DATA PROTECTION POLICY
1) Purpose of the privacy notice:
The owner and operator of the web-shop www.letzshopping.hu (hereinafter referred to as the "Merchant" or "Controller"), Nnamchi Bernard Ikechukwu, sole proprietor, 1025 Budapest, Szépvölgyi út 124., as the Controller, acknowledges the contents of this legal notice as binding upon him. It undertakes to ensure that any processing of data relating to its activities complies with the requirements of this policy and the applicable national legislation and European Union acts.
The Data Controller reserves the right to change this information at any time and will notify the public of any changes in due time.
If you have any questions about this communication, please contact us at email@example.com and we will answer them.
The Data Controller is committed to protecting the personal data of its customers and partners, and attaches great importance to respecting the right to information self-determination of its customers. The Data Controller treats personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data. The Data Controller describes its data management practices below.
2) Data controller's data:
If you would like to contact our company, you can contact the Data Controller at firstname.lastname@example.org , but you can also send a direct message via the website.
The Data Controller will delete all e-mails received by it, together with the personal data, after a maximum of five years, i.e. 5 years, from the date of the communication.
Business name: Nnamchi Bernard Ikechukwu sole trader
Head office: 1025 Budapest, Szépvölgyi út 124.
Registration number: 57098737
Tax number: 58748583-1-41
Customer support e-mail address: email@example.com
Hosting provider: Webnode AG, Badenerstrasse 47, 8004 Zurich, Switzerland
3) The scope of the personal data processed:
a) Technical data:
The Data Controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data: is accessible to those authorised to access it (availability); its authenticity and authentication are ensured (authenticity of processing); be verifiable (data integrity); protected against unauthorised access (data confidentiality).
The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, deletion or destruction and against accidental destruction.
The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.
The Data Controller shall retain in the course of processing. confidentiality: it protects information so that only those who are entitled to it have access to it; integrity: it protects the accuracy and completeness of the information and the method of processing; availability: ensuring that when the authorised user needs it, he or she can actually access the information and has the means to do so.
b) Cookies (Cookies):
What cookies do: collect information about visitors and their devices; remember visitors' individual preferences, which are used, for example, when making online transactions, so they do not need to be re-entered; make the website easier to use; provide a quality user experience.
In order to provide a personalised service, a small piece of data called a cookie is placed on the user's computer and read back during a subsequent visit. When the browser returns a previously saved cookie, the cookie provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.
d) Data related to online ordering:
- Surname and first name,
- Billing address: country, municipality, name and number of public area,
- Delivery address: country, municipality, name and number of public area,
- E-mail address,
- Mobile phone number
4) Purpose, method and legal basis of processing
a) General data processing policy:
The data processing of the Data Controller's activities is based on voluntary consent or on legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing.
In certain cases, the processing, storage and transmission of some of the data provided is required by law, and we will notify our customers separately. Data controllers should be aware that if they do not provide their own personal data, the data controller is obliged to obtain the consent of the data subject.
Its data management principles comply with the applicable data protection legislation, in particular:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);
- Act V of 2013 on the Civil Code (Civil Code);
- Act C of 2000 - on Accounting (Accounting Act);
- Act LIII of 2017 - on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.);
- Act CCXXXVII of 2013 - on Credit Institutions and Financial Undertakings (Hpt.).
b) Physical storage locations of the data:
Your personal data (i.e. data that can be associated with you personally) may be processed by us in the following ways: on the one hand, technical data relating to the computer, browser program, Internet address and pages visited in connection with the Internet connection are automatically generated in our computer system, and on the other hand, you may provide your name, contact details or other data if you wish to contact us personally when using the website.
5) Data transfer, data processing, data subjects
The data you provide when placing your order will be transmitted only to the company(ies) responsible
for the delivery of the goods, but only to the extent strictly necessary for the delivery.
The data required for delivery are:
- Surname, first name,
- Delivery address: country, municipality, name and number of public area,
- Mobile phone number,
- E-mail address,
6) Rights of the data subject and means of enforcement
During the period of processing, you have the following rights under the GDPR Regulation:
- the right to withdraw consent,
- access to personal data and information on data management,
- the right to rectification,
- restriction of processing,
- the right to erasure,
- the right to protest,
- the right to portability.
If you wish to exercise your rights, this will involve your identification and the Controller will need to communicate with you, so identification will require the provision of personal data (but identification will only be based on data that the Controller already holds about you) and your complaint about the processing will be available in the Controller's email account within the time period specified in this notice in relation to complaints.
If you are a former customer and would like to be identified for complaint or warranty purposes, please provide your order ID for identification purposes. We can use this to identify you as a customer.
The Data Controller shall respond to complaints about data processing within 30 days at the latest.
a) Right to information:
The Controller shall take appropriate measures to provide data subjects with all the information on the processing of personal data referred to in Articles 13 and 14 of the GDPR and each of the disclosures referred to in Articles 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
b) The right of access of the data subject:
You have the right to receive feedback from the Data Controller on whether your personal data are being processed and, if processing is ongoing, you have the right to access the processed personal data and to be informed by the Data Controller of the following information:
- the purposes of the processing,
- the categories of personal data processed about you,
- information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Data Controller,
- the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period,
- your right to obtain from the Controller the rectification, erasure or restriction of the processing of personal data concerning you and, in the case of processing based on legitimate interest, to object to the processing of such personal data,
- the right to lodge a complaint with a supervisory authority, if the data was not collected from you, any available information about its source,
- the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing.
The purpose of exercising the right may be to ascertain and verify the lawfulness of the processing, and therefore, in the event of repeated requests for information, the Data Controller may charge reasonable compensation for the provision of information.
Access to personal data is provided by the Data Controller by sending you the personal data and information processed by email after you have identified yourself.
Please indicate in your request whether you want access to your personal data or information about data management.
c) Right of rectification:
You have the right to have inaccurate personal data relating to you corrected by the Data Controller without delay upon your request.
d) Right to erasure:
The data subject shall have the right, upon request and without undue delay, to obtain the erasure of personal data concerning him or her by the Data Controller on one of the following grounds:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing,
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed,
- the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller,
- personal data are collected in connection with the provision of information society services.
The erasure of data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
e) The right to restriction of processing:
At the request of the data subject, the Data Controller shall restrict processing if one of the following conditions is met:
- the data subject contests the accuracy of the personal data, in which case the restriction applies for a period of time which allows the accuracy of the personal data to be verified,
- the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use,
- the data controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims, or
- the data subject has objected to the processing: in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.
Where processing is restricted, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.
f) Right to data retention:
If the processing is automated or if the processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml or csv format.
g) Right to object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data necessary for the purposes of the legitimate interests pursued by the Controller or a third party, including profiling based on the aforementioned provisions. In the event of an objection, the Controller may no longer process the personal data, except on compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
h) Right of withdrawal:
You have the right to withdraw your consent at any time.
i) Right to apply to the courts:
If your rights are infringed, you can take the Data Controller to court.
j) Data protection authority procedure:
You can lodge a complaint with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Head office: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, PO Box 9.
Phone +36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400
7) Other provisions
We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may contact the Data Controller to provide information, to disclose or transfer data, or to provide documents.
The Data Controller shall disclose to public authorities, where the public authority has indicated the precise purpose and scope of the data, only such personal data as are strictly necessary for the purpose of the request and to the extent strictly necessary for the purpose of the request.
This document contains all relevant information on data management in connection with the operation of the webshop in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter referred to as the GDPR) and the Act of 2011 CXII of the Hungarian Parliament and of the Council of 2011 (hereinafter referred to as the Infotv.).
Last modified: 31 July 2023.