Informacije o upravljanju podacima
PRIVACY POLICY
Information on Data Protection
Date of adoption: 11-02-2019
Table of Contents
- Information on Data Processing
Data Controller:
Name: Darius- Musik Kereskedelmi KFT
Headquarters: H-1061 Budapest Paulay Ede u. 58
Address, complaint handling: H-1061 Budapest Paulay Ede u. 58
E-mail: dariushangszer@gmail.com
Phone: 06209441938
Webpage: http://www.webshop.dariusmusic.hu
Hosting service provider:
Name: UNAS Online Kft.
Address: H-9400 Sopron, Kőszegi út 14.
E-mail: unas@unas.hu
Phone:
Description of data processing performed during the operation of the webpage
Information about using cookies
What is a cookie?
The Data Controller uses so-called cookies during visits to the website. A cookie is a package of information made up of letters and digits, which our website sends to your browser in order to save some settings, make the use of the website easier, and helps to collect some relevant information about our visitors for statistical purposes.
The majority of cookies do not contain personal data and does not help the identification of individuals. A part of them however contains individual identifiers (a secret, randomly generated sequence) that are stored by your browser, and can make you identifiable. The operation times of certain cookies are indicated in their descriptions.
Legal framework and legal basis of the cookies:
The legal basis for data processing is your consent under Article 6 (1) (a) of the Regulation.
Main characteristics of cookies used by the website:
Google Adwords cookie When somebody visits our webpage, their cookie-identifier is added to our list for remarketing. Google uses cookies, such as NID and SID cookies, for the personalization of advertisements in Google products, such as Google Search. For example, such cookies are used to note your recent searches, past interactions with advertisers 'ads or search results, and visits to the websites of advertisers. The conversion tracking function of AdWords uses cookies. In order to track sales and other conversions resulting from ads, cookies are saved on the user's computer when that person clicks on an advertisement. Some common uses of cookies are: selecting ads based on what is relevant to a particular user, improving campaign performance reports, and avoiding displaying ads that the user has already viewed.
Google Analytics cookie: Google Analytics is Google's analyzing tool that helps the owners of websites and applications to get an overview of their visitors' activities. The service might use cookies to collect information and create a report on statistical information about the use of the website without individually identifying visitors for Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reports based on site usage statistics, Google Analytics, along with some of the advertising cookies described, can also be used to display more relevant ads on Google products (such as Google Search) and across the web.
Remarketing cookies: They can appear for past visitors or users on other Google Display Network websites, or when they search for products or services with search words relevant to the services.
Cookies essential for operation: These cookies are essential for the use of the website and allow you to use its basic functions. A number of functions of this website will not be available to you without these. The lifetime of these types of cookies is limited to the duration of the session.
Cookies for improving the user experience: These cookies collect information about the user's internet use, for example, what pages they visit most, or what error messages the receive from websites. These cookies do not collect information that identify visitors, they only use general, anonymous information. We use data from these cookies for improving the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.
Session cookies: These cookies store the visitor's location, browser language, payment currency, their lifetime is limited to maximum 2 hours or until the browser is closed.
Mature content cookies: These cookies are a confirmation of the age-restricted content and state that the person concerned is over 18 years of age. The cookies operate until the browser is closed.
Referrer cookies: They record what outside website the visitor arrived to the website from. They last until the browser is closed.
Previously viewed product cookies: They record the products that the visitor has previously viewed. Their lifespan is 60 days.
Previously viewed category cookie: Records the previously viewed category. Its lifespan is 60 days.
Recommended products cookie: It records the list of products to be recommended when the ""Recommend" function is used. Its lifespan is 60 days.
Mobile version, design cookie: It detects the device used by the visitor and switches to mobile view if necessary. Its lifespan is 365 days.
Accept cookies cookie: It records if the declaration about the storage of cookie is accepted when a visitor arrives on the webpage. Its lifespan is 365 days.
Cart cookie: Records the products placed in the cart. Its lifespan is 365 days.
Intelligent offer cookie: It records criteria for displaying smart offers (for example, was the visitor already on the page, do they have an order). Its lifespan is 30 days.
Logout #2 cookie It logs the user out after 90 days according to option #2. Its lifespan is 90 days.
Backend ID cookie: It is the ID of the backend server for the website. It lasts until the browser is closed.
employee_login_last_email It stores the e-mail address after signing in, until the browser is closed.
Ealrm, ealem, ealpw It provides permanent login. Its lifespan is 180 days.
come_from It redirects the user after login. Its lifespan is 10 minutes.
predictionio User ID cookie for personalized ads. Its lifespan is 3 months.
currency It stores the customer's currency. Its lifespan is 30 days.
Facebook pixel (Facebook cookie) Facebook pixel is a code, that helps create records about conversions on the website, target audiences can be created, and the owner of the page can get detailed analysis about how users use the website. With Facebook pixel, you can display customized offers and ads to your website on Facebook. You can read the Facebook data management policy here: https://www.facebook.com/privacy/explanation
If you do not accept the use of cookies, some functions will not be available to you. You can find more information on deleting cookies on the links below:
- Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
- Safari: https://support.apple.com/kb/ph21411?locale=en_US
- Chrome: https://support.google.com/chrome/answer/95647
Processed Data for Conclusion and Fulfilment of Contracts
There are a number of data processing cases for the conclusion and fulfilment of contracts. Please be informed that data processing related to complaint handling and warranty administration will only take place if you exercise one of those rights.
I you do not make a purchase via the web shop and are a visitor of the website, then the information in the data processing for marketing purposes might apply to you, if you have given permission for marketing.
Data processing performed for conclusion and fulfilment of contracts in detail:
Registration on the website
The Data Controller can provide a better service with the storage of the provided data (for example, the Data Subject does not have to provide their data during the next occasion when shopping). Registration is not a condition for concluding a contract
Processed data
During data processing, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product and the date of purchase.
Time period of data processing
Until the withdrawal of consent.
Legal basis of data processing
Your voluntary consent to the Data Controller is provided through registration [Data Management under Article 6 (1) (a) of Regulation]
Processing the Order
Data processing activities when processing orders are required for the completion of the contract
Processed data
During data processing, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product, the number of your order and the date of purchase.
I you have submitted an order in the web shop, data processing and providing data is essential to fulfilling the contract.
Time period of data processing
Data is processed for a period of 5 years according to the regulations of the civil law.
Legal basis of data processing
The fulfilment of the contract. [Data processing under Article 6 (1) (b) of the Regulation]
Invoicing
Data processing is done in order to issue invoices that comply with the law and to fulfill the obligation of keeping accounting records. According to Paragraph 169. (1)-(2) of the Accounting Law, business organizations must keep accounting documents that directly or indirectly prove bookkeeping.
Processed data
Name, address, e-mail address, phone number.
Time period of data processing
The invoices issued according to Section 169 paragraph (2) of the Accounting Law, shall be kept for 8 years from the date of issue of the invoice.
Legal basis of data processing
Pursuant to Section 159 paragraph (1) of the Act CXXVII of 2007 on VAT, the issue of an invoice is mandatory and must be retained for 8 years under Section 169 (2) of Act C of 2000 on Accounting [Data management according to Article 6 (1) (c) of Regulation].
Data processing concerning deliveries
Data processing is performed for the delivery of the ordered product.
Processed data
Name, address, e-mail address, phone number.
Time period of data processing
The Data Controller processes the data until the delivery of the ordered product.
Legal basis of data processing
The fulfilment of the contract. [Data processing under Article 6 (1) (b) of the Regulation]
Warranty management
Data processing is performed for the management of warranty complaints. I you have requested a warranty procedure, data processing and providing data is essential.
Processed data
The name, phone number, e-mail address of the Costumer, the contents of the complaint.
Time period of data processing
Warranty claims are retained for 5 years under the Law on Consumer Protection.
Legal basis of data processing
Requesting warranty procedures from us is a voluntary decision, however, if you request a procedure, Section 17 (7) of Act CLV of 1997 on Consumer Protection requires us to keep the complaint for 5 years [Article 6 (1) (c) of the Regulation]
Managing any consumer protection claims
Data processing is performed for the management of consumer protection claims. I you have filed a complaint, data processing and providing data is essential.
Processed data
The name, phone number, e-mail address of the Costumer, the contents of the complaint.
Time period of data processing
Warranty claims are retained for 5 years under the Law on Consumer Protection.
Legal basis of data processing
Filing a complaint is a voluntary decision, however, if you request a procedure, Section 17 (7) of Act CLV of 1997 on Consumer Protection requires us to keep the complaint for 5 years [Article 6 (1) (c) of the Regulation]
Data processed for verifying consent
When registering, ordering or subscribing to a newsletter, the IT system stores the IT data related to consent for future verification.
Processed data
The time of consent given and the IP address of the data subject.
Time period of data processing
Due to legal requirements consent must be verified, therefore data is stored for a period of limitation after data processing ceased.
Legal basis of data processing
Article 7 (1) of the Regulation imposes this obligation. [Data processing under Article 6 (1) (c) of the Regulation]
Data Processing for Marketing Purposes
Data processing related to sending newsletters
Processed data
Name, address, e-mail address, phone number.
Time period of data processing
Until the withdrawal of the consent of the data subject.
Legal basis of data processing
Your voluntary consent to the Data Controller is provided through signing up for our newsletter [Data Management under Article 6 (1) (a) of Regulation]
Data processing related to sending and displaying personalized ads
Processed data
Name, address, e-mail address, phone number.
Time period of data processing
Until the withdrawal of consent.
Legal basis of data processing
Your voluntary consent to the Data Controller is given during the providing of data [Data Management under Article 6 (1) (a) of Regulation]
Remarketing
Data management as a remarketing activity is done with cookies.
Processed data
Data processed by cookies specified in the section defining cookies.
Time period of data processing
More information on the duration of data storage by cookies can be found here:
Google General Cookie Policy https://www.google.com/policies/technologies/types/
Google Analitycs policies: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook policies:https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Legal basis of data processing
Your voluntary consent to the Data Controller is provided by using the website [Data Management under Article 6 (1) (a) of Regulation]
Contests
Data processing is performed for conducting the competition.
Processed data
Name, e-mail address, phone number.
Time period of data processing
Data is deleted after the competition is over, except for data of the winner, which the Data Controller is required to keep for 8 years according to the Accounting Laws.
Legal basis of data processing
Your voluntary consent to the Data Controller is provided by using the website. [Data Management under Article 6 (1) (a) of Regulation]
Further data processing
If the Data Controller wishes to carry out further processing, it provides prior information on the essential circumstances of data processing (the legal background and legal basis of data management, the purpose of data processing, the range of the data processed, the duration of data processing).
We would like to inform you that the Data Controller will have to fulfill the Authority's written requests for providing data. The Data Controller keeps a record of the data transfers according to paragraph 15 (2)-(3) of the Act on Information (which authority it was provided to, what personal data, on what legal basis, when the Data Controller acted), the content of which is disclosed by the Data Controller upon request, unless the information is excluded by law.
On the use of a Data Processor and their activities relating to data processing
Data Processing for the storage of personal data
Name and purpose of the data processor: UNAS Online Kft.
Contact details of the data processor:
Phone:
E-mail: unas@unas.hu
Headquarters: H-9400 Sopron, Kőszegi út 14.
The Data Processor stores personal data according to a contract with the Data Controller. They are not entitled to know personal data.
Data processing with relation to shipping
Name and purpose of the data processor: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Headquarters of the data processor: H-2351 Alsónémedi, GLS Európa u. 2.
Phone number of the data processor: +36-29/88 66 70
E-mail address of the data processor: info@gls-hungary.com
The Data Processor participates in the delivery of the ordered products on the basis of a contract with the Data Controller. In doing so, the Data Processor may manage the name, address and telephone number of the buyer until the end of the calendar year following the dispatch of the postal item. At the end of the calendar year they shall delete the information.
Name and purpose of the data processor: Magyar Posta Zártkörűen Működő Részvénytársaság
Headquarters of the data processor: H-1138 Budapest, Dunavirág utca 2-6.
Phone number of the data processor: +36-1/767-8200
E-mail address of the data processor: ugyfelszolgalat@posta.hu
The Data Processor participates in the delivery of the ordered products on the basis of a contract with the Data Controller. In doing so, the Data Processor may manage the name, address and telephone number of the buyer until the end of the calendar year following the dispatch of the postal item. At the end of the calendar year they shall delete the information.
Data processing related to sending newsletters
The name of the company operating the newsletter system: UNAS Online Kft.
Headquarters of the company operating the newsletter system: H-9400 Sopron, Kőszegi út 14.
Phone number of the company operating the newsletter system:
E-mail address of the company operating the newsletter system: unas@unas.hu
The Data Processor participates in sending the newsletter on the basis of a contract with the Data Controller. In doing so, the Data Processor handles the name and e-mail address of the data subject to the extent necessary to sending the newsletter, and immediately deletes it at the request of the data subject.
Data processing related to invoicing
Name and purpose of the data processor: Számlázz.hu
Headquarters of the data processor: H-1031 Budapest, Záhony utca 7.
Phone number of the data processor: +3630 35 44 789
E-mail address of the data processor: info(at)szamlazz(dot)hu
The Data Processor participates in keeping records on accounting on the basis of a contract with the Data Controller. In doing so, the Data Processor handles the name and address of the data subject to the extent necessary to keeping records on accounting and handles data in the period specified by Section 169 (2) of the Accounting Law, after which they delete the data.
Data processing for the operation of the CRM system
Name and purpose of the data processor: UNAS Online Kft.
Headquarters of the data processor: H-9400 Sopron, Kőszegi út 14.
Phone number of the data processor:
E-mail address of the data processor: unas@unas.hu
The Data Processor participates in the administration of orders on the basis of a contract with the Data Controller. In doing so, the Data Processor handles the name, address, telephone number and the number and time of the orders within the time period defined by civil law.
Data processing related to online payments
Name and purpose of the data processor: Six Payment Services (Europe)
Headquarters of the data processor: 10Rue Gabriel Lippmann Munsbach
Phone number of the data processor: 00800 0074 9719
E-mail address of the data processor: info.hu@six-payment-services.com
The Data Processor participates in performing online payments on the basis of a contract with the Data Controller. In doing so, the Data Processor handles the billing name, address and the number and time of the order within the time period defined by civil law.
Transmission of Data
For using the Reliable Shop Program of www.arukereso.hu (Online Comparison Shopping Kft. H-1074 Budapest, Rákóczi út 70-72., Tax number: 24868291-2-42, Company registration number: 01-09-186759), the e.mail address and the purchased products of the buyer are forwarded to arukereso.hu after a purchase is done. The purpose of data transfer: requesting and displaying customer reviews. Personal data thus transmitted to Online Comparison Shopping Kft. is handled according to the Data Processing Policy of www.arukereso.hu. The data controller of the data thus transmitted is considered to be Online Comparison Shopping Ltd.
Transmission of data to a third country
SAMPLE
The following data processor is located outside the European Union and processes data outside the European Union. The data processor is member of the Privacy Shield List and therefore assures that data processing is performed according to the standards of the European Union. More information: www.privacyshild.gov
The Rocket Science Group LLC (MailChimp)
Address: 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308
E-mail: legal@mailchimp.com
Phone: (404) 806-5843
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
Your rights during data processing
During the data processing period, you are entitled to the following rights according to the Regulation:
- the right to withdraw consent
- accessing information on personal data and data processing
- the right of rectification
- limiting data processing
- the right to erasure
- the right to object
- the right to data portability.
If you wish to exercise your rights, it requires your identification and the Data Controller must communicate with you as necessary. Therefore the providing of personal data is necessary for identification (but identification can only be performed with data that the Data Controller processes already), and the Data Controller's email account will contain your data processing complaint within the time period specified for complaints in this information sheet. If you have been our costumer and would like to identify yourself for complaint or warranty management, please also provide your order ID for identification as well. We can identify you as a costumer with this.
The Data Controller responds to complaints on data processing in 30 days.
The right to withdraw consent
You have the right to revoke consent for data processing at any time, in which case the data provided will be deleted from our system. However, please consider that revoking when there is an incomplete delivery in progress might result in us not being able to complete the delivery. Furthermore, if the purchase is already done, we cannot delete billing data from our systems according to accounting regulations, and if you have any debts, we can still process your data for claiming the amount based on legitimate interests.
Accessing personal data
You are entitled to receive feedback from the data controller on whether personal data are being processed and, if data is being processed, you are entitled to:
- get access to the processed personal data and
- to receive information from the Data Controller on the following:
- the purpose data processing;
- the categories of your personal data processed;
- information about the recipients or categories of recipients with whom the Data Controller has communicated or will share the personal data;
- the planned duration of the storage of personal data or, if this is not possible, the criteria for determining the time period;
- your right to apply to the controller for access, correction, erasure or restriction of personal data relating to you and to object to the processing of such personal data and the your right to data portability;
- the right to file a complaint with the supervisory authority;
- if the data were not collected from you, all available information about their sources;
- the fact that automated decision-making (if used), including profiling, and at least in these cases the logic applied and comprehensible information on what significance or consequences the data processing activity might have.
The aim of exercising this right can be to determine and monitor data processing, therefore upon multiple requests for information, the Data Controller may charge a fair compensation for sharing information.
The Data Controller ensures access to information by sending you the processed personal data and information about you in e-mail after you have identified yourself. If you have registered an account, you can access the processed personal data about you after logging in to your account.
Please indicate in your application whether you are requesting access to personal data or on data management.
The right of rectification
You have the right to request the data controller to correct the inaccurate personal data relating to you without undue delay.
The right to limit data processing
You have the right to request the data controller to restrict access to your personal data if one of the following is fulfilled:
- You dispute the accuracy of the personal data, in which case the restriction applies to the period that allows the data controller to verify the accuracy of the personal data, if the accurate data can be determined immediately, there can be no restriction;
- data processing is illegal, but you are against deleting data for any reason (for example, because the data is important for you to enforce a legal claim), soyou ask for the data not to be deleted, but instead for a restriction on its use;
- the data controller no longer needs personal data for data processing purposes, but you request them for the submission, validation or protection of legal claims; or
- You have objected to data processing, but the Data Controller's legitimate interests rectify data processing, in which case, the restriction shall apply for the period until it is established whether the legitimate reasons of the data controller take precedence over your legitimate reasons.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You shall be informed by the controller before the restriction of processing is lifted (at least 3 working days before).
Right to erasure – right to be forgotten
You have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay if one of the following applies:
- the personal data is no longer needed for the purpose it was collected or processed by the Data Controller;
- You revoke your consent and the data processing no longer has a legal basis;
- You protest against data management based on legitimate interest and there is no legitimate legal reason (i.e. legitimate interest) for data processing,
- the Data Controller processed data unlawfully and this was found to be true after a complaint;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
If the Data Controller has disclosed your personal data, and must delete it for any of the legitimate reasons above, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers that are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Erasure cannot be performed if data processing is necessary for:
- to exercise the right to freedom of expression and information;
- fulfillment of an obligation under EU or national law applicable to the controller for the processing of personal data (such as the processing of data in the context of billing as it is required by law to keep an invoice) or for the performance of a task carried out in public interest or in the exercise of public authority conferred on the controller;
- submission, validation or protection of legal claims (e.gi if the Data Controller has a claim against you that has not yet been fulfilled or if you are handling a consumer or data management complaint).
The Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
If the processing of personal data is done for the purpose of direct customer acquisition, you the right to object at any time to the processing of personal data relating to you, including profiling, if related to direct customer acquisition. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
The Right to Data Portability
If data processing is an automated process, or if it is based on your voluntary consent, you have the right to receive personal data concerning you from the Data Controller, which is provided in an xml, JSON, or csv format, if it is technologically possible, to transmit those data to another controller.
Automated Decision-Making
You have the right not to be subject to a decision based solely on automated data processing, including profiling, which would have legal effect on you or would be affected by it in an equal amount. In these cases, the data controller is obliged to take appropriate measures to protects the rights, freedom and legitimate interests of the data subject, including the right of the data subject to request human intervention, express an opinion, and to object to a decision.
The above cannot be applied if the decision is:
- necessary to conclude or execute a contract between you and the Data Controller;
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
- is based on the data subject's explicit consent.
Registering for the Data Protection Register
According to the Act on the Freedom of Information the Data Controller had to register specific activities. This reporting obligation expired on May 25, 2018.
Data Security Measures
The Data Controller declares that they have taken appropriate measures for the protection of data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against unavailability due to accidental destruction, damage, or change in the technology used.
the Data Controller will do everything in their power to ensure that their data processors take appropriate data security measures when working with your personal data taking into consideration the organizational and technical capabilities.
Remedy
If you believe that the Data Controller has breached any data processing regulations, or hasn't fulfilled one of your requests, you can request an investigation procedure in order for the alleged unlawful data processing to be stopped from the National Authority for data Protection and Freedom of Information (address: H-1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu).
We would also like to inform you that in the case of violation of legal provisions on data processing, or if the Data Controller has not complied with any of your requests, you may initiate a civil procedure against the Data Controller in court.
Amending Information on Data Processing
The data controller reserves the right to unilaterally modify this information sheet when not affecting the purpose and legal basis of data processing. By using the website after the amendment is in force, you accept the amended data processing guide.
If the Data Controller wishes to perform additional data management for purposes other than the purpose for which they were collected, prior to further processing, they inform you about the purpose of the data management and the following information:
- the duration of the storage of personal data or, if this is not possible, the criteria for determining the time period;
- your right to apply to the controller for access, correction, erasure or restriction of personal data relating to you and to object to the processing of such personal data and the your right to data portability;
- in the case of data processing based on consent, the fact that you can withdraw your consent at any time,
- the right to file a complaint with the supervisory authority;
- about whether the provision of personal data is based on a law or a contractual obligation or a prerequisite for the conclusion of a contract, and whether the data subject is obliged to provide personal data, and what the possible consequences of failure to provide data may be;
- the fact that automated decision-making (if used), including profiling, and at least in these cases the logic applied and comprehensible information on what significance or consequences the data processing activity might have.
Data processing can only begin if its legal basis is consent, you must give consent after receiving information.
This document contains all relevant data management information regarding the operation of the webshop based on the European Union General Data Protection Regulation 2016/679 (hereinafter: GDPR Regulation) and in Act CXII of 2011. (hereinafter referred to as "Information law").