Privacy Policy


Data Controller

Name: Demeter Istvánné

Registered office: 4800, Vásárosnamény, Széchenyi István utca 18.

Mailing address, complaint handling: 4800, Vásárosnamény, Széchenyi István utca 18.

E-mail: dollydekor@gmail.com

Phone number: 06209405198

Website: Contains - a secret, randomly generated sequence of numbers - stored by your device, ensuring your identifiability. The operating duration of individual cookies is described in the main characteristics of each cookie:

Data processed for contract conclusion and performance

Several data processing cases may occur for contract conclusion and performance. Please note that data processing related to complaint handling and warranty administration only takes place if you exercise one of these rights.

If you do not make a purchase through the webshop but only visit it, the provisions regarding data processing for marketing purposes may apply to you if you give us your consent for marketing purposes.

Details of data processing for contract conclusion and performance:

Contact

For example, if you contact us via email, contact form, or phone with a question about a product. Prior contact is not mandatory; you can order from the webshop at any time without it.

 

Data processed
The data you provide during contact.

 

Duration of data processing
We only process the data until the contact is closed.

 

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by contacting us. [Data processing according to Article 6 (1) (a) of the Regulation]

Order processing

During order processing, data processing activities are necessary for the performance of the contract.

 

Data processed
During data processing, the Data Controller processes your name, address, phone number, email address, characteristics of the purchased Goods, order number, and date of purchase.

If you have placed an order in the webshop, data processing and the provision of data are essential for the performance of the contract.

 

Duration of data processing
We process the data for 5 years according to the civil law limitation period.

 

Legal basis for data processing
Performance of the contract. [Data processing according to Article 6 (1) (b) of the Regulation]

Issuing invoices

The data processing is carried out to issue invoices in accordance with legal regulations and to fulfill the obligation to retain accounting documents. According to Section 169 (1)-(2) of the Accounting Act, business associations must retain accounting documents directly and indirectly supporting their accounting records.

 

Data processed
Name, address, email address, phone number.

 

Duration of data processing
Invoices issued must be retained for 8 years from the date of issue, in accordance with Section 169 (2) of the Accounting Act.

 

Legal basis for data processing
According to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, issuing an invoice is mandatory, and according to Section 169 (2) of Act C of 2000 on Accounting, it must be retained for 8 years [Data processing according to Article 6 (1) (c) of the Regulation].

Recipients and data processors of data processing related to goods delivery

Name of recipient: Magyar Posta Zártkörűen Működő Részvénytársaság (Hungarian Post Private Limited Company)

Registered office of recipient: 1138 Budapest, Dunavirág utca 2-6.

Phone number of recipient: +36-1/767-8200

Email address of recipient: ugyfelszolgalat@posta.hu

Website of recipient: posta.hu

 

The courier service participates in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.

 

Handling of warranty and guarantee claims

We must handle warranty and guarantee claims in accordance with the rules of NGM Decree 19/2014. (IV. 29.), which also defines how your claim should be handled.

 

Data processed

When handling warranty and guarantee claims, we must proceed according to the rules of NGM Decree 19/2014. (IV. 29.).

Based on the decree, we are obliged to draw up a record of the warranty or guarantee claim reported to us, which must include:

  • your name, address, and your statement that you consent to the processing of your data recorded in the record as specified in the decree,
  • the name and purchase price of the movable property sold under the contract between you and us,
  • the date of performance of the contract,
  • the date of reporting the defect,
  • a description of the defect,
  • the right you wish to enforce based on your warranty or guarantee claim, and
  • the method of settling the warranty or guarantee claim or the reason for rejecting the claim or the right you wish to enforce based on it.

If we take over the purchased Goods from you, we must issue a receipt, which must include:

  • your name and address,
  • data necessary for identifying the item,
  • the date of receipt of the item, and
  • the date when you can pick up the repaired item.

 

 

Duration of data processing
The business is obliged to retain the record of the consumer's warranty or guarantee claim for three years from the date of its creation and to present it at the request of the inspecting authority.

 

Legal basis for data processing
The legal basis for data processing is compliance with legal obligations under NGM Decree 19/2014. (IV. 29.) [Sections 4 (1) and 6 (1)] [Data processing according to Article 6 (1) (c) of the Regulation].

Handling of other consumer protection complaints

The data processing procedure is carried out for the purpose of handling consumer protection complaints. If you have submitted a complaint to us, then data processing and the provision of data are essential.

 

Data processed
Customer's name, phone number, email address, content of complaint.

 

Duration of data processing
Consumer protection complaints are kept for 3 years based on the Consumer Protection Act.

 

Legal basis for data processing
Whether you submit a complaint to us is your voluntary decision, however, if you do, we are obliged to retain the complaint for 3 years based on Section 17/A (7) of Act CLV of 1997 on Consumer Protection [Data processing according to Article 6 (1) (c) of the Regulation].

Data processed in connection with the verifiability of consent

During registration, ordering, and newsletter subscription, the IT system stores IT data related to consent for later verifiability.

 

Data processed
The date of consent and the IP address of the data subject.

 

Duration of data processing
Due to legal requirements, consent must be verifiable later, therefore, the data storage period is retained for the limitation period following the termination of data processing.

 

Legal basis for data processing
This obligation is stipulated in Article 7 (1) of the Regulation. [Data processing according to Article 6 (1) (c) of the Regulation]

Data processing for marketing purposes

Data processing related to newsletter sending

The data processing procedure is carried out for the purpose of sending newsletters.

 

Data processed
Name, address, email address, phone number.

 

Duration of data processing
Until the data subject withdraws their consent.

 

Legal basis for data processing
Your voluntary consent, which you give to the Data Controller by subscribing to the newsletter [Data processing according to Article 6 (1) (a) of the Regulation]

Data processing related to sending and displaying personalized advertisements

The data processing procedure is carried out for the purpose of sending advertising content tailored to the data subject's interests.

 

Data processed
Name, address, email address, phone number.

 

Duration of data processing
Until you withdraw your consent.

 


Legal basis for data processing
Your voluntary, specific consent, which you provide to the Data Controller during data collection [Data processing according to Article 6 (1) (a) of the Regulation]

Remarketing

Data processing as remarketing activity is carried out with the help of cookies.

 

Data processed
Data processed by cookies as defined in the cookie notice.

 

Duration of data processing
The data storage period of the respective cookie, more information available here:

Google general cookie information:
https://www.google.com/policies/technologies/types/

 

Google Analytics information:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

 

Facebook information:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

 

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by using the website [Data processing according to Article 6 (1) (a) of the Regulation].

Automated decision-making

SAMPLE

Automated decision-making

 

The purpose of automated decision-making is the conclusion and performance of the contract between the Data Controller and the data subject, and the results of automated decision-making are checked by the Data Controller's staff. The data subject has the right to request human intervention from the Data Controller regarding automated decision-making, to express their point of view, and to object to the decision.

 

The Data Controller applies automated decision-making in the following cases:

 

Loyalty discount

- applied logic:

- consequences for the data subject:

 

Coupon code

- applied logic:

- consequences for the data subject:

 

Weight-based shipping fee calculator

- applied logic:

- consequences for the data subject:

 

Value-based shipping fee calculator

- applied logic:

- consequences for the data subject:

Further data processing

If the Data Controller intends to carry out further data processing, it shall provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of processed data, duration of data processing).

Recipients of personal data

Data processing for the purpose of storing personal data

Name of data processor: Shopify Inc.

Contact details of data processor:

Phone number:

Email address: info@shopify.com

Registered office: 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8 Canada

Website: shopify.com

The Data Processor stores personal data based on a contract concluded with the Data Controller. It is not authorized to access personal data.

Data processing activity related to newsletter sending

Name of the company operating the newsletter system: The Rocket Science Group LLC.

Registered office of the company operating the newsletter system: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Phone number of the company operating the newsletter system:

Email address of the company operating the newsletter system: privacy@mailchimp.com

Website of the company operating the newsletter system: mailchimp.com

The Data Processor assists in sending newsletters based on a contract concluded with the Data Controller. In this context, the Data Processor processes the name and email address of the data subject to the extent necessary for sending newsletters.

Data processing related to invoicing

Name of data processor:

Phone number of data processor:

Email address of data processor: info@szamlazz.hu

Website of data processor: https://szamlazz.hu

The Data Processor participates in the registration of accounting documents based on a contract concluded with the Data Controller. In this context, the Data Processor processes the name and address of the data subject to the extent necessary for accounting records, for the period specified in Section 169 (2) of the Accounting Act, and then deletes them.

Data processing related to online payments

Name of data controller: Stripe Inc

Registered office of data controller: 510 Townsend Street San Francisco, CA 94103 United States

Phone number of data controller:

Email address of data controller: info@stripe.com

Website of data controller: https://stripe.com

The payment service provider participates in the execution of online payments based on a contract concluded with the Data Controller, for which purpose data transfer to the online payment service provider takes place during the purchase process. In this context, the online payment service provider processes the data subject's billing name and address, order number, and date in accordance with its own data processing rules.

Purpose of data transfer: to provide the online payment service provider with the transaction data necessary for the payment operation initiated by it in connection with the purchase.

Legal basis for data transfer: according to Article 6 (1) (b) of the Regulation, the performance of the contract concluded between you and the Data Controller, which includes payment by the customer, and in the case of online payment, data transfer as per this point is necessary for payment.

Your rights during data processing

During the data processing period, you are entitled to the following rights according to the provisions of the Regulation:

  • right to withdraw consent
  • right to access personal data and information related to data processing
  • right to rectification
  • right to restriction of processing,
  • right to erasure
  • right to object
  • right to data portability.

If you wish to exercise your rights, it will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, personal data will be required for identification (but identification can only be based on data that the Data Controller already processes about you), and your complaints regarding data processing will be available in the Data Controller's email account within the period specified for complaints in this information. If you were a customer and wish to identify yourself for complaint handling or warranty administration, please also provide your order ID for identification. This will allow us to identify you as a customer.

The Data Controller will respond to complaints regarding data processing within 30 days at the latest.

Right to withdraw consent

You are entitled to withdraw your consent to data processing at any time, in which case the provided data will be deleted from our systems. However, please note that in the case of an unfulfilled order, withdrawal may result in us being unable to complete the delivery to you. Furthermore, if a purchase has already been made, we cannot delete invoicing-related data from our systems based on accounting regulations, and if you have an outstanding debt to us, we may process your data even if you withdraw your consent, based on our legitimate interest in debt collection.

Access to personal data

You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed, and where that is the case, you have the right to:

  • access the processed personal data and
  • be informed by the Data Controller about the following:
    • the purposes of the processing;
    • the categories of personal data concerned;
  • information about the recipients or categories of recipients with whom or which the personal data has been or will be disclosed by the Data Controller;
  • the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period;
  • your right to request from the Data Controller rectification, erasure or restriction of processing of personal data concerning you, and in the case of processing based on legitimate interest, to object to such processing of personal data;
  • the right to lodge a complaint with a supervisory authority;
  • if the data was not collected from you, any available information as to their source;
  • the existence of automated decision-making (if such a procedure is applied), including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the legality of data processing. Therefore, in the case of multiple requests for information, the Data Controller may charge a fair fee for providing the information.

The Data Controller provides access to personal data by sending you the processed personal data and information by email after verifying your identity. If you have a registration, access is provided by allowing you to view and check your personal data by logging into your user account.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you.

Right to restriction of processing

You have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data; if the accurate data can be immediately determined, no restriction will take place;
  • the processing is unlawful, and you oppose the erasure of the personal data for any reason (for example, because the data are important to you for the assertion of legal claims), and therefore request the restriction of their use instead of their erasure;
  • the Data Controller no longer needs the personal data for the purposes of the indicated processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to processing, but the legitimate interests of the Data Controller may also justify the processing, in which case, until it is determined whether the legitimate grounds of the Data Controller override your legitimate grounds, the processing must be restricted.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

The Data Controller shall inform you in advance (at least 3 working days before the lifting of the restriction) of the lifting of the restriction on processing.

Right to erasure – right to be forgotten

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Data Controller;
  • you withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
  • you object to processing based on legitimate interest, and there are no overriding legitimate grounds (i.e., legitimate interest) for the processing;
  • the personal data have been unlawfully processed by the Data Controller and this has been confirmed based on the complaint;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.

Where the Data Controller has made the personal data concerning you public for any lawful reason and is obliged to erase them for any of the reasons listed above, taking account of available technology and the cost of implementation, it shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject (such as data processing within the scope of invoicing, as the retention of invoices is prescribed by law) or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • for the establishment, exercise or defence of legal claims (e.g., if the Data Controller has a claim against you that has not yet been fulfilled, or a consumer or data protection complaint is ongoing).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interest. In such cases, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to data portability

Where processing is carried out by automated means, or where the processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data provided by you to the Data Controller, which the Data Controller shall provide to you in XML, JSON, or CSV format. If technically feasible, you may request that the Data Controller transmit the data in this format to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In these cases, the Data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

The above provisions do not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and the Data Controller;
  • is authorised by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

Registration in the data protection register

According to the provisions of the Infotv., the Data Controller had to register certain data processing activities in the data protection register. This registration obligation ceased on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and against becoming inaccessible due to changes in the technology used.

The Data Controller makes every effort, within organizational and technical possibilities, to ensure that its Data Processors also take appropriate data security measures when handling your personal data.

Legal remedies

If you believe that the Data Controller has violated any legal provision regarding data processing, or has not fulfilled any of your requests, you may initiate an investigation procedure by the National Authority for Data Protection and Freedom of Information to cease the alleged unlawful data processing (mailing address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

We also inform you that in case of violation of legal provisions regarding data processing, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court. 

Modification of the Data Processing Information

The Data Controller reserves the right to amend this data processing information in a way that does not affect the purpose and legal basis of the data processing. By using the website after the effective date of the amendment, you accept the amended data processing information.

If the Data Controller intends to carry out further processing of the collected data for a purpose other than that for which they were collected, it shall inform you of the purpose of the data processing and the following information prior to the further processing:

  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • your right to request from the Data Controller access to and rectification or erasure of personal data or restriction of processing concerning you and to object to processing of personal data if based on legitimate interest, and in the case of processing based on consent or a contractual relationship, the right to data portability;
  • in case of processing based on consent, that you have the right to withdraw your consent at any time;
  • the right to lodge a complaint with a supervisory authority;
  • whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data;
  • the existence of automated decision-making (if such a procedure is applied), including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Data processing may only commence after this, and if the legal basis for data processing is consent, in addition to the information, you must also give your consent to the data processing.