Privacy Policy

Privacy Policy

Table of Contents

1. Name and contact details of the Data Controller

2. Subject-matter and objectives

3. Legal grounds for the processing

4. Changes to Privacy Policy

5. Category of users, children

6. Specific provisions applicable to children

7. Acceptance and implications of the acceptance of Privacy Policy

8. Storage of technical information

9. Data processing

10. Access to personal data, data security measures

11. Transfers of personal data

12. Setting anonymous user identifiers (cookies)

13. Rights of the data subject, and exercising the rights of the data subject

14. Governing law, other provisions

 

1. Name and contact details of the Data Controller

Company: Eustill Art Kft.

Address: 1133 Bp. Visegrádi u.76.

Mailing address: 1133 Bp. Visegrádi u.76.

Registration number: Cg. 01-09-957809

Registered by Fővárosi Törvényszék Cégbírósága (Companies Court of Budapest High Court)

Email address: euhaj.info@gmail.com

Phone number: 06-30-6163031

Website: https://www.iconshair.com

VAT number: 23272897-2-41

(hereinafter referred to as the Data Controller)

 

Data Processors:

– BIT-Hungary Kft., 1202 Budapest, Losonc utca 22., support@web-set.hu, phone: 06-1-436-1010 (server and hosting provider)

 

2. Subject-matter and objectives

This privacy policy (hereinafter referred to as “Privacy Policy”) sets out how and for what purpose the Data Controller collects, uses, and protects the personal data of users (hereinafter referred to as “User” or “You”) of its website https://www.iconshair.com. (hereinafter referred to as “Website”). This Privacy Policy is written in English and covers only the processing of personal data of natural persons.

 

The Privacy Policy defines:

– the identity of the Data Controller,

– the extent of your personal data processed by the Data Controller,

– the legal ground of data processing,

– how the data are processed (including access of the Data Controller and data transfer and data transmission to third parties),

– the purpose processing,

– the duration of the processing, and

– the requirements of data protection and data security

– possible ways for the data subject to exercise his/her rights

 

3. Legal grounds for the processing

 

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR) — this information is provided pursuant to Article 13

– Act CXII of 2011 on the Right to Informational Self-determination and on Freedom of Information ( ‘the Law on information’)

– 2001. – Law CVIII of 2001 on electronic commerce and information society services (a elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefùggő szolgáltatásokról szóló 2001. évi CVIII. Törvény; ‘the Law on electronic commerce’)

4. Changes to Privacy Policy

The Data Controller may amend this Privacy Policy unilaterally. The current Privacy Policy will be made available on the Website. In order to get informed of the amendment and review it, youmust have internet access and check the Website regularly.

5. Category of users, children

Unregistered user: When you browse the Website, the processing of your personal data is also subject to the provisions of this Privacy Policy.

 

6. Specific provisions applicable to children

Children and minors

If you are a minor, always ask your parent’s consent if, for example, you enter your name, phone number, or other personal information on the Website. If you are a child under the age of 14, do not enter any information, such as your name, email address, phone number, without your parents’ knowledge, instead, ask them to help you. Also, ask your parents to read the following lines for parents.

 

Parents

Acceptance of this Privacy Policy: Acceptance of this Privacy Policy requires the consent or approval of the holder of parental responsibility or other legal representative (usually the parent). This section also applies to persons under guardianship who have limited legal capacity with regard to the processing of personal data.

 

For the above reasons, if a child is under the age of 18 or has limited legal capacity for other reasons but has reached the age of 14, the use of the Websiterequires the prior consent or approval of the holder of parental responsibility or other legal representative for each registration or purchase order. Approval implies full responsibility for your child’s user activity. The approval must be sent to the Data Controller via one of the contacts of the Data Controller.

/Sample: ‘Undersigned …, (name of legal representative) as the legal representative of… (name of user between 14 and 18 years old), I hereby agree and consent to the registration of the user I represent on the https://www.iconshair.com website by using his/her personal data. I agree and consent to him/her using the services provided under the Terms and Conditions, accepting the processing of data as detailed in the Privacy Policy of the website, and using the website. Date and signature:…’/

 

If the child is a minor under the age of 14 or incapacitated, he/she cannot use the Website on his/her own – his/her legal representative (usually his/her parent) may use the Website on his/her behalf and he/she is responsible for the User‘s activities.

 

7. Acceptance and implications of the acceptance of Privacy Policy

If you use the Website, you confirm that you have fully read and understood this Privacy Policy and you become acquainted with the content of it.

When you decide to fill in the mandatory data in the contact form on the Website and click send (or a button with the same function), you actively accept the data processing of the Data Controller in accordance with this Privacy Policy.

If you do not agree with the above, do not fill out the form with your personal data, do not send the form by clicking the button, and do not use the Website.

If you place an order or contact us on paper, via mail, or otherwise, we must process your data in accordance with this policy.

 

8. Storage of technical information

When the User is using the Website, the Data Controller (or processor) automatically records the User‘s IP address, the type of operating system and browser used by the User, and other information (so-called header information) for technical reasons. These data are logged continuously but is not connected to the data that is voluntarily provided while browsing the website.

The Data Controller may record the data of the websites from which the User has landed on the Website, as well as those to which he/she clicked from the Website, as well as the time and the duration of stay. The identity and profile of the data subject cannot be inferred from these data.

The computer of visitors to the Website is identified by a so-called cookie.

The Data Controller uses the technical information only for the technical operation of the Website and for statistical purposes.

 

Traffic analytics: The analyses of Userdata made by using generic and/or automated statistical methods are kept by our Website for an unlimited period. No personal data of the data subject may be reproduced from these data by any procedure. We do not link the data collected on the Website to any data from other sources.

 

9. Data processing

Read on for more information on when we request or collect personal information from you and for how long and how we process it.

 

Processing related to invoicing

Whose data we process: We process personal data of users who place an order for a Service with a payment commitment.

 

Why we process these data (purpose of processing):

To record the accounting documents that support the bookkeeping directly and indirectly.

 

What happens if you do not provide the information:

The provision of data is based on a legal obligation and it is mandatory. If you do not provide this information, we will not be able to process your Purchase Order.

 

Erasure of personal data:

Erasure of such data happens automatically at the end of the legal period and it is not possible before the end of such period.

 

What data we process: Name, address.

 

The basis on which we process these data (legal ground):

The legal ground for the processing of the data is the fulfillment of the legal obligation of the Data Controller under Section 169 (1) (2) of Act C of 2000 on Accounting, Article 6(1)(c) of the GDPR.

 

How long we process these data (duration): 8 years from the date of the invoice.

 

To whom we pass on these data (data transmission and transfer): bookkeeper

 

Data processing related to customer service or handling of complaints

Whose data we process: Users contacting our customer service (e.g. who requested information about the Service).

 

Why we process these data (purpose of processing):

To identify you and your case for the investigation and resolution of complaints and cases and related procedures.

 

What happens if you do not provide the information:

The provision of data is based on a legal obligation and is mandatory for the registration of the complaint. If you do not provide this information, we will not be able to record your complaint or take care of your case.

 

Erasure of personal data:

Erasure of such data happens automatically at the end of the legal period and it is not possible before the end of such period.

 

What data we process:

Name, address, email address, phone number.

 

The basis on which we process these data (legal ground):

The basis on which we process these data (legal ground): The legal ground for the processing of the data is the fulfillment of the legal obligation of the Data Controller under Article 17/A (7) of Law CLV of 1997 on consumer protection, Article 6(1)(c) of the GDPR.

 

How long we process these data (duration): 5 years from the date of notification.

 

To whom we pass on these data (data transmission and transfer): The data will not be passed on to anyone.

 

Data processing related to the contact form

Whose data we process: All Users of the Website who fill out the contact form.

 

Why we process these data (purpose of processing):

– so we can identify our Users

– we can contact and keep in touch with you

(We use the information provided, for example, to confirm your contact, to send you information about the Services, or to send system messages that are part of the Services, to send reminders about the Service, or to provide you with responses to your information requests.)

 

What happens if you do not provide the information:

Providing this information is a minimum prerequisite for contacting you, therefore providing them is mandatory. If you do not provide the information, you will not be able to contact us.

 

Erasure of personal data:

Requesting erasure of personal data is possible anytime, free of charge if you indicate this request by contacting the Data Controller via the contact details provided at the beginning of this Privacy Policy.

 

What data we process: Name, email address, telephone number (non-mandatory field).

 

The basis on which we process these data (legal ground):

You have given your voluntary consent to the processing of your personal data for one or more specific purposes, Article 6(1)(b) of the GDPR.

 

How long we process these data (duration): Until consent is withdrawn. Also, we annually reviewed data received by email and we delete contacts that are no longer live.

 

To whom we pass on these data (data transmission and transfer): Server and hosting provider

 

Data processing related to customers registered prior to GDPR

Whose data we process: Users registered on our Website prior to GDPR.

 

Why we process these data (purpose of processing):

– so we can identify our Users

– we can contact and keep in touch with you

(We use the information provided, for example, to confirm your Registration, to send you newsletters and information about the Services, for data update, or to send system messages that are part of the Services, to send reminders about the Service, or to provide you with responses to your information requests.)

 

What happens if you do not provide the information:

Providing of these data was for a specific purpose (e.g. newsletter registration) and it was voluntary, in accordance with previous legislation, therefore we already possess the data.

 

Erasure of personal data:

Requesting erasure of personal data is possible anytime, free of charge if you indicate this request by contacting the Data Controller via the contact details provided at the beginning of this Privacy Policy.

 

What data we process: Name, email address, phone number.

 

The basis on which we process these data (legal ground):

Processing is necessary for the legitimate interests pursued by the controller, Article 6(1)(f) of the GDPR.

 

How long we process these data (duration): Until consent is withdrawn (Registration canceled).

 

To whom we pass on these data (data transmission and transfer): Server and hosting provider

 

Other activities on the Website

On the Website, the Data Controller may request other personal data of the Users for certain activities (e.g. sweepstakes, promotions), but providing such data is also voluntary. The Data Controller informs the Users about the data processing case-by-case and uses the personal data provided for the stated purpose only, in connection with the specific activity and for the period necessary. Such data processing is also governed by this Privacy Policy.

 

Social media platforms or other sites where content can be shared

If the User consents to the sharing of his/her data provided voluntarily on other websites (e.g. sharing, likes, etc.), he/she acknowledges that other websites are subject to their own privacy policies, for which the Data Controller is not responsible.

 

10. Access to personal data, data security measures

In accordance with Article 32 of the General Data Protection Regulation (GDPR), the Data Controller shall make every effort to ensure the security of the data, take the necessary technical and organizational measures and establish the procedural rules necessary for the enforcement of the General Data Protection Regulation and other rules of data protection and confidentiality.

 

The Data Controller stores personal data on paper and computer equipment at the Data Controller‘s place of establishment and its own servers.

 

The Data Controller guarantees an appropriate level of data security by applying the following measures:

– we store user data in a secure technical environment and do not make them available to the public;

users data can only be accessed by the staff indicated in this section after proper identification, and it is only accessible to them;

– natural persons with access to personal data may only process personal data in accordance with the instructions of the Data Controller;

– before exercising your rights, we check the identity of the data subject (you) to ensure the security of personal data so that no one gains unauthorized access to them;

– paper documents are kept locked away by the Data Controller, thereby ensuring that they can be accessed only by authorized personnel

 

Your personal data processed by the Data Controller may be accessed within the Data Controller‘s organization by personnel having the following positions, in accordance with the relevant internal policies:

– Managing Director

– authorized employees of the Data Controller

– bookkeeper

– systems administrators

 

Data breach: In the event of a data breach involving your data, the Data Controller shall use all reasonable measures to reduce the risks after having become aware of it. If there is an event relating to your data, that, despite the protection measures taken by the Data Controller (or your processor), is likely to result in a high risk to your rights and freedoms, we will inform you and the competent authority of this event, free of charge and without delay.

 

Links: On the Website of the Data Controller, there is a reference or a link to pages maintained by other service providers (including banners and buttons that refer to the possibility of logging in or sharing), where the Data Controller has no influence on the practice of processing personal data. Users are reminded that if they click on such links, they may be transferred to the pages of other service providers. In such cases, we recommend that you read the privacy policy that applies to the use of those pages. This Privacy Policy applies only to the Website of the Data Controller. If you modify or delete any of your data on the User’s other external website, it will not affect the data processing by the Data Controller, such modifications should be made on the Website.

 

11. Transfers of personal data

Data Processors: The data processed by the Data Controller are transferred to data processors on behalf of the Data Controller.

The names and contact details of the processors can be found at the beginning of this document

Purpose of data processing, transfer, or transmission: web-based transmission by e-mail, invoicing.

 

The Data Controller does not transmit data to third countries.

 

12. Setting anonymous user identifiers (cookies)

An anonymous user identifier (cookie) is a unique set of information that can be used to identify or store profile information and that is sent to the User‘s computer by the service providers. It is important to know that such a set of information alone cannot identify the User in any way – it is only capable of recognizing the User‘s computer. In the world of networks of the internet, personal information and customized service can only be provided if service providers can individually identify the habits and needs of their customers. Anonymous identification is used by service providers so they can learn more about customers’ habits in using the information in order to further improve the quality of their services and to provide their customers with options for customization.

 

To disable cookies: If the User does not want such an identifier to be stored by his/her computer, he/she may be able to set up his/her browser in a way that does not allow unique identifiers to be stored or only certain unique identifiers are allowed, but in this case, some Services may not be accessed by the User, or may not be accessed in the form that otherwise would have been available, had the User enabled the identifiers.

 

To delete cookies: All browser programs allow you to delete cookies previously-stored, so you can delete them anytime. To access this option, please check the instructions for the browser you are using. However, in the event of deletion, some Services may not be accessed or may not be accessed in the same way as previously done by the User.

 

On our websites, we use cookies to keep track of the following:

– your preferences, e.g. font size, language;

– whether you have acknowledged that you have read the cookie disclaimer on the Website;

– a unique session identifier (session ID)

– the products you have put in your shopping cart;

We record these data only for internal and statistical purposes, we do not pass it to third parties, and we do not use it for identification or profiling.

 

Our websites may use the following cookies:

 

Session cookies are strictly necessary for operation: this temporary data will be stored in the cookie file only until the end of browsing. These are essential for the proper functioning of some features of our website. (PHPSESSID)

 

Cookies to improve the user experience: they collect information about the user‘s use of the Websites, for example, which pages he or she visits most frequently. These cookies do not collect information that identifies the visitor, i.e. they work with completely general, anonymous information. The data obtained from them will be used to improve the performance of the Website. The lifespan of these types of cookies is limited to the duration of the session. (ion_selected_language)

 

Third-party cookies:

– Google Analytics

_utma; _utmb; _utmv; _utmz; _utmx: These cookies collect anonymous information about how visitors use our Website. We cannot identify the User. For more information, see http://www.google.hu/intl/hu/policies/privacy/

 

– social media (Facebook.com, Twitter.com, accounts.google.com)

You may share the content of our website with your friends on social media. These services may leave cookies on your computer that we have no control over. We cannot identify the User.

 

– ad pages (Google Adwords, Facebook)

Our Website uses remarketing tracking codes for ad pages. Remarketing code uses cookies to tag visitors. Thus, after visiting our Website, third-party service providers, including Google and Facebook, may display ads on their websites. These are known as interest-based ads. Users of the Website have the option to disable these cookies. It is not possible for us to identify the user. The Website uses conversion tracking to measure the effectiveness of Google Adwords ads. Conversion tracking cookies exist only for a limited period, they do not have to be accepted and they do not record or use any personal information.

 

13. Rights of the data subject, and exercising the rights of the data subject

You may request the following in relation to your personal data processed by the Data Controller (detailed below, one by one):

– access to personal data we process

– request rectification

– request the erasure of your data

– request restrictions on data processing

– transmit the data we process

– object to the processing of data

 

The Data Controller shall inform you of the measures taken in response to your request or of the reasons for not taking action without undue delay, but in any case within one month of receipt of the request. If the request is complex or a large number of applications are received, the deadline may be extended by one additional month. If possible, the information will be provided electronically. Providing information and the procedure itself shall be free of charge, except for requests which are clearly not founded or exaggerated (especially, because of their repetitive nature). In these cases, an administrative fee of HUF 10,000 will be charged or we will refuse the requested action. We may ask you for information necessary to confirm your identity in connection with your request. In the first case, a copy of your personal data, which we process, will be provided free of charge and, for additional copies, we charge a fee equal to the administrative costs.

Concerning our measures, you can file a complaint with the authority responsible for supervising data protection or you may exercise you may seek a judicial remedy.

 

You may have access to the following information about the processing of your personal data:

– what personal data we process;

– the purpose for which we process your data;

– how long we process the data;

– who received or will receive your personal data;

– if you did not provide your personal data with us, from whom did we receive it;

your rights and remedies in relation to data processing.

 

Rectification: You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you or to have incomplete personal data completed.

 

Erasure: You have the right to obtain from the Data Controller the erasure of personal data:

– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

you withdraw your consent on which the processing is based and where there is no other legal ground for the processing;

you object to the processing and there are no overriding legitimate grounds for the processing;

– the personal data have been unlawfully processed;

– the personal data have to be erased for compliance with a legal obligation.

 

Right to be forgotten: If you request the erasure of your data as per it is stated above and your personal data has been transferred or made public, we will take reasonable steps to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Please note that we will not be able to comply with your request for erasure if we need for the establishment, exercise, or defense of legal claims, or if it would limit the right of freedom of expression and information, or, if a legal obligation (or public interest, scientific or historical research purposes or statistical purposes) is imposed on us conflicts the erasure request.

 

Restriction: Restriction means that these personal data may only be stored or processed with your consent (except for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or reasons of important public interest). You have the right to obtain from the controller restriction of processing if

you do not think the data are accurate, in which case the limitation applies for a period enabling us to verify the accuracy of the personal data

–the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

– we no longer need the personal data for the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims

– if you object to processing pending the verification whether the legitimate grounds of the controller override those of you

 

Rectification, erasure, or restriction of processing will be communicated to all persons with whom we have shared personal data unless this is impossible or requires a disproportionate effort. You can receive a list of such recipients at your request.

 

Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a transferrable and machine-readable format and have the right to transmit those data to another controller if the processing is based on your consent or a contract and the processing is carried out by automated means. Data portability shall not adversely affect the rights and freedoms of others or the right to erasure (‘right to be forgotten’).

You also have the right to have the personal data transmitted directly from the Data Controller to another controller, where technically feasible.

 

Objection: You may object to any processing that is carried out based on the legitimate interest of the Data Controller (or based on public interest). Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, and your personal data will no longer be processed for such purpose after the objection.

 

Enforcement:

Enforcement of the User is possible under the General Data Protection Regulation (GDPR) and the Civil Code (Polgári Törvénykönyv/Ptk.). For any breach of the rights of the User, the User may submit the matter to the courts or may lodge his/her complaint with the supervisory authority.

 

You may lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

 

The authority responsible for supervising data protection in Hungary is the Nemzeti Adatvédelmi és Információszabadság Hatóság (national authority for data protection and freedom of information, ‘the authority’) whose registered office is: 1024 Budapest, Szilágyi Erzsébet fasor 22/C., website: http://www.naih.hu, phone number: +36 (1) 391-1400.

 

You have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning you and you have the right to an effective judicial remedy where the supervisory authority does not handle a complaint or does not inform you within three months on the progress or outcome of the complaint lodged. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

You have the right to an effective judicial remedy where you consider that your rights under this Regulation have been infringed by us as a result of the processing of your personal data in non-compliance with the General Data Protection Regulation. As a general rule, proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment.

 

If you suffered damage as a result of an infringement of this General Data Protection Regulation you shall have the right to receive compensation from the controller or processor for the damage suffered. As a general rule, proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment.

 

Of course, the use of judicial procedures does not preclude the use of other administrative or non-judicial remedies.

 

Proceedings of damages for infringements or proceedings for damages not exceeding HUF 30 million falls within the jurisdiction of the járásbíróság (District Court), and proceedings for damages exceeding HUF 30 million falls within the jurisdiction of törvényszék (General Court).

 

As a general rule, proceedings may be brought before the courts of the data controller’s palace of establishment, but, if you are a consumer, you may also bring the proceedings before the court of your place of domicile within the country, or, if it is not possible, before the court of your habitual residence. In proceedings against the supervisory authority, you may also bring the proceedings before the court of your place of domicile within the country, or, if it is not possible, before the court of your habitual residence, or you may bring the proceedings before the courts of the supervisory authority’s palace of establishment, at your choice.

 

14. Governing law, other provisions

This Privacy Policy is governed by Hungarian law. If the applicable laws of your country impose stricter rules on the parties than those set out in this Privacy Notice, you are required to comply with them. However, you acknowledge and agree that the lability of the Data Controller is based on the laws governing this Privacy Policy, and Data Controller’s liability, as far as possible, is excluded for non-compliance with the provisions of the User‘s country on the basis of applicable laws and court decisions.

 

The headings in this Privacy Policy are for informational purposes only and of themselves are not sufficient to provide understanding on the processing.

 

If you have any questions that have not been clearly answered in this Privacy Policy, please send a mail to the e-mail address provided by the Data Controller at the beginning of this document.

 

Effective as of 25 May 2018

 

Last Modified: Budapest, May 24 2018

 

Mónika FARKAS

Eustill Art Kft.