Privacy Policy

Purpose:

We collect and process personal information only in accordance with the law. Data is stored in the safest possible manner. We do not give personal information to third parties without consent. We will provide anyone with information about the data stored on them, and you can request to delete data at any time by contacting us.

Introduction:

Süsd Meg Kft. (Headquarters:2112 Veresegyház, Táltos utca 19., Location: 1122 Budapest Városmajor u. 3 / b, Tax number:26293682-1-13, Customer Service: +36 70 310 0321, e-mail: info@susdmeg.eu) is subject to the following information.

The act CXII of 2011 on Information Self-Determination and Freedom of Information stipulates that the data subject (in this case, the user of the web site) must be informed before data processing begins that the data management is consent or obligatory. All facts relating to the processing of your data, including in particular the purpose and legal basis of the processing and its duration, must be clearly and comprehensively disclosed to the person authorized to collect and process the data. The information should also cover the data subject’s rights and remedies.
If it is not possible or would entail disproportionate costs for the persons concerned to be informed, the following information may be disclosed:

• fact of data collection,
• the range of stakeholders,
• the purpose of the data collection,
• duration of data management,
• the identity of potential data controllers authorized to access the data,
• a description of the data subjects’ rights and remedies available to them, and
• where the data processing is subject to a data protection registration, the data handling registration number.

This Privacy Statement governs the privacy practices of the website operated by Süsd Meg Ltd. and is based on the above content specification. The information is available on the website operated.

Terms:

1. ‘data subject / User’: any natural person identified or directly or indirectly identified on the basis of personal data;

2. ‘personal data’ means data relating to a data subject, in particular the name, an identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and the conclusions to be drawn from that data;

3. ‘controller’: any natural or legal person, or any entity without legal personality, which alone or jointly with others determines the purpose of the processing of data, takes and implements the decisions regarding the management of the data (including the device used), or executed by an authorized data processor;

4. ‘data management’: any operation or combination of operations, in particular the collection, recording, recording, filing, storing, altering, using, querying, transmitting, publishing, coordinating or linking, blocking, deletion of data, irrespective of the procedure used and the destruction of data and the prevention of further use of data, taking photographs, sound or images, and recording physical characteristics (such as fingerprints, palmprints, DNA samples, iris images) of a person;

5. ‘data processing’ means the execution of technical tasks related to the data processing operations, irrespective of the method and the means used to perform the operations and the place of application, provided that the technical task is performed on the data;

6. ‘data processor’ means any natural or legal person, or any entity without legal personality, who processes data on the basis of a contract concluded with a data controller, including under a legal act;

7. ‘privacy incident’ means the unlawful processing or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction or damage.

Data management relating to the operation of the website

1. The fact of collecting data, the scope of the data processed and the purpose of data management:

1.1. Username: Enable authentication, registration;

1.2. Password: Provides secure access to the user account;

1.3. Surname and First Name: Required for contact, purchase, and issue of a regular invoice;

1.4. Email Address: Contact;

1.5. Phone Number: Contact, better coordinate billing or shipping issues;

1.6. Billing Name and Address: Issue a regular invoice, as well as create, define, modify, monitor, and enforce a contract, bill its fees, and enforce claims against it;

1.7. Date of purchase / registration: Performing a technical operation;

1.8. At the time of purchase / registration IP address: Perform a technical operation.

A username or email address is not required to contain personal information.

2. Stakeholders: All registered and customers affected.

3. Duration of data processing, deadline for deletion of data: The data will be managed until the registration is held, immediately upon deletion of the registration. Except in the case of accounting documents, which must be kept for 8 years.

4. Identity of potential data controllers entitled to access the data: The personal data may be processed by the data controller and the person responsible for the maintenance of the website in compliance with the above principles

5. Data subjects’ rights with regard to data processing: The following data may be modified on the website:

• Billing information
• Phone number
• E-mail address

You may also request the deletion or modification of your personal data (Username, Password, Surname, First Name, Email Address, Telephone Number, Shipping Address, Shipping Name, Billing Address, Billing Name) via email.

6. Data of the data processor used in data processing:

6.1. Hosting Provider:

• Name: Intellisys Kft.
• Address: 2112 Veresegyház, Cserje u. 9
• Privacy Policy: –

7. Legal basis for data processing: consent of the user (The service provider may process personal data that is technically necessary for the provision of the service in order to provide the service. The service provider must select and means used to provide personal data in the course of the provision of the service, only to the extent strictly necessary for the provision of the service and for the fulfillment of other purposes set forth in this Act, but only to the extent and for such time.

Handling cookies

1. Site-specific cookies are password-protected process cookies, shopping cookies and security cookies that do not require prior consent from the parties involved.

2. The website manages cookies with unique ID numbers, dates and times.

3. Stakeholders: All visitors of the website.

4. Purpose of Data Management: Identify users, keep track of the data needed to make a purchase, and track visitors.

5. Duration of Data Management: Depending on the type of cookie, it lasts for 2 years from the date of the visit of the website.

6. Cookies used on this website do not handle personal information.

7. Stakeholders have the option to delete cookies in their browser, usually in the settings menu.

8. The consent of parties involved is not required since the exclusive purpose of the use of cookies is to transmit communications over an electronic communications network or to provide an information society service explicitly requested by a subscriber or user.

Using Google Analytics

1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer, thus helping to analyze the use of a web page that a User visits.

2. Information generated by the cookies associated with the User’s use of the Site is typically stored and stored on a Google server in the US. By activating the IP anonymization web site, Google will shorten the User’s IP address within the Member States of the European Union or other States party to the European Economic Area Agreement.

3. The full IP address will be transmitted and truncated to Google’s server in the US only in exceptional cases. Google will use this information on behalf of the operator of this web site to evaluate how the user has used the web site, to report web site activity to the web site operator, and to provide additional services related to the use of the web site and the Internet.

4. Within the Google Analytics framework, the IP address transmitted by the User’s browser will not be reconciled with any other Google data. The User may prevent the storage of cookies by properly configuring his / her browser, however, please note that in this case, not all features of this website may be fully utilized. You may also prevent Google from collecting and processing your cookie-related information about your use of the Website (including your IP address) by downloading and installing the browser plug-in available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu.

Community sites

1. The fact of collecting the data, the scope of the data being processed: the name registered on the Facebook / Pinterest / Instagram / Tripadvisor social networking sites and the public profile picture of the user.

2. Stakeholders: All stakeholders who have registered on Facebook / Pinterest / Instagram / Tripadvisor and “liked” the site.

3. Purpose of Data Collection: To share or “like” or promote certain content, products, promotions or the website itself on social networking sites.

4. Duration of the data processing, time limit for deletion of data, identity of potential controllers who are entitled to know the data and description of data controllers’ rights: Data management is done on social networking sites, so the duration, mode of data management, and the options for deleting and modifying data are governed by the specific social networking site.

5. Legal basis for data processing: the voluntary consent of the data subject to the processing of their personal data on social networking sites.

Data transmission

1. The fact of data management, the range of data being processed. The range of data transmitted to make an online payment: Billing Name, Billing Address, Email Address.

2. Stakeholders: All stakeholders who request online shopping.

3. Purpose of Data Management: Fraud monitoring for online shopping, transaction confirmation and user protection.

4. Duration of data processing, deadline for deletion of data: Until the online payment is made.

5. Identity of potential data controllers entitled to access the data: Personal data may be processed in accordance with the above principles:

5.1. Hosting Provider:

• Name: Intellisys Kft.
• Address: 2112 Veresegyház, Cserje u. 9
• Privacy Policy: –

6. Disclosure of data subjects’ rights regarding data processing: The data subject may request from the data controller of the home delivery / online payment service provider the deletion of his personal data as soon as possible.

7. Legal basis for data transfer: User consent, Infotv. Section 5 para. (1) of the Act and Section CVIII of the 2001 Act on Certain Issues of Electronic Commerce Services and Information Society Services. 13 / A. (3).

Customer Relations

1. In case questions or problems concerning the data management services the data controller can be contacted in the ways specified on the website (telephone, e-mail, social networking sites, etc.).

2. The data manager for incoming emails, messages, phone, Facebook etc. will delete any information provided, along with the contact name and email address, as well as any other personally identifiable information provided, no later than 2 years from the date of disclosure.

3. The Service Provider is obliged to provide information, provide data and provide documents upon exceptional request of the authorities or upon request on legal basis of other authorities.

4. In these cases, the Service Provider shall provide the requester with personal data only if and to the extent necessary to achieve the purpose of the request, provided that the purpose and scope of the data have been specified.

Data Security

1. The controller shall design and implement the data processing operations in such a way as to ensure the protection of the privacy of the data subjects.

2. The Data Controller shall ensure the security of the data (password protection, antivirus protection), shall take the technical and organizational measures and shall establish the rules of procedure necessary for the enforcement of Info tv and other data and privacy protection rules.

3. The Data Dontroller shall, in particular, take appropriate measures to protect the data

• unauthorized access,
• change,
• transmission,
• disclosure,
• cancellation or destruction,
• accidental destruction and injury,
• against inaccessibility due to changes in applied technology.

4. The controller shall ensure by appropriate technical means that the data stored in the registers are not directly interconnected and attributed to the data subject.

5. In order to prevent unauthorized access, alteration and unauthorized disclosure or use of personal data, the controller shall provide:

• development and operation of the appropriate IT and technical environment,
• the controlled selection and supervision of the staff involved in the provision of services,
• issuing detailed operational, risk management and service procedures.

6. Based on the above, the service provider shall ensure that the data it manages

• be available to the creditor,
• its authenticity and authentication are assured,
• its unchangeability is verifiable, let it be.

7. The IT system of the data controller and its hosting provider shall protect, inter alia,

• computer fraud,
• espionage,
• computer viruses,
• spam,
• hacks
• and other attacks.

Rights of Stakeholders

1. The data subject may request the Service Provider to provide information on the management of his / her personal data, to request the rectification of his / her personal data and to request the deletion or blocking of his / her personal data, except for the mandatory data management.

2. At the request of the data subject, the controller shall provide information on the data processed by the data controller or processed by the data controller, the source, purpose, legal basis, duration, name, address and data protection activities of the data controller. the circumstances of the incident, its effects and the measures taken to deal with it; and, in the case of a transfer of personal data of the data subject, the legal basis and the recipient of the data transfer.

3. The controller shall designate any personal data that he processes if the data subject disputes the correctness or accuracy thereof, but the inaccuracy or inaccuracy of the personal data in question cannot be clearly established.

4. rectification, blocking, marking and deletion shall be notified to the data subject and to those to whom the data have previously been transmitted for data management purposes. Notification may be dispensed with if this is not contrary to the legitimate interest of the data subject, having regard to the purpose of the processing.

5. If the controller does not comply with the request for rectification, blocking or erasure of the data subject, he shall, within 25 days of receipt of the request, state in writing the reasons for refusing the request for rectification, blocking or erasure. In the event of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of a judicial remedy and of recourse to the Authority.

Change of Privacy Policy

1. Data Controller reserves the right to modify the Privacy Policy at any time by unilateral decision.

2. The User accepts the Terms and Conditions in force at any time upon subsequent access, without the need to seek the consent of each User.

Remedy

1. User may object to the management of his / her personal data if

(a) the processing or transmission of personal data is only necessary for the fulfillment of a legal obligation to the Service Provider or for the enforcement of a legitimate interest of the Service Provider, the data recipient or a third party, unless such processing is required by law;

(b) the use or communication of personal data is for the purpose of direct marketing, opinion polling or scientific research;

(c) in other cases specified by law.

2. The Service Provider shall examine the objection as soon as possible after filing the application, but not more than 15 days, and shall make a decision on its merits and inform the applicant in writing of its decision. If the Service Provider determines that the objection of the data subject is well founded, the data processing, including further data collection and transfer, shall be terminated and the data shall be blocked and shall inform all persons to whom the objection is made who have previously communicated personal data of the person concerned and who are required to take action to enforce the right of protest.

3. If the User does not agree with the decision made by the Service Provider, he may appeal to the court within 30 days of its notification. The court acts out of turn.

4. Complaints may be lodged with the National Data Protection and Freedom Authority about a possible breach by the controller:

National Data Protection and Freedom of Information Authority
1125 Budapest, Erzsébet Szilágyi alley 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: + 36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu