The purpose of the data management information
As a data controller, Hatabi Kft. (hereinafter, Data Controller) recognizes the content of this legal notice as binding. It undertakes to ensure that all data management related to its activities meets the requirements set out in these regulations and in the applicable national legislation, as well as in the legal acts of the European Union.
The data protection guidelines arising in relation to the Data Manager's data management are continuously available at www.karasna.hu/adatvedelem.
The Data Controller reserves the right to change this information at any time, about which it provides information.
The Data Controller is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect its customers' right to informational self-determination. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security.
1. Data of the data controller
If you would like to find the company, you can contact the data controller at the e-mail address info@karasna.hu and the phone number +36 1 789 3716.
Name: Hatabi Trading Limited Liability Company
Headquarters, mailing address, complaints handling: 1132 Budapest, Váci út 40.
Company registration number: 01 09 677690
Tax number: 11807179241
Email: info@karasna.hu
Phone number: +36 1 789 3716
Website: www.karasna.hu
2. Data Protection Officer
The data controller does not carry out any activity that would justify the appointment of a data protection officer.
3. Scope of personal data handled
The data management activity concerns the following personal data of the Data Subject:
- name
- billing address
- mailing address
- phone number (mobile, landline)
The data controller selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the managed data:
- accessible to those authorized to do so (availability);
- its authenticity and authentication are ensured (authenticity of data management);
- its immutability can be verified (data integrity);
- be protected against unauthorized access (data confidentiality).
The data manager uses appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.
The data controller ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.
The data controller preserves confidentiality during data management: it protects the information so that only those who are authorized to do so can access it; integrity: protects the accuracy and completeness of the information and the method of processing; availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.
3.1. Cookies
3.1.1. The purpose of cookies:
- collect information about visitors and their devices;
- they note the individual settings of the visitors, which will be used, e.g. when using online transactions, so you don't have to type them in again;
- facilitate the use of the website;
- they provide a quality user experience.
In order to provide customized service, a small data package, so-called it places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user's current visit with previous ones, but only with regard to its own content.
3.1.2. Session cookies are absolutely necessary
The purpose of these cookies is to allow visitors to fully and smoothly browse the website, use its functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.
3.1.3. Cookies placed by third parties (analytics)
The karasna.hu website also uses cookies from Google Analytics as a third party. By using the Google Analytics service for statistical purposes, karasna.hu collects information about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.
3.1.4. Legal basis for cookie management
The legal basis for cookie management is the consent of the website visitor, based on Article 6 (1) point a) of the relevant Regulation.
If you do not accept the use of cookies, then 3.2.3. certain functions of the websites listed in point 1 will not be available when using the websites, or certain functions may function incorrectly.
You can find more information about deleting cookies for the most common browsers at the following links:
- Firefox: Deleting cookies placed by websites from your computer
- Chrome: Clear cache & cookies
- Safari: Manage cookies and website data in Safari on Mac
4. General data management guidelines, name of data management, use, legal basis and retention period
The data management of the data controller's activities is based on voluntary consent and legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of the data processing.
In some cases, the management, storage, and transmission of a range of the provided data is made mandatory by law, of which we notify our customers separately. We draw the attention of informants to the Data Controller that if they do not provide their own personal data, the informant must obtain the consent of the data subject. Its basic data management principles are in accordance with the applicable legislation related to data protection, and in particular with the following: CXII of 2011. law - on the right to self-determination of information and freedom of information (Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation, GDPR); Act V of 2013 - on the Civil Code (Ptk.); Act C of 2000 - on accounting (Accounting Act); LIII of 2017 Act - on the prevention and prevention of money laundering and terrorist financing (Pmt.); CCXXXVII of 2013. Act - on credit institutions and financial enterprises (Hpt.).
4.1. Data related to online ordering
It is possible to order products through the website, personal data requested during the order:
- name (required field)
- mailing address (required field)
- email address (required field)
- phone number (required field)
The purpose of the data management, the intended use of the managed data: The data will be used to fulfill the online order.
The legal basis for data management: fulfillment of a contract.
Retention period: duration of business relationship or cancellation request.
4.2. Data related to online administration
Personal data requested during contact:
- name (required field)
- email address (required field)
- telephone number (optional field, can be filled in optionally, to initiate a call back)
The purpose of the data management, the intended use of the managed data: The data will be used to contact and fulfill the order.
The legal basis for data management is voluntary consent.
Retention period: duration of business relationship or cancellation request.
4.3. Data related to telephone administration
Personal data requested during contact:
- name (required field)
- telephone number (optional field, can be filled in optionally, to initiate a call back)
Planned use of the processed data: The data will be used for contacting and fulfilling the order.
The purpose of the data management, the intended use of the managed data: The data will be used to contact and fulfill the order.
The legal basis for data management is voluntary consent.
Retention period: duration of business relationship or cancellation request.
4.4 Newsletter-related data
Personal data requested when subscribing to the newsletter:
- name (required field)
- email address (required field)
The newsletter is available after reading and accepting the data management policy. Acceptance of the data management regulations is done by accepting a mandatory check box that is not filled in beforehand.
After signing up, the subscriber will receive information about the subscription in an email message, which he must confirm, and his subscription will then take effect.
During all related processes, the customer still has the option to unsubscribe, every letter contains the option to unsubscribe in the form of a link, which is easily accessible with one click.
Since the newsletter contains the name of the company and the availability of its website, it is classified as advertising and eDM.
The purpose of the data management, the intended use of the processed data: The data will be used to send out a newsletter containing advertising. The newsletter contains the address of the website, so it is considered advertising.
The legal basis for data management is voluntary consent.
Retention period: until unsubscribed.
4.5. Personal data to be provided during registration
It is possible to register in the webshop module of the website, which facilitates the use of additional services. that it is not necessary to enter the data repeatedly. Personal data processed during registration:
- name (required field)
- mailing address (required field)
- email address (required field)
- phone number (required field)
- purchase information
Purpose of data management, planned use of managed data: invoicing.
The legal basis for data management is voluntary consent.
Retention period: until withdrawal.
4.6. Personal data to be provided during purchase
If you want to place an order in the webshop module, data management and the provision of data during the purchase are essential for the fulfillment of the contract.
- name (required field)
- mailing address (required field)
- email address (required field)
- phone number (required field)
- purchase information
The purpose of the data management, the planned use of the managed data: fulfillment of a contractual order.
The legal basis for data management is a contractual assignment.
Retention period: subject year + 5 years based on legal requirements
4.7. Guarantee service
If you initiate warranty administration, data management and the provision of data are essential for administration.
- name
- e-mail address
- telephone number
- complaint
The purpose of the data management, the intended use of the managed data: warranty administration.
The legal basis for data management is voluntary consent.
Retention period: subject year + 5 years based on the Act on Consumer Protection
4.8 Data related to invoicing
The Data Controller enters into a contract with its customers for the ordered services, during which the following data is stored:
- name
- Home address
- e-mail address
Purpose of data management, planned use of managed data: invoicing.
Legal basis for data management: legal requirement.
Retention period: subject year + 5 years based on legal requirements.
4.9. Handling consumer protection complaints
If you file a consumer protection complaint, data management and the provision of data are essential for administration.
- name
- e-mail address
- telephone number
- complaint
Purpose of data management, planned use of managed data: consumer protection complaint administration.
The legal basis for data management is voluntary consent.
Retention period: subject year + 5 years based on the Act on Consumer Protection
5. Physical storage locations of the data
Your personal data (that is, data that can be associated with you) may be processed by us in the following ways:
- on the one hand, in connection with the maintenance of the Internet connection, technical data related to the computer, browser program, Internet address, and visited pages are automatically generated in our computer system,
- on the other hand, you can also provide your name, contact information or other data if you wish to contact us personally when using the website. Technically recorded data during the operation of the system: the data of the computer of the relevant entrant, which are generated during the voting and which the karasna.hu system records as an automatic result of the technical processes.
The data that is recorded automatically is automatically logged by the system upon entry and exit without a separate statement or action by the person concerned. This data cannot be combined with other personal user data, except in cases made mandatory by law. Only www.karasna.hu can access the data.
6. Data transmission, data processing, the circle of those familiar with the data
The data controller uses the following data processors as part of its business activities:
Hosting service:
Shopify Inc.
Address: 151 O'Connor Street, Ottawa, ON K2P 2L8, Canada
Scope of known data: content of the website located on the karasna.webshop.hu domain, emails sent to email addresses based on this domain.
Invoicing:
DLM Solutions Kft.
Address: 1033 Budapest, Szőlőkert utca 4/B.
Email: info@dlms.hu
Phone: +36 1 884 3300
Range of known data: issued invoices.
Booking:
Vitéz Könyvelő Iroda Kft.
Address: 1183 Budapest Ráday Gedeon u. 60. I. em.
Email: andrea.vitez@konyveles.hu
Range of known data: issued invoices
Newsletter:
DLM Solutions Kft.
Address: 1033 Budapest, Szőlőkert utca 4/B.
Email: info@dlms.hu
Phone: +36 1 884 3300
Range of known data: subscriber name and email address.
Google Analytics:
Google Inc., Mountain View, California, USA
Scope of known data: IP address of webfolio.hu and fotofolio.hu website visitors - anonymized, not linked to a person.
Facebook page:
Facebook Inc.
Menlo Park, California, USA
Data management information: https://www.facebook.com/about/privacy/update
Range of known data: username, comments.
7. Affected rights and legal enforcement options
The data subject can request information about the processing of his personal data, and can request the correction of his personal data, or - with the exception of mandatory data processing - deletion or withdrawal, he can exercise his right to data portability and protest in the manner indicated when the data was collected, or at the above contact details of the data controller.
8. Right to information
The data controller takes appropriate measures to ensure that all information related to the processing of personal data referred to in Articles 13 and 14 of the GDPR and Articles 15-22 are provided to the data subjects. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded.
8.1. The data subject's right to access
The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information:
- the purposes of data management;
- categories of personal data concerned;
- the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
- the planned period of storage of personal data;
- the right to rectification, deletion or limitation of data processing and the right to protest;
- the right to submit a complaint to the supervisory authority;
- information about data sources;
- the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject.
The data controller shall provide the information within a maximum of one month from the date of submission of the request.
8.2. Right to rectification
The data subject may request the correction of inaccurate personal data concerning him or her managed by the Data Controller and the addition of incomplete data.
8.3. Right to erasure
If one of the following reasons exists, the data subject has the right to have the Data Controller delete his personal data without undue delay at his request: personal data are no longer needed for the purpose for which they were collected or otherwise processed; the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management; the data subject objects to data processing and there is no overriding legal reason for data processing; personal data has been processed unlawfully; the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller; the collection of personal data took place in connection with the offering of services related to the information society.
Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to submit, assert or defend legal claims.
8.4. The right to restrict data processing
At the request of the data subject, the Data Controller restricts data processing if one of the following conditions is met: the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows checking the accuracy of the personal data; the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use; the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; or the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
8.5. Right to data portability
The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.
8.6. Right to protest
The data subject has the right, for reasons related to his own situation, to object at any time to the processing of his personal data necessary for the execution of a task carried out in the public interest or within the framework of the exercise of public authority granted to the data controller, or the processing necessary to assert the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions too. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the presentation, enforcement or defense of legal claims.
8.7. Automated decision-making in individual cases. including profiling
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.
8.8. Right of withdrawal
The data subject has the right to withdraw his consent at any time.
8.9. Right to go to court
In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case. 8.11 Data protection official procedure Complaints can be made to the National Data Protection and Freedom of Information Authority:
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: 0613911400 Fax: 0613911410
E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
9. Other provisions
We provide information on data management not listed in this information when the data is collected. We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, transfer documents, or they can contact the data controller to make it available. If the authority has specified the exact purpose and the scope of the data, the data controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.