Privacy notice<\/p>\n
I. Introduction<\/p>\n
II. Principles for the processing of personal data<\/p>\n
III. Concepts<\/p>\n
IV. Data of Troy City Kft. as Data Controller and Data Processor<\/p>\n
V. Process of processing personal data:<\/p>\n
VI. Activities of the Data Controller under the GTC<\/p>\n
VII. Purpose of the processing<\/p>\n
VIII Information about the cookies used on the Company’s website and the data generated during the visit. Data processed during the visit<\/p>\n
IX. Cookies used on the website<\/p>\n
X. Legal basis for processing<\/p>\n
XI. Scope of the data processed<\/p>\n
XII. Transmission of data<\/p>\n
XIII. Data processor<\/p>\n
XIV Data security<\/p>\n
XV. Rights of Users<\/p>\n
XVI. Users’ rights in detail:<\/p>\n
Transparent information, communication and facilitation of the exercise of the User’s rights
\nRight to prior information – if personal data are collected from the User
\nUser’s right of access
\nRight to rectification
\nRight to erasure (“right to be forgotten”)
\nRight to restriction of processing
\nright to data portability
\nRight to object
\nRight to be informed of a personal data breach
\nRight to lodge a complaint with a supervisory authority (right to official redress)
\nRight to an effective judicial remedy against a controller or processor<\/p>\n
Introduction
\nThis notice ensures that, in accordance with the EU General Data Protection Regulation 2016\/679 (GDPR), natural persons using the services of Troy City Ltd. are informed before using any of the services of Troy City Ltd. about what personal data is processed, how their personal data is processed, what mandatory data protection rules apply to their legal relationship, what data management practices the service provider follows, what rights they have to protect their rights and interests, for what purposes their data may be transferred and where.<\/p>\n
Troy City Ltd. provides commercial services primarily to individuals and businesses (and other legal entities that issue invoices); in the course of these services, the processing of data of individuals and businesses is unavoidable. Much of the data processed by Troy City Ltd. is also held in public databases.<\/p>\n
The Regulation requires the consent of the User for the processing of data of natural persons before sending newsletters and before using certain cookies, otherwise processing without consent is lawful. The User may withdraw his\/her consent at any time, with the consequence that he\/she will not receive newsletters or will not be able to use certain services of the Website.<\/p>\n
Troy City Ltd. acts as a data controller in its contractual relationship with the customers registered on the website, i.e. it determines the purposes and means of processing personal data in the context of its activities and services, but in part of its services it acts as a data processor
\nin the provision of commercial services.<\/p>\n
Troy City Ltd. is committed to protecting the personal data of its customers and partners, attaches the utmost importance to respecting the right of informational self-determination of its customers, treats personal data confidentially and takes all security, technical and organizational measures to ensure the security of the data.<\/p>\n
Troy City Ltd. has taken into account the recommendations of the EU 29th Working Party on Data Protection, the NAIH Recommendation of 29 September 2015 on the preliminary privacy notice and incorporated best practices available on the market. The data contained in the database of the Data Controller and (Data Processor) must be accurate and up-to-date in order to perform the tasks, provide the services and fulfil the contractual obligations undertaken, therefore the Data Controller calls upon the Data Subjects to notify the Data Controller (Data Processor) of any changes to the data within 3 days at the e-mail address info@troycity.net <\/a> indicated for contact purposes, because it is in the interest of both the Data Controller and the User that inaccurate personal data are deleted or corrected without delay (principle of accuracy).<\/p>\n Principles of personal data processing In accordance with the Regulation, the Data Controller shall describe the purposes for which the data are processed (purpose limitation principle), the scope of the data collected shall be adequate and necessary for the purposes for which the data are processed (data minimisation principle). The data in the database of the Data Controller shall be accurate and up-to-date for the performance of the tasks, the provision of the services, the fulfilment of the contractual obligations undertaken, and it is in the interest of the Data Controller and the User that inaccurate personal data are promptly deleted or corrected (accuracy principle).<\/p>\n The Data Controller shall store the data in a form which permits identification of the User only for the time necessary to achieve the purposes for which the personal data are processed. Adequate technical or organisational measures shall be taken to ensure adequate security of personal data and effective protection against unauthorised or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality).<\/p>\n The Data Controller has the obligation to prove to the authorities, courts and Users that it is acting in compliance with the Regulation (accountability principle).<\/p>\n Definitions “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.<\/p>\n “Data subject”: the natural person in respect of whom the controller processes personal data.<\/p>\n “the data subject’s consent” means a freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her.<\/p>\n “data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.<\/p>\n “Special Data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data and biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons.<\/p>\n The data of Troy City Kft. as Data Controller and Data Processor are as follows: Registered office: 1195 Budapest J\u00f3zsef Attila utca 81. 1\/3 Hungary<\/p>\n Representative name: Sinan Pravadalioglu<\/p>\n Company registration number: 01-09-437921<\/p>\n Court of registration: the Company Court of the Budapest District Court as the Company Court<\/p>\n Tax number: 14266210-2-43<\/p>\n E-mail: info@troycity.net<\/a><\/u><\/p>\n The Data Controller operates a website (hereinafter: Website) on the website www.troycity.net for the purpose of ordering commercial services, in the course of which it processes the personal data of visitors to the Website and of those who register on the Website. Personal data are the data of natural person users (hereinafter referred to as “Users”).<\/p>\n By clicking on the link https:\/\/troycity.net\/hu\/adatvedelmi_nyilatkozat<\/a> on the Website, the User can access the Privacy Policy, in which the Data Controller has summarized its data management principles and practices.<\/p>\n By ticking the ? box when registering, the User consents to the processing of his\/her personal data in order to receive notifications (newsletters) about the webshop, the development of services, the launch of new products, the provision of convenience services, Definition of processing of personal data For the purposes of the activities of Troy City Ltd., a “User” is a natural person who registers on the website in order to use the service, to obtain information about the services, who uses one of the services of Troy City Ltd. as defined in the General Terms and Conditions (contractual customer), who requests a newsletter or who is employed by the Data Controller. The rules and information relating to employees as data subjects are summarised in a separate document, including information relating to persons who submit job applications and CVs.<\/p>\n The Data Controller’s activity according to the GTC On the basis of the services provided as follows:<\/p>\n placing an order, A further service is the parcel delivery service, in the framework of which Troy City Ltd. forwards the User’s data required for delivery to the delivery company.<\/p>\n Registration<\/p>\n By clicking on the registration link, the User provides the necessary data, the purpose of data processing is to learn about the terms and conditions of the services provided during registration, ordering the commercial service, and using the service. Registration is subject to reading and accepting the GTC and the Privacy Policy.<\/p>\n By clicking on the “Registration” link, the User declares that he\/she has read the GTC and the Privacy Policy, understands their contents, accepts them as valid and expressly consents to the processing of his\/her data.<\/p>\n to send the newsletter, After the registration is finalized, the Service Provider will send a confirmation to the e-mail address provided by the User, informing the User about the registration details.<\/p>\n If the User requests to receive the Newsletter after registration, the processing of personal data required for this purpose is also included.<\/p>\n The User shall have the right to request the deletion of his\/her personal data for which his\/her consent was necessary, in which case.<\/p>\n will not receive future newsletters and Cookies are used on the Website for various purposes:<\/p>\n Technical cookies are used to ensure the proper functioning of the website in order to facilitate the use of services by users; During the use of the website, the Service Provider’s website may record and process the following data about the visitor and the device used for browsing:<\/p>\n the IP address used by the visitor, The purpose of the processing: to ensure the proper functioning of the website. These cookies are necessary to enable visitors to browse the website, to use its functions smoothly and fully, to use the services available through the website, including, in particular, to note the actions carried out by the visitor on the pages concerned or to identify the logged-in user during a visit. The duration of the processing of these cookies is limited to the current visit of the visitor, and this type of cookie is automatically deleted from his\/her computer at the end of the session or when the browser is closed.<\/p>\n The legal basis for this data processing is Article 13\/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.), according to which the service provider may process personal data that are technically necessary for the provision of the service. The service provider must, other things being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only if absolutely necessary for the provision of the service and for the fulfilment of the other purposes specified in this Act, but in this case only to the extent and for the duration necessary.<\/p>\n During the use of the Website, the Service Provider automatically records the User’s IP address, the type of operating system and browser program used and other information for technical reasons. The system continuously logs this data, but does not link it to the data provided during registration or use. Users do not have access to the data obtained in this way, only the Service Provider.<\/p>\n The Service Provider may record the data of the Internet pages from which the User accessed the Website and those visited on the Website, as well as the time and duration of the visit. The User’s identity and profile cannot be inferred from these data.<\/p>\n Cookies to facilitate use:<\/p>\n These remember the user’s choices, such as what form the user wants the page to take. These types of cookies are essentially the preferences data stored in the cookie.<\/p>\n The legal basis for processing is the consent of the User.<\/p>\n Purpose of data processing: to increase the efficiency of the service, to improve the user experience, to make the use of the website more convenient.<\/p>\n This data is on the user’s computer, the website just accesses it and recognises the visitor.<\/p>\n Performance cookies:<\/p>\n They collect information about the User’s behaviour, time spent on the website visited, clicks. These are typically third party applications (e.g. Google Analytics, AdWords).<\/p>\n Legal basis for processing: consent of the data subject.<\/p>\n Purpose of data processing: analysis of the website, sending promotional offers.<\/p>\n The Service Provider uses the above information solely for the technical operation of the Website and for statistical purposes.<\/p>\n The Service Provider only stores the User’s password hash, not the password itself.<\/p>\n Legal basis for data processing for registered Users who do not use the service, To fulfil a legal obligation within the scope of the following legislation:<\/p>\n It applies to data processing by the Service Provider as Data Processor:<\/p>\n Decree No 45\/2014 (II.26) on distance contracts pursuant to Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Ektv.)), Processing based on the legitimate interest of the Service Provider<\/p>\n The Service Provider has a legitimate interest vis-\u00e0-vis the user to enforce any claim arising from the contract. The limitation period after the termination of the contract is 5 years after the expiry of the general limitation period of the Civil Code. The Data Controller shall keep the data necessary for the enforcement of the claim arising from the contract as a legitimate interest until the end of the statutory limitation period under the Civil Code following the termination of the contract, until the possible enforcement of the claim. (Exceptions to this rule: unless the interests or fundamental rights and freedoms of the data subject override these interests and require the protection of personal data, in particular where the data subject is a child)<\/p>\n Scope of data processed Registration<\/p>\n During registration, the User is required to provide the following personal data:<\/p>\n user email address Troy City Ltd. uses the following data provided by the User:<\/p>\n Contact email address During registration, the User may also provide additional data on an optional basis, if it is necessary for the performance and facilitation of the service provided by the Service Provider.<\/p>\n The Service Provider will not send any e-mails to the e-mail addresses provided by the Users during registration, except for the informative e-mails related to the services used by the User in order to prepare the contract. Such non-promotional messages may include, for example:<\/p>\n registration, order confirmation email, information closely related to the use of The data may be accessed, processed and used primarily by the Service Provider or persons having an employment relationship with the Service Provider. The personal data are treated confidentially, employees are bound by confidentiality rules, the data are not published and are not transmitted to third parties. The tasks, access rights and obligations of the persons involved in data management are regulated by the Service Provider in its internal rules. Employees shall be liable under labour law for compliance with these rules. In addition to the above, the transfer of personal data concerning the User may only take place in cases provided for by law or with the express consent of the User.<\/p>\n Data transmission transmits data to a postal service provider for the printing, enveloping and postal delivery of the invoice to GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. In the case of data processing based on voluntary consent, the data processing lasts until the voluntary consent is withdrawn. The processing carried out by the processor is governed by a contract which defines the subject matter, duration, nature and purposes of the processing, the type of personal data, the categories of data subjects, the confidentiality obligation and the obligations and rights of the controller, and which binds the processor to the controller.<\/p>\n The identity and details of the Data Processor used by the service provider:<\/p>\n Postal service provider: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.<\/p>\n Hosting providers:<\/p>\n Webonic Kft. (registered office: 8000 Sz\u00e9kesfeh\u00e9rv\u00e1r, Budai \u00fat 14.; company registration number: 07 09 025725; tax number: 25138205-2-07) The Service Provider will take all necessary steps to ensure the security of the personal data provided by the Users, both during network communication and during the storage and safekeeping of the data.<\/p>\n Access to personal data is strictly limited to prevent unauthorised access, unauthorised alteration or unauthorised use of personal data.<\/p>\n Users’ rights The Data Controller shall inform the User of the measures taken in response to his\/her request to exercise his\/her rights without undue delay, but no later than one month from the receipt of the request. This time limit may be extended by a further two months under the conditions laid down in the Regulation, of which the User shall be informed.<\/p>\n If the Data Controller fails to take action on the User’s request, the Data Controller shall inform the User without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action and of the User’s right to lodge a complaint with the NAIH and to exercise his\/her right to judicial remedy.<\/p>\n The data controller shall provide the information and the information and action on the rights of the data subject free of charge, but may charge a fee in the cases provided for in the Regulation. The Controller shall inform any recipient of any rectification, erasure or restriction of processing to whom or with which the personal data have been disclosed, unless this proves impossible or would involve a disproportionate effort.<\/p>\n The rights of Users are listed as follows:<\/p>\n Transparent information, communication and facilitation of the exercise of the User’s rights Transparent information, communication and facilitation of the exercise of the User’s rights The Data Controller undertakes to provide, at the User’s request, all information and any particulars relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language (in particular in the case of any information addressed to children). The information shall be provided in writing or by other means, including, where appropriate, by electronic means. At the request of the data subject, oral information may be provided, provided that the identity of the User has been verified by other means.<\/p>\n The detailed rules can be found under Article 12 of the Regulation.<\/p>\n Right to prior information In this context, the Data Controller informs the User by compiling this information notice.<\/p>\n a) the identity and contact details of the controller and its representative,<\/p>\n b) the contact details of the Data Protection Officer (if any),<\/p>\n (c) the purposes for which the personal data are intended to be processed and the legal basis for the processing,<\/p>\n (d) in the case of processing based on legitimate interests, the legitimate interests of the controller or a third party,<\/p>\n (e) the recipients to whom the personal data are disclosed and the categories of recipients, if any;<\/p>\n (f) where applicable, the fact that the controller intends to transfer the personal data to a third country or an international organisation.<\/p>\n The User may request from the Data Controller access to, rectification, erasure or restriction of processing of personal data concerning him\/her and may object to the processing of such personal data, as well as to the exercise of the User’s right to data portability In the case of processing based on the User’s consent, the User may withdraw consent at any time without giving reasons, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to the withdrawal.<\/p>\n By providing this notice, the controller provides information on whether the provision of personal data for the purposes of its processing is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether the data subject is obliged to provide the personal data, and the possible consequences of not providing the data.<\/p>\n The Data Controller does not use automated decision-making or profiling. If the Controller intends to further process personal data for a purpose other than the purpose for which it was collected, it shall inform the User of this other purpose and any relevant additional information prior to further processing.<\/p>\n The detailed rules on the right to prior information are set out in Article 13 of the Regulation.<\/p>\n The Data Controller only processes data that the User has provided to it.<\/p>\n User’s right of access The Data Controller shall provide the User with a copy of the personal data subject to processing upon request. For additional copies requested by the User, the Controller may charge Detailed rules on the User’s right of access are set out in Article 15 of the Regulation.<\/p>\n Right to rectification These rules are set out in Article 16 of the Regulation.<\/p>\n The right to erasure (“right to be forgotten”) (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;<\/p>\n b) the User withdraws his or her consent on the basis of which the processing is based and there is no other legal basis for the processing;<\/p>\n c) the User objects to the processing and there are no overriding legitimate grounds for the processing,<\/p>\n d) the personal data have been unlawfully processed;<\/p>\n (e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;<\/p>\n f) the personal data were collected in connection with the provision of information society services directly to a child.<\/p>\n The right to erasure cannot be exercised in the case of the exceptions provided for in Article 17 of the Regulation. The right to be forgotten means that the erasure of personal data disclosed or transmitted to other recipients by a controller must be ensured by communicating the erasure obligation to all other controllers to whom the personal data have been disclosed by the controller.<\/p>\n Right to restriction of processing The User has the right to request the Controller to restrict the processing of his\/her data if one of the following conditions is met:<\/p>\n a) the User contests the accuracy of the personal data, in which case the limitation shall apply for the period of time that allows the Controller to verify the accuracy of the personal data;<\/p>\n b) the processing is unlawful and the User opposes the deletion of the data and instead requests the restriction of their use;<\/p>\n (c) the Controller no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or defence of legal claims; or<\/p>\n d) the User has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the User.<\/p>\n The User shall be informed in advance of the lifting of the restriction on processing.<\/p>\n The relevant rules are set out in Article 18 of the Regulation.<\/p>\n The right to data portability (a) the processing is based on consent or on a contract; and<\/p>\n (b) the processing is carried out by automated means.<\/p>\n The User may also request the direct transfer of personal data between data controllers. The exercise of the right to data portability shall be without prejudice to the right to erasure (right to be forgotten). The right to data portability shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This right shall not adversely affect the rights and freedoms of others.<\/p>\n The detailed rules are set out in Article 20 of the Regulation.<\/p>\n Right to object The Data Controller does not engage in direct marketing and therefore no processing is carried out on this basis.<\/p>\n The User’s right to object must be explicitly brought to his\/her attention at the latest at the time of the first contact and the information must be clearly displayed separately from any other information. The data subject may exercise the right to object by automated means based on technical specifications.<\/p>\n Informing the User of a personal data breach The detailed rules are set out in Article 34 of the Regulation.<\/p>\n The User may lodge a complaint with the supervisory authority in the event of alleged or actual harm in the context of data processing.<\/p>\n Name: address: contact details: National Authority for Data Protection and Freedom of Information (NAIH), 1125 Budapest, Szil\u00e1gyi Erzs\u00e9bet fasor 22\/C., www.naih.hu,<\/a> E-mail: ugyfelszolgalat@naih.hu<\/a>, Tel:+36 (1) 391-1400, Fax:+36 (1) 391-1410<\/p>\n The NAIH is obliged to inform the customer of the procedural developments and the outcome of the complaint, including the customer’s right to seek judicial remedy.<\/p>\n The right to an effective judicial remedy against the supervisory authority These rules are set out in Article 78 of the Regulation.<\/p>\n Right to an effective judicial remedy against the controller or processor These rules are set out in Article 79 of the Regulation.<\/p>\n","protected":false},"excerpt":{"rendered":" Privacy notice I. Introduction II. Principles for the processing of personal data III. Concepts IV. Data of Troy City Kft. as Data Controller and Data Processor V. Process of processing personal data: VI. Activities of the Data Controller under the GTC VII. Purpose of the processing VIII Information about the cookies used on the Company’s […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"iawp_total_views":0,"footnotes":""},"class_list":["post-45251","page","type-page","status-publish","hentry","post"],"_links":{"self":[{"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/pages\/45251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/comments?post=45251"}],"version-history":[{"count":2,"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/pages\/45251\/revisions"}],"predecessor-version":[{"id":45263,"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/pages\/45251\/revisions\/45263"}],"wp:attachment":[{"href":"https:\/\/troycity.net\/en\/wp-json\/wp\/v2\/media?parent=45251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nIn its data processing activities, the Data Controller aims to act fairly in its processing, to process personal data lawfully and to be transparent to the User. The purpose of this notice is to explain the Data Controller’s data management principles and practices.<\/p>\n
\nThe following terms are used in this preliminary privacy notice:<\/p>\n
\nName: Troy City Szolg\u00e1ltat\u00f3 \u00e9s \u00dcgyn\u00f6ki Korl\u00e1tolt Felel\u0151ss\u00e9g\u0171 T\u00e1rsas\u00e1g (Troy City Kft.)<\/p>\n
\nconsents to the use of cookies requiring consent on the basis of the information available at https:\/\/troycity.net\/hu\/adatvedelmi_nyilatkozat<\/a>.
\nWithout the necessary authorisation, we are not able to send the User a newsletter and he\/she may not use the pages of the website affected by cookies.<\/p>\n
\nAny operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.<\/p>\n
\nTroy City Ltd. provides a commercial service to Users who register on the website www.troycity.net<\/a>, whereby Users can place orders by means of a computer device, or in paper or electronic form, and Users can order and use other related services. The specific services provided by the Data Controller and the conditions of their use are set out in the General Terms and Conditions of the Service Provider (GTC), which the User may use by accepting.<\/p>\n
\ndirectly related services (use of parcel services)
\nPurpose of data processing
\nCommercial services of Troy City Ltd. can be ordered in person or electronically via the website or via e-mail at info@troycity.net<\/a>. Data processing starts with registration on the website or in person. The purpose of the website is to provide a commercial service whereby Users can place their orders.<\/p>\n
\nto use the cookies at www.troycity.net<\/a><\/p>\n
\nwill not be able to visit sites that use cookies that require consent.
\nTroy City Ltd. acts as Data Controller under a contract for the provision of a commercial service.<\/p>\n
\nother cookies are necessary to allow users to browse the website, in particular to remember the actions carried out by the visitor on the site;
\ncookies used for statistical purposes, for which the consent of the User is required.
\nInformation on the use of cookies on the Company’s website and the data generated during the visit
\nThe data processed during the visit<\/p>\n
\nthe browser type,
\nthe operating system characteristics of the browsing device (language set),
\nthe time of the visit,
\nthe (sub)page, function or service visited,
\nclicks.
\nCookies used on the website
\ntechnically necessary session cookies<\/p>\n
\nThe User’s consent provides the legal basis<\/p>\n
\nfor Users who request a newsletter,
\nand for cookies for statistical purposes that require the User’s consent.
\nPerformance of the contract As data controller: processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract.<\/p>\n
\nin the case of issuing own invoices: in accordance with the Act on Accounting (Szmtv.) and
\nNGM Decree No. 23\/2014 (VI. 30.) on the tax administration identification of invoices, simplified invoices and receipts and on the use of cash registers and taximeters for issuing receipts (hereinafter: NGM Decree),
\nin accordance with the mandatory provisions on digital archiving of GKM Decree No. 114\/2007 (XII.29.) on the rules of digital archiving<\/p>\n
\nPlease note that the Data Controller does not process any special data, health data or criminal data.<\/p>\n
\npassword
\nuser name
\ncompany name
\ncompany email address
\ntax number
\nbank account number
\npostal code
\nmunicipality
\nstreet, house number
\nAfter the data is entered, the Service Provider will notify the User by email of the successful registration.<\/p>\n
\nAccount details
\nBank account number
\nClient name
\nName
\nEmail
\nAddress
\nTax number
\nMailing address
\nEU tax number
\nPhone number
\nContact name
\nCustomer email
\nMailing name
\nCountry
\nPostal country
\nFax number
\nContact phone
\nContact email
\nThe data provided in other communications are based on the data subject’s voluntary consent.<\/p>\n
\nservice (e.g. planned maintenance downtime),
\nor electronic invoice.
\nPersons who may access the data<\/p>\n
\nThe Service Provider, as a Data Processor, within the framework of its billing service, shall<\/p>\n
\nIn addition to the above, the transmission of the User’s personal data is only possible in the case of mandatory data transmission as defined by law. In the case of a request, the Service Provider shall provide data on the basis of the request to notaries, bailiffs, courts and other authorities in order to fulfil their legal obligations, with the data content specified in the laws and other legislation.
\nDuration of data processing<\/p>\n
\nThe statute of limitations for the performance of contractual obligations after the termination of the contract is 5 years, the legal basis for the assertion of a legitimate interest after the termination of the contract.
\nThe invoices issued are subject to the provisions of the General Tax Code and the Tax Code.
\nData Processor
\nThe Service Provider provides commercial services on the website interface used by the User, in the context of which the Service Provider is considered a Data Processor for the purposes of data processing and data protection legislation, as it performs data processing on behalf of the User.<\/p>\n
\nShopRenter.hu Kft. (4028 Debrecen, Kassai \u00fat 129., Company registration number: 09-09-020636; tax number: 23174108-2-09)
\nData security
\nThe Data Controller shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons. The data security measures are required by contractual obligations for all developers, suppliers and by the ‘Confidential’ internal documents containing business secrets binding on all employees, in particular the Data Management and Security Policy.<\/p>\n
\nThe Data Controller also facilitates the exercise of Users’ rights by providing the following information.<\/p>\n
\nRight to prior information – if personal data are collected from the User
\nUser’s right of access
\nRight to rectification
\nRight to erasure (“right to be forgotten”)
\nRight to restriction of processing
\nRight to data portability right to data portability
\nRight to object
\nRight to be informed of a personal data breach
\nRight to lodge a complaint with a supervisory authority (right to official redress)
\nRight to an effective judicial remedy against a controller or processor
\nUsers’ rights in detail:<\/p>\n
\nThe User has the right to be informed of the facts and information related to the processing before the processing starts.<\/p>\n
\nThe User has the right to be informed of the facts and information relating to the processing of the data
\nprior to the start of the processing.<\/p>\n
\n;<\/p>\n
\nThe User has the right to receive feedback from the Controller as to whether his\/her personal data are being processed and, if such processing is ongoing, the right to access the personal data and related information described in the previous point (Article 15 of the Regulation). The Controller does not transfer personal data to third countries or international organisations.<\/p>\n
\na reasonable fee based on administrative costs.<\/p>\n
\nAt the User’s request, the Data Controller shall correct inaccurate personal data relating to the User without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.<\/p>\n
\nAt the User’s request, the Controller shall erase personal data relating to the User without undue delay. If:<\/p>\n
\nIn the event of restriction of processing, such personal data, except for storage, may be processed only with the consent of the User or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.<\/p>\n
\nUnder the conditions set out in the Regulation, the User has the right to receive personal data concerning him\/her which he\/she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to whom he\/she has provided the personal data, provided that<\/p>\n
\nThe User has the right to object to the processing of his\/her personal data. In such a case, the controller may no longer process the personal data, unless the controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the User or are related to the establishment, exercise or defence of legal claims.<\/p>\n
\nIf the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller must inform the data subject of the personal data breach without undue delay.<\/p>\n
\nThe complainant has the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning him or her, and all data subjects have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the User within three months of the procedural developments concerning the complaint or of the outcome of the complaint.<\/p>\n
\nAll Users have the right to an effective judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data not in accordance with this Regulation.<\/p>\n