PRIVACY & DATA PROTECTION POLICY
Effective date: February 4, 2020
The purpose of these Rules is to set out on the website pamutkababy.com, the principles of data protection and data management applied by István Gyenes sole proprietor (Head Office and mailing address: Szél utca 2/b, Etyek, Hungary 2091, Tax number.: 75689579-1-27, E-mail address : email@example.com, Phone number: + 36-30-611-4099, Contact person: István Gyenes) (hereinafter referred to as the Data Controller or Operator) and the data protection and data management procedures of the Data Controller.
The Privacy Statement contained in these Terms and Conditions applies only to the pamutkababy.com website and does not apply to third party websites, even if these websites are directly accessible from pamutkababy.com.
Data Controller pays special attention to its data management in your best interest to comply with the following laws and practices: Act V of 2013 on the Civil Code, CXIX law of 1995 on managing name and address information for research and direct marketing purposes, Act CXII of 2011 on Freedom of Informational Self-Determination and Freedom of Information law, REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation). Data Controller also complies with other applicable data protection laws and data protection practices in the conduct of the Data Protection Commissioner.
The website does not create its own database, no profiling is done.
Our company will not forward your personal information to any third country or international organization.
2. Definitions, abbreviations, principles
Infotv.: Act CXII of 2011 on Freedom of Informational Self-Determination and Freedom of Information;
GDPR: REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
"Data controller": A natural or legal person, public authority, agency or any other body which determines the purposes and means of the management of personal data independently or in combination with others; where the purposes and means of data management are determined by Union or Member State law, the Data Controller or the specific criteria for designating the controller may be defined by Union or Member State law; (GDPR)
"Data management": Any operation or set of operations, whether automated or not, carried out on personal data or data files, such as collection, recording, filing, organizing, storing, transforming or altering, retrieving, accessing, using, communicating, transmitting, disseminating or otherwise making available through coordination or linking, restriction, deletion or destruction; (GDPR)
"Personal Data": Any information relating to an identified or identifiable natural person (data subject); a natural person is identifiable directly or indirectly, in particular by virtue of one or more factors such as name, number, position, online identification or physical, physiological, genetic, intellectual, economic, cultural or social identity; (GDPR)
"Data processor": Any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller; (GDPR)
"Recipient": Any natural or legal person, public authority, agency or any other body, even a third party, to whom the personal data are disclosed; (GDPR)
"Privacy incident": Breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise processed; (GDPR)
"IP address": An IP address is a sequence of numbers that uniquely identifies computers, mobile devices on the Internet. IP addresses can be used to locate a visitor using a particular computer geographically. The addresses of the pages visited, as well as the date and time data alone are not suitable for the identification of the data subject, but in combination with other data (eg provided during registration) they are useful for drawing conclusions about the user.
"Customer, Buyer": The user of the website.
The principles of personal data management that the Data Controller respects:
-legality, fairness and transparency,
-integrity and confidentiality,
-accountability of the Data Controller.
In the case of a child under the age of 16, the processing of children's personal data may only take place if the consent has been given or authorized by the parent exercising parental authority over the child, and to the extent authorized by the parent.
3. Data processing methods
3.1. Data processed in the course of services provided by pamutkababy.com
When buying from the pamutkababy.com website, the following personal data are managed by the Data Controller: name, phone number, e-mail address, IP address, shipping and billing address.
3.2. Visitor's data
Purpose of data management: during the visit to the website, the Data Controller records the visitor's data in order to perform services, supervise functionality, and prevent abuse.
Legal basis for data management: consent of the data subject and Paragraph 13/A. § (3) of Eker. TV.
The data handled includes date, time, IP address, address of previously visited page, information about the user's operating system and browser.
Duration of data management: 30 days from the date of access to this website.
Data transfer: The html code of the portal may contain links from external servers and links pointing to external servers that are independent of the data controller. Third-party servers are directly connected to the user's computer. Please note that the providers of these links are able to collect user data (eg. IP address, browser, operating system data, mouse cursor movement, clicks, page visited and date and duration of visit) due to their direct connection to their server and direct communication with the user's browser.
Content that may be personalized to the user is served by the server of the external service provider.
The data is transmitted for hosting purposes to Stablehost.com (2719 Hollywood Blvd, Hollywood, FL 33020 USA, Website: stablehost.com, Contact: firstname.lastname@example.org), which may use additional data processors to provide background IT services.
3.3. Registration in the webshop
Purchase is not subject to registration.
Buyer provides the following information when registering on the site: first name, last name, e-mail address, phone number, password.
Regular buyers should register so they don't have to provide their personal information with each purchase and keep track of their purchases.
Purpose of data management: to provide a more convenient shopping opportunity, to maintain customer relations, to analyze and evaluate buyer habits, to obtain the necessary consent for direct marketing inquiries.
Legal basis for data management: voluntary consent of the data subject.
Type of personal data processed: data provided by the data subject, date and time of clicking on the link to confirm registration.
If the user makes a purchase using the registration profile, the personal data related to the purchase will be retrieved from the registration database.
Duration of data management:
-two years from the date of last login,
-3 weeks for unconfirmed registrations,
Deletion or modification of data:
-The user is entitled to initiate the deletion and modification of his/her personal data at any time by accessing his/her profile on the website,
3.4. Data management during shopping
It is possible to buy as a guest and as a registered user.
If a purchase is made by logging in with a registration profile, the personal data related to the purchase will be retrieved from the registration database.
Purpose of data management: purchase in the webshop, issuing of invoice, fulfillment of orders, documentation of purchase and payment, possible return administration, fulfillment of accounting obligation, customer relations, analysis of customer habits.
Legal basis for data management: Data management is necessary for the performance of a contract in which the data subject is a party.
Type of personal data processed: data provided by the data subject.
Duration of data management: Data will be deleted within 5 years of order fulfillment.
Deletion and modification of data: The user has a limited right to initiate the deletion and modification of his/her personal data at the contact details of this data controller, subject to the obligation of accounting retention.
Data Transmission: When choosing credit card payment method, the buyer will provide the credit card details directly to the following payment service providers.
Barion Payment Zrt.
Head office: Infopark sétány 1. Building "I" 5/5, Budapest, Hungary 1117
Company registration number: 01-10-048552
Tax Number: 25353192-2-43
Customer Data: Name, phone number, e-mail address, IP address, transaction amount, date and time of transaction, shipping and billing address, card details.
Paypal Holdings Inc.
Head Office: 2211 N 1st St, San Jose, California 95131, USA
Customer data: Seller details, name, address, telephone number, e-mail address, purchase details, card details.
The buyer's name, delivery address, e-mail address, telephone number will be forwarded to the following suppliers for delivery, performance of the contract:
Csomagpont Logisztika Kft.
Head office: Szondi utca 15, Budapest, Hungary 1067
Company registration number: 01-09-340159
Tax number: 26704058-2-42
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Head office: GLS Európa utca 2, Alsónémedi, Hungary 2351
Company registration number: 13-09-111755
Tax number: 12369410-2-44