Privacy policy

DATA MANAGEMENT INFORMATION

for visitors and registered users of the website http://www.stoorn.hu.

The service provider / data controller processes the data of the persons registered on the website in the course of its operation, in order to provide them with an appropriate service.

The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.

This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.


Name of the service provider, data controller

Name / company name: Goóg-Magyar Zoltán E.V.
Registered office.
VAT number: 56618765-1-42
Website address: www.stoorn.hu
Contact details of the privacy policy: www.stoorn.hu

Contact details of the data controller

Name/Company name: Goóg-Magyar Zoltán EV.
Address for correspondence: Hungary 3256 Kisfüzes Rozmaring utca 1.
E-mail: hello@stoorn.hu
Phone: +36303623122


Definitions

  • the GDPR (General Data Protection Regulation) is the European Union's new Data Protection Regulation;
  • processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
  • consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
  • a personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • recipient: a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
  • third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.


Principles governing the processing

The controller declares that it will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable law, in particular with regard to the following:

The processing of personal data shall be lawful, fair and transparent for the data subject.

The collection of personal data must be carried out for specified, explicit and legitimate purposes.

The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.

Personal data must be accurate and kept up to date. Inaccurate personal data must be deleted without delay.

Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.

Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by appropriate technical or organisational measures.

The principles of data protection shall apply to any information relating to an identified or identifiable natural person.


Important information about data management

The purpose of data processing is to enable the service provider / data controller to provide additional services to the persons registered on the website.

The legal basis for the processing is the consent of the data subject.

The data subjects concerned by the processing are the registered users of the website.

Duration of processing and deletion of data. The duration of the processing will always depend on the specific purpose of the user, but the data will be deleted immediately once the original purpose has been achieved. The data subject may withdraw his or her consent to the processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to the deletion, your data will be deleted.

The data controller and its employees are entitled to access the data.

The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data and the data subject's right to data portability.

The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

The data subject may exercise the right to lodge a complaint with the supervisory authority.

If the data subject wishes to benefit from the advantages of registration, i.e. to use the services of the website in this respect, he or she must provide the requested personal data. The data subject is not obliged to provide personal data and will not suffer any disadvantage if he or she does not provide such data. However, it is not possible to use certain functions of the website without registration.

The data subject shall have the right to obtain, upon request and without undue delay, the rectification or integration by the controller of inaccurate personal data relating to him or her.

The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the erasure of inaccurate personal data relating to him or her and the controller shall be obliged to erase personal data relating to him or her without undue delay, unless there is another legal basis for the processing.

The amendment or deletion of personal data may be initiated by e-mail, telephone or letter using the contact details provided above.


Registration on the website

The purpose of the processing is to provide additional services and to contact you.

The legal basis for the processing of registration data is your consent.

The data subjects are the registration users of the website.

Duration of processing. The processing will be carried out until consent is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to processing is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

The controller and its employees are entitled to access the data.

Method of storage of data: electronic.

You may request the modification or deletion of your personal data by e-mail, telephone or letter to the contact details given above.

The provision of personal data is strictly necessary for identification in databases and for contact purposes. The exact company name and address are required for invoicing purposes, which is a legal obligation.

Scope of data processed - Specific purpose of the data processing

Name - Identification, contact, billing.
Company name - Identification, contact, billing.
Address - Identification, contact, billing.
E-mail - Identification, contact.
Telephone - Identification, contact.
Date of registration - Technical information operation.

The user can give his/her consent to the processing of his/her personal data by deliberately ticking the empty checkbox on the website, which is specifically for this purpose.

You, as the data subject, may object to the processing of your personal data, in which respect you have the right to the procedure set out in the data processing information detailed above and in this notice and the legislation described in this notice.

Placing an order

The purpose of data management is to provide additional services, make contact, and send confirmation e-mails. We can only fulfill your order if you provide your contact and invoicing data, which are absolutely necessary for contact and invoicing.

The legal basis for data management is your consent. In the case of invoicing, data management is based on legal requirements.

The persons involved in data management are registered users of the website.

Duration of data management. Data management takes place until legal requirements or withdrawal of consent. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

Data is deleted when consent to data management is revoked. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address. Invoicing data can be deleted in accordance with legal regulations.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of personal data can be initiated by e-mail, phone or letter using the contact options provided above.

Scope of managed data - The specific purpose of the data management data

Name - Identification, contact, billing.
Company name - Identification, contact, invoicing.
Address - Identification, contact, billing.
E-mail - Identification, contact.
Telephone - Identification, contact.
Date of registration - Technical information operation.
Ordered product data - Identification of the product.
Date of registration - Technical information operation.
IP address - Technical information operation.

The user's data management consent can be given by intentionally ticking the empty checkbox on the website that is specifically for this purpose.

The person concerned may object to the processing of his personal data, in this regard he is entitled to the procedure according to the data management information detailed above and this information sheet, as well as the legislation described in the information sheet.

 

Invoicing

The purpose of data management is to issue and send an electronic invoice as an e-mail attachment.

The legal basis for data management is mandatory data management based on legislation.

Those involved in data management are the customer partners of the service provider.

Duration of data management. Data management takes place until legal requirements or withdrawal of consent. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

Data is deleted when consent to data management is revoked. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address. Invoicing data can be deleted in accordance with legal regulations.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of account data can be initiated by e-mail, phone or letter using the contact options provided above.

Scope of managed data - The specific purpose of the data management data

Name - Identification, contact, billing.
Company name - Identification, contact, invoicing.
Address - Identification, contact, billing.
E-mail - Identification, contact.
Telephone - Identification, contact.
Tax number / tax ID - Identification of the buyer.
Account information - Identification of the account.
Date of issue of invoice - Technical information operation.

The user's data management consent can be given by intentionally ticking the empty checkbox on the website that is specifically for this purpose.

The person concerned may object to the processing of his personal data, in this regard he is entitled to the procedure according to the data management information detailed above and this information sheet, as well as the legislation described in the information sheet.


Cookies

Cookies are placed on the user's computer by the visited websites and contain information such as page settings or login status.

Cookies are therefore small files created by visited websites. By saving browsing data, they improve the user experience. With the help of cookies, the website remembers the website settings and offers locally relevant content.

The provider's website sends a small file (cookie) to the computer of website visitors in order to determine the fact and time of the visit. The service provider informs the website visitor about this.

The group of persons involved in data management are website visitors.

The purpose of data management is additional services, identification, and tracking of visitors.

Legal basis for data management. The user's consent is not required if the service provider absolutely needs it to use cookies.

Scope of the data: unique identification number, time, setting data.

The user has the option to delete cookies from the browser at any time in the Settings menu.

Data controllers are entitled to access the data. The data controller does not process personal data using cookies.

Data storage method: electronic.

 

 

Social media

Social media is a media tool where the message is spread through social users. Social media uses the Internet and online exposure to transform users from content receivers to content editors.

Social media is a web application interface that hosts user-generated content, such as Facebook, Instagram, Pinterest, etc.

Social media can include public speeches, lectures, presentations, product or service presentations.

Forms of information published in social media can be forums, blog posts, image, video and audio materials, message boards, e-mail messages, etc.

In accordance with the above, the range of processed data may include the user's public profile picture in addition to personal data.

The scope of those affected: all registered users.

The purpose of data collection is to promote the website or its related website.

The legal basis for data management is the voluntary consent of the data subject.

Duration of data management: according to the regulations that can be viewed on the given social media page.

Data deletion deadline: according to the regulations that can be viewed on the given social media page.

They are entitled to access the data: according to the regulations that can be viewed on the given social media page.

Rights related to data management: according to the regulations that can be viewed on the given social media page.

Data storage method: electronic.

It is important to take into account that when the user uploads or submits any personal data, he gives the operator of the social site a worldwide license to store and use such content.

Therefore, it is very important to make sure that the user has full authorization to communicate the published information.



Google Analytics

Our website uses Google Analytics.

Google Analytics compiles a report for its customers on the habits of website users based on internal cookies.

On behalf of the website operator, Google uses the information to

evaluate how users use the website. As an additional service, it prepares reports related to website activity for the website operator so that it can provide additional services.

The data is stored on Google's servers in an encrypted format in order to make it difficult and prevent misuse of the data.

You can disable Google Analytics as follows. Quote from the site:

Website users who do not want Google Analytics JavaScript to report their data can install a Google Analytics opt-out browser extension. The plugin prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics blocking browser extension does not prevent data from being sent to the website itself and other internet analytics services.

https://support.google.com/analytics/answer/6004245?hl=en

Google's data protection guidelines: https://policies.google.com/privacy?hl=hu

Detailed information on the use and protection of data is available at the links above.

Data protection in detail:

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

 

Data processors

Hosting provider:

Shopify

The data you provide is stored on the server operated by the hosting provider. Only our employees and the employees operating the server can access the data, but they are all responsible for the safe handling of the data.

Name of the activity: hosting service, server service.

The purpose of data management is to ensure the operation of the website.

The processed data: the personal data provided by the data subject

The duration of data management and the deadline for data deletion. The data is managed until the end of the operation of the website, or in accordance with the contractual agreement between the operator of the website and the hosting provider. If necessary, the affected person can contact the hosting provider and request the deletion of their data.

The legal basis for data management is the consent of the person concerned, or data management based on legislation.



Rights related to data management

The right to request information

Through the contact details provided, you can request information from us on what data our company processes, on what legal basis, for what data management purpose, from what source, and for how long. Upon your request, we will send information to the e-mail address you provided without delay, but within 30 days at most.

Right to rectification

You can ask us to change any of your data via the contact details provided. Upon your request, we will act on this immediately, but within 30 days at the latest, and we will send information to the e-mail address you provided.

The right to erasure

You can ask us to delete your data via the contact details provided. At your request, we will do this immediately, but within 30 days at most, and we will send information to the e-mail address you provided.

Right to block

You can ask us to block your data via the contact details provided. The blocking lasts as long as the reason indicated by you makes it necessary to store the data. At your request, we will do this immediately, but within 30 days at most, and we will send information to the e-mail address you provided.

The right to protest

You can object to data processing via the contact details provided. We will examine the objection as soon as possible, but no later than 15 days after submitting the application, make a decision on its merits, and inform you of the decision by e-mail.

The possibility of legal enforcement related to data management

In the case of illegal data processing that you have experienced, notify our company so that it is possible to restore the legal status within a short period of time. In your interest, we will do everything we can to resolve the outlined problem.

If, in your opinion, the legal status cannot be restored, notify the authority of this at the following contact details:

National Data Protection and Freedom of Information Authority

Postal address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: same service (at) naih.hu

URL https://naih.hu



Legislation on which data management is based

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation).

year CXII. Act on the right to self-determination of information and freedom of information.
LXVI of 1995 on the protection of public records, public archives and private archive material. law.

335/2005 on the general requirements for document management of bodies performing public duties. (XII. 29.) Government decree. year CVIII. Act on certain issues of electronic commercial services and services related to the information society.

Act C on electronic communications.