Minden termék
SHOP
Minden termék
Information on the processing of personal data
The purpose of this information sheet is to set out the data protection and processing principles applied by Khoani Bőrdíszműgyártó és Kereskedelmi Kft.: and the company’s data protection and processing policy, which the company, as a data controller, recognizes as binding on itself.
When creating the provisions of the information sheet, the company took into special consideration the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; “GDPR”) and Act CXII of 2011 on Informational Self-determination and Freedom of Information (“Info Act”), as well as Act 2008. of XLVIII ont he basic conditions of commercial advertising and its certain limitations (”Comm. Adv. Act”).
The scope of this current Information on the processing of personal is the data processing with regard to the website available at www.khoani.hu (hereinafter is referred to as ”Website”).
Unless otherwise stated, the scope of the Information data sheet does not cover the services and data processing related to the promotions, sweepstakes, services, other campaigns of third parties advertising on the Websites or otherwise appearing on them, or the content published by them. Unless otherwise stated, the scope of the Information sheet does not cover the services and data processing of websites, service providers to which the link on the Websites leads. The scope of the Information does not cover the data processing of the persons (organizations, companies) whose information, newsletter or advertising letter the User has learned about through the Website.
Data processing any operation or set of operations on Personal Data, regardless of the procedure used, in particular the collection, recording, systematisation, segmentation, storage, transformation, alteration, use, querying, viewing, use, communication, transmission, dissemination or otherwise making available, disclosing, coordinating or linking (including profiling), restricting, deleting and destroying.
Data Controller: the person defined under section 3, who determines the purposes and means of Data processing, individually or together with others.
Personal data or data: any data or information whereby a natural person User becomes identifiable, directly or indirectly.
Data processor: the service provider who handles personal data on behalf of the Data Controller.
User: the natural person who registers as a Customer on the Website and provides the data listed in sections 8 and 9 below.
External Service Provider: third party service partners used by the Data Controller or the Website Operator in connection with the provision of certain services, either directly or indirectly, to whom Personal Data is or may be transferred in order to provide their services, or those who may transfer Personal Data to the Data Controller. External service providers also include those service providers that do not cooperate with the Data Controller or the service operators, but by accessing the Website, they collect data about the Users, whereby the User may be identified, either independently or in combination with other data. Furthermore, when providing the web hosting service, the Data Controller also considers the User to be an External Service Provider in terms of the data processing activities performed on the storage space used by him.
Information sheet: this information sheet on data processing by the Data Controller.
Name: Blázek és Anni Kft.
Headquarters: 83. Vadász u. 7627 Pécs, Hungary
Phone: +36 72/243-722
E-mail: info@blazekandanni.hu
Data protection officer: János Kamu
Position of the data protection officer: Managing director
The Data Controller is a company registered in Hungary.
The Data Controller operates the Website, which was created for the purpose of purchasing Blázek & Anni products online.
4.1. The Data Controller acts in accordance with the requirements of good faith, fairness and transparency, cooperating with the Users during the data processing. The Data Controller only processes the data specified by law or provided by the Users, for the purposes specified below. The scope of the Personal Data processed is proportionate to the purpose of the data processing and may not extend beyond it..
4.2. In all cases where the Data Controller intends to use the Personal Data for a purpose other than the purpose of the original data collection, it shall inform the User thereof and obtain its prior explicit consent, or provide him or her with an opportunity to prohibit the use.
4.3. The Data Controller does not check the Personal Data provided to him. The person who provided it is solely responsible for the adequacy of the Personal Data provided.
4.4. The relevant Personal Data of a person under the age of 16 may only be processed with the consent of an adult exercising parental supervision over him or her. The Data Controller is not in a position to check the consent of the consenting person or the content of his/her statement, so the User or the person exercising parental supervision over him/her guarantees that the consent complies with the relevant law. In the absence of a consent statement, the Data Controller will not collect Personal Data relating to a data subject who has not reached the age of 16.
4.5. The Data Controller will not transfer the Personal Data managed by it to third parties other than the Data Processors specified in this Information sheet and certain external service providers referred to in this Prospectus.
An exception to the provision contained in this section is the use of data in a statistically aggregated form, which may not contain other data suitable for the identification of the relevant User in any form, thus it does not qualify as Data Processing or data transmission.
In certain cases, the Data Controller – due to an official court or police request, legal proceedings due to copyright, property or other infringements or their reasonable suspicion of harming the Data Controller’s interests, endangering the provision of the service, etc. – make the available Personal Data of the User concerned available to third parties.
After 25 May 2018, the Data Processors of the Data Controller listed in this Data Processing Information sheet and the External Service Providers shall record, manage and process the Personal Data transmitted to them by the Data Controller and processed or processed by them in accordance with the provisions of the GDPR. processed and make a statement in this regard to the Data Controller.
4.6. The Data Controller shall notify the User concerned and all persons to whom the Personal Data has previously been transmitted for the purpose of Data Processing about the correction or restriction of the Personal Data. The notification may be omitted if it does not infringe the legitimate interests of the User in view of the purpose of the Data Processing.
4.7. In view of the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer, as the Data Controller is not a public authority or a body performing a public task; the Data Controller’s activities do not include such actions whereby it becomes necessary to regularly and systematically monitor the Users, besides the Data Controller does not process special data and personal data regarding the establishment of decisions on criminal liability and criminal offenses.
4.8. The Data Controller processes personal data in accordance with the applicable legislation. In particular, the legislation governing data processing:
5.1. Taking into account the nature of the Data Controller’s activity, the legal grounds of data processing is the User’s voluntary, explicit consent based on appropriate information (Section 5 (1) (a) of the Information Act), and in case of profiling, the information of the User in accordance with Article 6 (1) (f) of GDPR. Users voluntarily contact the Data Controller, register voluntarily, and use the Data Controller’s service voluntarily. In the absence of the consent by the Users, the data controller will only process data if it is explicitly authorized to do so by law.
5.2. The User has the right to withdraw his consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based data processing prior to withdrawal.
5.3. When accessing the individual websites by the User, the Data Controller may record the User’s IP address in the context of the provision of the service, for the purpose of the legitimate interest of the Data Controller and for the lawful provision of the service (e.g. to filter out illegal use or illegal content) without a separate consent by the User.
5.4. Data transmission to the Data Processors specified in this Information sheet may be performed without the separate consent of the User. The release of personal data to a third party or authorities, unless otherwise provided by law, is only possible based on the basis a final decision by the authorities or with the explicit preliminary consent by the User.
5.5. When providing their e-mail addresses, and the data provided during registration (eg user name, ID, password, etc.), Users are also responsible for ensuring that from the e-mail address provided by them and by using the data provided by them, it is only they alone, who will use the service. In view of this responsibility, all liability in connection with access to a given e-mail address and/or data shall be borne solely by the User who registered the e-mail address and provided the data.
5.6. The legal grounds for data processing is in some cases is a provision of law. The main legal acts that also require data processing are the legislation specified in point described in Section 4.8. Data Controller processes the data contained in the receipts and invoices issued by the Data Controller in accordance with the provisions of the Accounting Act.
5.7. The legal grounds for the data processing may be a substantial legitimate interest of the Data Controller, in which case the Data Controller has performed and may continue to perform a Legitimate interest opinion test in accordance with the relevant provisions of the GDPR which confirms that the data processing concerned is needed for the enforcement of the legitimate interests of the Data Controller, and such rights and freedoms of the data subject which require the protection of personal data do not have priority over these interests. Upon request, the Data Controller shall provide information to the data subject in accordance with the provisions of this paragraph, as set out in this Information Sheet.
The Data Controller processes personal data only for a specific purpose, in order to exercise a right and fulfil an obligation. It corresponds to the purpose of data processing at all stages of data processing. Data is recorded and processed fairly and lawfully. The Data Controller strives to process only personal data that is essential for the realization of the purpose of the data processing and is suitable for achieving the purpose. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.
The purpose of data processing is primarily to operate the Website and to provide the services of the Data Controller.
Based on the above, the purposes of data processing are:
The Data Controller only processes the personal data provided by the Users, it does not collect data from other sources.
The data is provided during the User’s registration. The User provides his/her name, e-mail address and password during registration.
The Data Controller handles only the personal data provided by the Users. The data processed are as follows:
surname, first name, e-mail address, telephone number, delivery address (city, postcode, street, house number, floor, door)
In addition to the above, the Data Controller manages the technical data, including the IP address, as described in section 12. below.
The source of the data is the User, who provides the data during the registration or later, entering the Website. The information on the registration form is mandatory, unless explicitly stated otherwise.
The User provides the data independently, the Data Controller does not provide any mandatory guidelines in this regard, and does not set any content requirements. The User explicitly consents to the processing of the data provided by him. The User is entitled to provide other data in his profile in addition to the data requested by the Data Controller, the legal grounds for the processing of the data in this case is also the voluntary consent of the User.
By registering as a Customer on the Website, the User consents to the (personal) data provided during the registration and the purchase can be used stored and processed by Blázek és Anni Kft. and the contracted business partners of Blázek és Anni Kft. (e.g. delivery service provider) in order to fulfil the order, for the purpose of market research, direct market acquisition and/or sending advertisements in accordance with the legal provisions in force at any time.
If the User agrees, the Data Controller will contact the User at the contact details provided and send him/her an advertisement by the direct inquiry method. Advertising may be sent by post, telephone (including SMS) or e-mail. The condition of the advertisement is in all cases the consent of the User. The User may withdraw his consent at any time without having to give reasons.
The Data Processing System automatically records the IP address of the user’s computer, the start time of the visit and, in some cases, the type of browser and operating system, depending on the computer’s settings. The data thus recorded may not be combined with other personal data. The processing of the data is for statistical purposes only. Users acknowledge that macros/cookies (“cookies”) operate on the website operated by Blázek és Anni Kft., Including, but not limited to, browser cookies, tracking cookies and computer cookies.
Cookies allow the Website to recognize former visitors. Cookies help the Data Controller, as the operator of the Website, to optimize the Website in order to customise the services of the Website to the habits of the users. Cookies are also suitable for
If the Data Controller displays various content on the Website using external web services, it may result in the storage of some cookies that are not controlled by the Data Controller, so it has no influence on what data these websites or external domains collect. These cookies are described in the regulations for the service concerned.
The Data Controller uses cookies to display advertisements to Users via Google and Facebook. Data processing takes place without human intervention.
The user can set their web browser to accept all cookies, reject them all, or notify the user when a cookie arrives on their machine. The setting options are usually found in the “Options” or “Settings” menu of the browser. By disabling the use of cookies, the User acknowledges that without a cookie the operation of the Website is not complete.
Detailed information at www.aboutcookies.org will also help with settings in different browser sin English.
The Data Controller transfers personal data to a third party only if the User has explicitly consented to it – being aware of the scope of the transferred data and the recipient of the data transfer, or if the data transfer is authorized by law.
The Data Controller is entitled and obliged to transfer all Personal Data in its possession and duly stored by it to the competent authorities, in case it is obliged to transfer Personal Data by law or a final official obligation. The Data Controller cannot be held liable for such Data Transfer and the consequences thereof.
Data Controller documents the data transfers in all cases and keeps a record of the data transfers.
Data Controller is entitled to use a data processor to perform its activities. The data processors do not make an independent decision, they are only contracted by the Data Controller and are entitled to act according to the instructions received. The Data Controller monitors the work of the data processors. Data processors are entitled to use additional data processors only with the consent of the Data Controller.
Data Controller shall indicate the data processors used in this Information Sheet.
Data processors used by the Data Controller:
Package delivery: DPD Hungária Kft., Budapest, Késmárk utca 14/b, 1158
Server operation: DotRoll Kft, Budapest, Fogarasi út 3-5, 1148
Online credit card payments are made through the Barion system. Credit card details will not be sent to the merchant. The service provider Barion Payment Zrt. is an institution under the supervision of the National Bank of Hungary (Magyar Nemzeti Bank); its license number: H-EN-I-1064/2013.
During the operation of the Website, the Data Controller uses External Service Providers, with which the Data Controller cooperates.
With regard to Personal Data processed in the systems of External Service Providers, the External Service Providers’ own data protection regulations apply. The Data Controller shall make every effort to ensure that the External Service Provider should process the Personal Data transmitted to it in accordance with the law and uses them only for the purpose specified by the User or set out below in this Information sheet.
The Data Controller informs the Users about the data transfer to the External Service Providers by means of this Information Sheet.
The Data Controller ensures the security of the data, takes the technical and organizational measures and establishes the procedural rules necessary to enforce the applicable legislation, data and confidentiality rules. The Data Controller shall protect the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, as well as becoming inaccessible due to changes in the technology used..
The Data Controller shall keep records of the data processed by him / her in accordance with the applicable legislation, ensuring that the data can be accessed only by those employees and other persons acting in the Data Controller’s interests (data processors) who need it in order to perform their duties. The data can only be accessed within the employee’s organization with logging. The employees of the data controller perform individual searches and individual operations on the data only at the request of the User or in case it is necessary for the provision of the service.
The Data Controller shall take into account the current state of the art when defining and applying data security measures. When choosing the data processing solutions from several options, Data Controller will choose the one that provide a higher level of protection of personal data, unless this would involve a disproportionate difficulty.
Within the scope of its tasks related to IT protection, the Data Controller shall ensure in particular:
Employees and other persons acting on behalf of the Data Controller are obliged to securely store and protect the data carriers they use or in their possession, including personal data, regardless of the way the data is recorded, against unauthorized access, alteration, transmission, disclosure, deletion or destruction and accidental destruction and damage.
The Data Controller operates the electronic register through an IT program that meets the requirements of data security. The program ensures that only those people can have access to the data who need it in order to perform their duties, and only in a targeted manner and under controlled conditions.
The Data Controller deletes the personal data if
In case it turns out that the data is being processed illegally, the Data Controller shall carry out the deletion immediately.
Users may request the deletion of data processed on the basis of the User’s voluntary consent. In this case, the Data Controller deletes the data. Deletion can only be refused if the processing of the data is authorized by law. The Data Controller shall always provide information on the refusal of the request for cancellation and on the legislation enabling data processing.
Deletion may be refused (i) for the purpose of exercising the right to freedom of expression and information, or (ii) if the processing of Personal Data is authorized by law; and (iii) to file, assert or defend legal claims.
In all cases, the Data Controller shall inform the User of the refusal of the cancellation request, indicating the reason for the refusal of the cancellation. Once the request to delete personal data has been fulfilled, the previous (deleted) data can no longer be recovered.
Newsletters sent by the Data Controller can be unsubscribed via the unsubscribe link in them. In case of unsubscription, the data controller deletes the User’s Personal Data in the newsletter database.
As the Data Controller provides a continuous service to the User, the relationship between the parties is not limited in time. Based on all this – in the absence of the User’s request – the Data Controller processes the data as long as there is a connection between the Data Controller and the User and as long as the Data Controller can provide a service to the User.
All other data will be deleted by the Data Controller if it is obvious that the data will not be used in the future, i.e. the purpose of data processing has ceased.
If a court or the National Data Protection and Freedom of Information has finally ordered the deletion of the data, the deletion shall be carried out by the Data Controller.
Instead of deleting, the Data Controller – in addition to informing the User – blocks the personal data if the User so requests or if, based on the information available to him, it can be assumed that the deletion would harm the legitimate interests of the User. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists. The Data Controller shall mark the personal data managed by him / her if the User disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
In the case of data processing ordered by law, the deletion of data is governed by the provisions of law concerned.
In case of deletion, the Data Controller will make the data unfit for personal identification. If required by law, the Data Controller shall destroy the data carrier containing personal data.
17.1. The Data Controller informs the User about the data processing at the same time as the contact. In addition, the User has the right to request information on data processing at any time.
At the request of the User, the Data Controller provides information on the data processed by the User or processed by the Data Processor, the source, the purpose, legal grounds, duration, name, address and activities related to the data processing, the circumstances of the data protection incident. , its effects and the measures taken to eliminate it, as well as – in the case of the transfer of the User’s personal data – the legal basis and the recipient of the transfer. The Data Controller is obliged to provide the information in writing in a comprehensible form at the shortest time from the submission of the request, but no later than within 25 days, at the request of the User. The information is free of charge if the person requesting the information has not yet submitted a request for information on the same data set in the current year. In other cases, reimbursement may be established. Reimbursement of costs already paid shall be repaid if the data have been processed unlawfully or if a request for information has led to a correction.
17.2. Users may request that the Data Controller correct their incorrect personal data. In the event that regular data is provided based on the data to be corrected, the Data Controller shall, if necessary, inform the recipient of the data supply of the correction or draw the User’s attention to the fact that the correction must be initiated by another data controller.
17.3. Users may request the deletion of their personal data, except for the data processing prescribed by law. The Data Controller informs the User about the deletion.
17.4. Users may object to the processing of their data as specified in the Information Law.
17.5. Users may submit his / her request for information, correction or deletion in writing, in a letter addressed to the Data Controller’s headquarters or premises, or in an e-mail sent to the Data Controller at info@blazekandanni.hu.
17.6. Users may request the processing of their Personal Data to be restricted by the Data Controller if the User concerned disputes the accuracy of the processed Personal Data. In this case, the restriction applies to the period of time that allows the Data Controller to check the accuracy of the Personal Data. The Data Controller shall mark the Personal Data managed by it if the User concerned disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed Personal Data cannot be clearly established.
Users may request the processing of their Personal Data to be restricted by the Data Controller even if the Data processing is illegal, but the User concerned objects to the deletion of the processed Personal Data and instead requests a restriction on their use.
Besides, Users may also request that the processing of their Personal Data be restricted by the Data Controller if the purpose of the Data Processing has been achieved, but the User requests their processing by the Data Controller in order to submit, enforce or protect certain legal claims.
17.7. Any user may request the Data Controller to hand over the Personal Data provided by the User concerned and managed by the User in an automated manner to him/her in a fragmented, widely used, machine-readable format and/or forward it to another data controller.
17.8. If the Data Controller does not comply with the User’s request for rectification, blocking or deletion, he / she shall notify the reasons for the rejection of the request for rectification, blocking or deletion in writing within 25 days of receipt of the request. If the request for rectification, erasure or blocking is rejected, the data controller shall inform the User of the possibility of legal remedy and recourse to the National Data Protection and Freedom of Information Authority.
17.9. Users may make the above statements related to the exercise of their rights at the contact details of the data controller specified in section 2. above.
17.10. Users may file a complaint directly with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www. naih.hu) is. In case of violation of their rights, based on the provisions of section 22. § (1)of the Info Act, Users are entitled to take their complaint to court. The trial falls within the jurisdiction of the tribunal. The lawsuit, at the User’s choice, may also be initiated at the court of the User’s place of residence or stay. Upon request, the Data Controller shall inform the User in detail about the possibility and means of legal remedy.
18.1. Data Controller reserves the right to amend this Information Sheet at any time by unilateral decision. In case of amendment of this Information Sheet, the Data Controller is entitled (but not obliged) to inform the Users about the amendment by sending a system message. Based on the information contained in the notification, Users are entitled to exercise their rights related to data processing in the manner described in this Information Sheet and the legislation in force at any time.
18.2. By the next login, the User accepts the provisions of the Prospectus in force at any time, in addition, it is not necessary to seek the consent of each User
Privacy Statement
The data you provide will be stored by Blázek és Anni Kft. Solely for the purpose of fulfilling the order, later proving the order conditions, or sending a newsletter. We will not pass on your data to third parties unless it acts as our subcontractor in order to perform the contract, e.g. delivery service, who is not entitled to use, store or pass on the data received from Blázek és Anni Kft. to third parties in any form. When processing your data, we act in accordance with Act LXIII of 1992 on the Protection of Personal Data and the Disclosure of Data of Public Interest.
Copyrights
We declare that Blázek és Anni Kft. Owns the information on our pages. The content and design of the pages of www.blazekandanni.hu are protected by international and Hungarian laws. It is also forbidden to sell, change or republish any information or articles taken from us. We reserve all further rights in the published material and, if necessary, even enforce it in court.
Anyone who registers in our webshop considers our privacy statement to be accepted and agrees to it.