data management 

    11.1. Right of access: Upon the User's request, the Data Controller shall provide information about the data processed by the User or by the Data Processor, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the Data Processor and its activities related to the processing, the circumstances and effects of any data breach and the measures taken to remedy the data breach, and, in the case of the transfer of the personal data of the data subject, the legal basis and the recipient of the transfer. The Controller shall provide the information without undue delay and at the latest within one month of receipt of the request. 

    In the context of the right of access, the Data Controller shall provide the User with a copy of the personal data subject to processing, at the latest within one month of receipt of the request. For additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs. 

    11.2.Right to data portability: The User has the right to receive personal data concerning him/her that he/she has provided to the Data Controller in a structured, commonly used, machine- readable format, and the right to transmit such data to another data controller without hindrance from the data controller to which he/she has provided the personal data, if: 

    1. the processing is based on the consent of the User or on a contract; and 
    2. the processing is carried out by automated means. 

    In exercising the right to data portability as set out above, the User has the right to request, where technically feasible, the direct transfer of personal data between data controllers. 

    11.3. Right to rectification: the User may request the rectification of his/her processed data, which the Data Controller shall carry out without undue delay, but no later than one month from the receipt of the request. Considering the purposes of the processing, the User shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration. 

    11.4 Right to restriction of processing: the Controller shall designate the personal data it processes for the purpose of restricting the processing. The Data Controller shall designate the personal data which the User has provided to the Data Controller for processing: 

    1. the User contests the accuracy of the personal data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data. 
    2. the processing is unlawful, and the User opposes the deletion of the data and instead requests the restriction of their use; 
    3. the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims; or 
    4. the User has objected to the processing based on the legitimate interests of the Controller; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject. 

    11.5 Right to erasure: The Controller shall erase the personal data if: 

    1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; 
    2. the User withdraws the consent on which the processing is based and there is no other legal basis for the processing; 
    3. the User objects to the processing and there are no overriding legitimate grounds for the processing or the User objects to the processing for direct marketing purposes; 
    4. the personal data have been unlawfully processed; 
    5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject. 
    6. the User requests the erasure or objects to the processing and the personal data have been collected in connection with the provision of information society services directly to children. 

    The Data Controller shall notify the User concerned of the rectification, restriction, and erasure, as well as all data controllers to whom the data were previously transmitted. Notification may be omitted if it proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients. 

    11.6. Right to object: The User has the right to object to the processing of his/her personal data based on the legitimate interests of the Controller at any time on grounds relating to his/her situation. In such a case, the controller may no longer process the personal data, unless the controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defense of legal claims. 

    1. Fulfilling user requests 

    12.1 The Data Controller shall provide the information and measures referred to above free of charge. If the request of the User concerned is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller shall, considering the administrative costs of providing the requested information or information or of taking the requested action: 

    1. charge a reasonable fee, or 
    2. may refuse to act on the request. 

    12.2 The Data Controller shall inform the User of the measures taken in response to the request, including the provision of copies of the data, without undue delay, but no later than one month from the receipt of the request. If necessary, considering the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the User of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. If the User concerned has submitted his request by electronic means, the information shall be provided by the Data Controller by electronic means, unless the User concerned requests otherwise. 

    12.3 If the Data Controller does not take action on the request of the User concerned, the Data Controller shall inform the User concerned without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action and of the right to lodge a complaint with the data protection authority indicated below and to exercise his/her right to judicial remedy as described in the same paragraph. 

    12.4. The User may submit requests to the Data Controller by any means that allows the identification of the User. The identification of the User submitting the request is necessary because the Data Controller can only grant requests to those who are entitled to do so. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request additional information necessary to confirm the identity of the User concerned. 

    12.5. User's requests may be sent by post to the address of the Data Controller at the mailing address of the *web shop, by e-mail to the e-mail address of the *web shop. Requests sent by e- mail shall be considered as valid by the Data Controller only if they are sent from the e-mail address provided by the User to the Data Controller and registered there, but the use of another e-mail address shall not constitute a disregard of the request. In the case of e-mail, the date of receipt shall be deemed to be the first working day following the sending of the request. 

    1. Data protection, data security 

    13.1 The Data Controller shall ensure the security of data in its data processing and data handling activities and shall ensure the enforcement of legal provisions and other data protection and confidentiality rules by technical and organizational measures and internal procedural rules. In particular, it shall take appropriate measures to protect the processed data against unauthorized access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used. 

    13.2 The data on which the measurement of the number of visits and the mapping of the habits of using the website are based are initially recorded by the Data Controller's IT system in such a way that they cannot be directly linked to any individual. 

    13.3 Data will be processed only for the legitimate purposes set out in this notice and only to the extent necessary and proportionate for those purposes, in accordance with applicable laws and recommendations, and subject to appropriate security measures. 

    13.4 To this end, the Data Controller uses the http protocol "https" to access the website, which allows web communication to be encrypted and uniquely identified. In addition, as described above, the Data Controller stores the processed data in encrypted data files, which are stored in separate processing lists for each processing purpose and to which access is granted to specific employees of the Data Controller, who are responsible for the tasks related to the activities indicated in this Policy and whose job responsibility is to protect the data and to handle them responsibly in accordance with this Policy and the applicable legislation. 

    1. Enforcement
      Data subjects may exercise their rights before the courts and may also apply to the National 

    Authority for Data Protection and Freedom of Information: 

    National Authority for Data Protection and Freedom of Information 

    Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Postal address: 1530 Budapest, PO Box 5. 

    Phone: +36 1 391 1400
    Fax: +36 1 391 1410
    E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu/ 

    In the event of a court proceeding, the action may be brought before the court of the User's domicile or residence, at the choice of the User concerned, as the court has jurisdiction to hear the case. 

     

    Szekszárd, 2022.08.01