privacy policy

This is a translation of the original privacy policy that can be found here. In case of any discrepancy, the original Hungarian version shall prevail.

1. Data manager and identification of present webpage

 

1.1. We inform you that this website is run by

Zámbóné Varga Katalin Erzsébet ev.

  • Registration number: 52654019 - Belügyminisztérium Okmányfelügyeleti Főosztály (Department of the Interior Department of Document Supervision)

  • Tax number: 69069336-1-42

  • Headquarters: H- 1144 Budapest, Tihany utca 42-44/A, 1/23.

  • Postal address: H- 1144 Budapest, Tihany utca 42-44/A, 1/23.

  • Website: https://www.mybettershelf.com/

  • E-mail: mybettershelf@gmail.com

(Data Manager hereafter).

1.2. Present webpage, and other websites and sub-sites that can be reached through it have this website address:

https://www.mybettershelf.com/

 

2. Hungarian legal requirements, scope of present manual

 

2.1. Service of website identified by address above (website hereafter), run by certain Data Manager (Data Manager hereafter), is provided from Hungary. In accordance with this, Hungarian and European law applies to service, Users using service (also including data management). Data Manager uses information about Users mostly based on these regulations:

  • EUROPEAN PARLIAMENT AND COMMISSION (EU) Regulation 2016/679 (27 April 2016) about protecting natural people and protection of personal data, free flow of such data, and about countermanding of the directive 95/46/EK (general data protection regulation); (The EU General Data Protection Regulation), (GDPR hereafter) (AZ EURÓPAI PARLAMENT ÉS A TANÁCS (EU) 2016/679 RENDELETE (2016. április 27.) (a továbbiakban: GDPR).

  • Regulation CVIII from 2001 about electronic commercial services and services related to some aspects of information society (az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről szóló 2001. évi CVIII. törvény (Ekertv.)),

  • Regulation CXIX from 1995 about research and handling information of names and addresses for direct marketing purposes (a kutatás és a közvetlen üzletszerzés célját szolgáló név- és lakcímadatok kezeléséről szóló 1995. évi CXIX. törvény (DMtv.)),

  • and Regulation XLVIII from 2008 about the basic conditions and some limits of economic advertising activities (a gazdasági reklámtevékenység alapvető feltételeiről és egyes korlátairól szóló 2008. évi XLVIII. törvény (Grt.)) .

2.2. Present manual applies to the use of website and data management done during the use of electronic services.

2.3. Based on present manual, Users are: natural people regardless of which service of website they are using, and those natural people who simply browse the website but do not draw on any services.

 

 

3. Legal bases of data management

3.1. Legal basis to data management done by Data Manager lies upon GDPR Article 6, Paragraph (1), Point a) about consent of User to data management, and Article 6, Paragraph 1, Point b) of GDPR, which states that data management is necessary for fulfilment of contracts in which User is one of the parties.

 

3.2. In case of data management based on given consent, User previously agrees to data management by marking an indicator box above data management agreement placed at relevant places. User may read about data management anytime under “Privacy policy” appearing at every page of website, or by clicking on “Privacy policy” link in data management agreement mentioned in this point, through which Data Manager provides User in advance with obvious and detailed information. By marking the indicator box above data management agreement, User declares that they have read privacy policy and consents to handling their data in accordance with present manual knowing its content. 

4. Data management without further consent, and after withdrawal of consent

 

4.1. Data Manager can handle recorded information about User with their previous consent, and needs no further consent. After withdrawal of consent based on Article 6, Paragraph 1 of GDPR, data are handled the following way.

 

4.2. If personal data was recorded with User’s consent, Data Manager can handle recorded data further on, if disharmonic legal regulations do not exist, without the further explicit consent of User, and Data Manager can handle information after withdrawal of consent, too, if:

- data management is necessary to fulfill legal requirements of data manager;

- data management is necessary to protect essential interests of a concerned or another natural person;

- data management is necessary to provide rightful interests of data manager or any third party, except when interests or essential rights and freedoms of concerned people have priority over these interests that require the protection of personal data, especially if the concerned party is a child.

 

4.3. Data Manager does a so-called interest-scaling test on an obligatory basis before managing data with reference to rightful interests. This interest-scaling test is a three-step process in which Data Manager identifies its rightful interest, and concerned User’s interest being their weighting counterpoint and their basic right to planned data management. Finally, based on the process of weighting, Data Manager declares if its rightful interest is in proportion with User’s interest, consequently, personal data can be handled based on GDPR Article 6, Paragraph (1) Point f).

 

4.4. Data Manager informs concerned User about the results of interest scaling test in a way that User will clearly realize why managing User’s personal data by Data Manager without User’s consent can be a reasonable limitation.

 

4.5. Data Manager follows the guidelines of Opinion 6/2014 issued by the Data Protection Group of the European Commission. The Opinion can be read at the following link: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_hu.pdf#h2-2 

 

5. Further possible legal bases of data management – independent of User’s consent

5.1. Further legal basis of data management in referential cases is data management necessary for fulfilling legal requirements based on GDPR Article 6 Paragraph (1) Point c). Data Manager may need to do obligatory data management in some cases, prescribed by law or other measure. In addition, Data Manager has to act according to requests from authorities that might also involve handling and forwarding personal information. This is Data Manager’s obligation by law, too.

 

5.2. We inform you furthermore, according to GDPR Article 6, Paragraph (1), Point d) and f) that Data Manager may handle User’s personal information in cases when managing data is necessary to protect essential interests of another natural person, and data management is necessary to put across rightful interests of Data Manager or a third party – except for cases when this interest is in conflict with concerned User’s such interests or basic rights and freedoms that require protection of personal information, especially if User is a child.

Data Manager always does – with a compulsory aspect - a so-called interest-scaling test with reference to above mentioned rightful interest before starting to handle data, according to points 4.3-4.5 of present manual.

 

5.3. Data Manager informs User based on Law of 2001 CVIII, § 13/A about some questions of electronic trading services and services related to information society.

Data Manager’s service based on this law is considered to be electric trading service related to information society.

Data Manager may handle identifying information and address of User in order to create a contract, determine its content, modify it and to monitor its accomplishment, make out invoices of fees about related costs, and to realize claims.

Data Manager may handle User’s natural identifying data, address and information about using service, its period and location in order to be able to make out invoices laid down in contract about offering Data Manager’s service.

Data Manager may handle personal information that is technically essential for providing service. Data Manager chooses and runs devices used during offering service so that personal data is only handled when it is absolutely necessary to provide such a service and to fulfil legal requirements. However, in similar cases, it does only to a necessary level and time. (Further rules of technically necessary data management is laid down in the document “Information about using “cookies”” and in chapter 6 of present manual.

Data Manager may handle personal information – unlike any cases described above, especially to improve the efficiency of its service, electronic advertisements or forwarding any other content to User to do market research – in relation to service based on User’s previous consent.

 

6. Data management related to operation of information technology service

6.1. Concerned parties in data management: All Users visiting website, regardless of whether they use services offered at website.

 

6.2. Legal basis of data management: Law of 2001 CVIII, § 13/A authorizes Data Manager to handle information technically absolutely necessary to provide service. Consequently, it is the rightful interest of Data Manager to do so, based on GDPR Article 6, Paragraph (1), Point f). Relying on this legal basis, Data Manager handles exclusively those types of data that are necessary to ensure a user-friendly operation of website, and works with them only until it is needed. These pieces of information are such technical data which are essential to provide an enjoyable appearance of website, proper and comfortable use of its functions. Data are not forwarded to third party and are not used for any other purposes. Data Manager works with service provider(s) indicated in Chapter 15 under “Information technology data management”. As a result, data management does not have any risks on User’s side, however, using the website properly is not possible without handling data.  It is the rightful interest of Data Manager to operate website properly, as it can only provide its service this way, it is an inevitable condition for its functioning. Consequently, Data Manager handles information mentioned above in order to fulfil this goal as its rightful interest, and based on which rightful interest – because data management is not high risk for User – Data Manager limits User’s autonomy to a proportional extent.

 

6.3. Determining the scope of data handled: Information technological data management affects data related to operate “cookies” used for the functioning of website and data necessary for using diary files applied by operator of website.

 

In order to ensure user-friendly browsing, data that need to be handled:

- websites visited during entering website and the order of their opening

- User’s IP address.

 

Anonymous data handled to measure popularity of website:

- websites visited during entering website and the order of their opening

- frequency of opening certain websites on webpage

- which other website has User come from to present website (only in case of websites that have a link to present website)

- determining User’s geographical position (based on internet service company, only approximate data about device used for browsing)

- time when browsing was started

- time when browsing was finished

- period until website was surfed.

Data handled to check entry rights when entering website:

- user name and password (can be stored based on User’s consent)

- User’s e-mail address

- IP address of User’s device.

 

6.4. Aim of data management: “Cookies” and diary files are necessary to provide a user-friendly and safe operation of website, also to collect anonymous information about use of website.

 

This includes the following:

- Identification of User’s browser device, and remembering identifying data through browsing time based on IP address. Surfing the internet becomes smoother, as without this function, User needs to identify themselves at each website they visit.

-  Data are recorded in an anonymous way, they cannot be linked to any person.

- Measuring the popularity and frequency of visits at webpages of website and the time spent on webpages in order to shape website to the needs of Users.

- Identifying place of User’s device used for browsing, mapping the demand for Data Manager’s service.

- Identifying website from which User has arrived, in order to provide information about services of other websites that have links to present one, and to be able to offer information about topics of User’s interest.

To measure such data Data Manager’s information technology system uses devices of Google Analytics (Google Inc.). In cases of such websites, Google cookies remember users’ preferences and information, which also means discovering anonymous data about visitor numbers at a website and browsing habits.

Data assigned to these goals are recorded in a way that Users can be identified, however, they are only accessible by Data Manager:

  • incidental storage of username and password for an easier entry (according to User’s decision)

  • check of User’s entry entitlement (username, e-mail address, password).

6.5. Period of data management: Data Manager handles a part of data for the period of browsing, other data is stored for a variable time, but maximum 2 years.

 

Data necessary for operation of website in a user-friendly way (IP address, order of webpages visited during browsing) are recorded for the duration of browsing session, they are deleted when browsing finishes. Handling of these data is done by own devices of Data Manager, third party does not gain access to them, except for information technology data processing (see chapter below: “Requisition of Data Processor”).

Data necessary for checking entry and usage entitlements are stored for the duration of browsing session, when it finishes, they are deleted. Handling of these data is done by own devices of Data Manager, third party does not gain access to them, except for information technology data processing (see chapter below: “Requisition of Data Processor”).

 

Username and password may be stored permanently based on User’s decision by cookies being stored on User’s device. User might delete them, thus control data storage period.

 

Data Manager’s information technology system stores data to measure number of visitors and to map browsing habits right from the start in an anonymous way, they cannot be linked to anyone. Data Manager’s information technology system uses devices of Google Analytics. Only those cookies get stored on User’s device that had been enabled to collect data by Google Analytics. You can erase this in the settings of your browser, blocking data collection.

 

6.6. Storage of data: on separate lists in Data Manager’s information technology system. Data related to providing a user-friendly service (IP-address, the order of sites visited during browsing session) are not stored. Cookies providing information are stored on User’s device. Diary cookies used by webpage service provider are stored on service provider’s server.

 

6.7. User may get more information about information technology data management also done by Google Analytics from the pop-up window appearing at the entry of website, and at the website by clicking on “Information about using cookies”, just like from https://www.google.com/intl/hu_ALL/analytics/support. Data Manager uses only services mentioned above from the ones offered by Google Analytics.

7. Data Management in case of receiving and answering messages

7.1. Concerned parties: Users sending messages to Data Manager through a message-sending surface appearing afer clicking on „CONTACT US” and sending e-mails to indicated e-mail address(es).

 

7.2. Legal basis for data management: User’s consent according to GDPR Article 6, Paragraph (1), Point a). User consents to handling their data by providing information voluntarily on a message-sending surface, by clicking on the indicator box and sending a message voluntarily. In case of e-mails, User consents to handling their personal data and information included in the message by sending an e-mail voluntarily.

 

7.3. Determining the scope of data handled: Data management involves handling information provided by User on the message-sending surface described above, where User types in personal data by filling in a form, or providing any other information within the message (including the e-mail itself).

Scope of data:

  • surname

  • first name

  • e-mail address

  • country.

 

Data Manager handles information concerning received messages (e-mails) from User only contentwise, and does not require User to give personal data within. When such non-required information is provided though, they are not stored and Data Manager deletes them immediately from the information technology system.

 

7.4. Goal of data management: to ensure exchange of messages between Data Manager and User, by the latter providing above mentioned data voluntarily in order to draw on services of website related to exchange of messages.

Services involved:

  • sending messages on a message-sending surface (under ”CONTACT US”),

  • receiving an e-mail message (by using e-mail address(es) at website),

  • replying to messages sent to Data Manager the above mentioned ways in 2 working days.

 

7.5. Duration of data management: Data Manager handles information until goal is fulfilled, i.e. answering a request or accomplishing a claim. Afterwards, Data Manager deletes data handled for these purposes. If there are more exchanges of messages, data are erased at the end of the process.

 

7.6. Method of data storage: on separate data managing lists in the information technology system of Data Manager until the end of information exchange.

 

8. Data management related to sending newsletters

8.1. Concerned with data managent is: User who signs up for newsletters at website by providing personal data to fill in a form.

 

8.2. Legal basis of data management: User’s consent based on GDPR Article 6, Paragraph (1), Point a) and User’s consent based on law regulating economic advertising activities § 6, Paragraph (1) and (2). User gives voluntary consent by reading this privacy policy and filling in the form about receiving newsletters, clicking on the consenting agreement box there. User consents this way to handling their personal data described in Privacy Policy, and to receiving newsletters.

Newsletters provide useful information to users, as well as aims at direct sales. User may sign up for this service irrespectively of drawing on other services, and is voluntary. It is based on User’s decision after being informed. In case User does not take the newsletter service, they do not encounter any drawbacks when using website or any other services, it is not a condition to use any other services at website.

 

8.3. Scope of data:

  • surname

  • first name

  • e-mail address.

 

8.4. Goal of data management: sending newsletters to User by Data Manager in e-mails about Data Manager’s service, information about the latest products/services and actualities, offers and advertisements.

 

8.5. Duration of data management: Data Manager handles information until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

 

8.6. Method of data storage: on separate data managing lists in the information technology system of Data Manager.

9. Data management related to registration

9.1. Scope of parties concerned: Users registering at website.

9.2. Legal basis of data management: based on GDPR Article 6, Paragraph (1), Point a), User’s consent. Voluntary consent is given by clicking on ”REGISTRATION” and filling in the form, as well as clicking in the indicator box, and finally sending the registration.

 

9.3. Scope of data handled: Data included in the registration form mentioned above.

Scope of data:

- surname

- first name

- telephone number

- e-mail address

- username

- password

- address of delivery

- address for invoice.

 

9.4. Goal of data management: data management related to operating a webshop, User to take services offered at website.

Services are:

- browsing the website

- getting information about products

- offering possibility to order products online from the website

- sending messages to Data Manager.

 

9.5. Duration of data management: Concerning registered Users, duration of data management lasts until Users request for data deletion. Data management may finish when User deletes their registration or when Data Manager deletes User’s registration. User may delete their registration anytime, or can ask Data Manager to do it. Such incoming requests are handled and accomplished immediately, but 10 working days the most from arrival.

9.6. Method of storing data: on separate data management list within Data Manager’s information technology system.

10. Data management related to orders

10.1. Scope of parties concerned: Users posting an order at website.

 

10.2. Legal basis of data management: based on GDPR Article 6, Paragraph (1), Point b), according to which data management is necessary to accomplishing contracts where User is one of the parties. User is informed that their personal data given in connection with delivery will be handled by Data Manager when an order is issued, based on the contract made between the two parties.

 

10.3. Scope of data handled: Data included in the form filled in before issuing an order mentioned above, or in previous registration form.

 

Scope of data:

- surname

- first name

- telephone number

- e-mail address

- username

- password

- address of delivery

- address for invoice

- indication of product(s)/service(s) ordered

- price of product(s)/service(s) ordered

- form of delivery

- form of payment

- other information User might have provided in order to accomplish order

- time of order

- time of payment.

 

10.4. Goal of data management: to fulfill orders and data management related to operation of webshop. User gives their personal information and contacts voluntarily so that orders can be fulfilled and services of website can be provided.

Services this includes:

  • providing information about availability and characteristics of product

  • ordering product

  • delivery of ordered product

  • arranging delivery

  • delivery

  • notification about delivery

  • making out invoices

  • prosecution of User’s rights.

 

10.5. Duration of data management: it lasts until delivery of product. Data manager forwards personal information (name, address of delivery, telephone number) to delivery company exclusively necessary for the delivery and can be used only for a certain scale and time.

Data Manager handles information required for making out invoices (name, address) until there might be a possibility of prosecution of fulfilling interests, and data mentioned above related to fulfilling orders until the time of possible prosecution of fulfilling interests (5 years from signing the contract). It handles data required by the Counting Act until the necessary period (8 years from signing the contract).

 

10.6. Method of data storage: On separate data management list within the information technology system of Data Manager, and on bills that correspond to related laws about keeping bills for certain periods of time.

11. Registry of data management while using website

 

11.1. Lists related to information technology data management: anonymous lists containing information about browsing habits of Users – see Point 6 –, as well as a temporary list containing data of IP-addresses of Users’ devices who are just browsing the website. It is exclusively handled within the information system of Data Manager. Data management is done on the latter list only for the duration of browsing. (Other data are stored on User’s device, Data Manager does not make a list on its own.)

 

11.2. List for the exchange of messages: data of Users sending messages by using contacts at website – see Point 7 – that includes information about participants of data exchange, only for the duration of the exchange, afterwards data are deleted.

 

11.3. List for newsletters: list of data – see Point 8 – to send newsletters, messages, leaflets and special offers in e-mails. Data are handled by Data Manager until withdrawal of consent sent by User (when they unsubscribe), or until User asks Data Manager to delete information.

 

11.4. Registration list: list containing data – see Point 9 – of registered Users. Information is stored until registration is valid, User of Data Manager does not delete it, or User’s request for such a deletion is not processed by Data Manager.

 

11.5. List of orderers: data – see Point 10 – of Users who place an order. Information is stored until request for deletion is processed by Data Manager, except for cases subject to Counting Law.

 

11.6. Registry of forwarding data: Data Manager runs a registry of forwarding data in order to check legality and to inform concerned parties. This includes the time of forwarding data of personal information, its legal basis and addressee, the definition of data forwarded and other data defined by regulation about data management.

 

11.7. Registry of data management incident: a registry about violations of regulations about data management and the steps to avoid them. It includes information about personal data concerned, circle and number of parties involved in the violation, its time, circumstances, effects and actions taken to avert it, as well as – in case of data management done prescribed by a legal commitment – other data defined in the regulation prescribing data management.

 

11.8. Data Manager stores information in its information technology system on separate lists, in data bases for different purposes each – as described above. It also stores paper contracts/declarations about sending newsletters.

12. Duration of data management

12.1. Data management lasts until the above mentioned descriptions of data management differentiated on the basis of the purpose of such management. Data Manager handles information until data management purposes are fulfilled, or User withdraws consent or requests for deletion.

 

12.2. In accordance with this, data management lasts until withdrawal of consenting declaration, fulfilment of deletion request, unsubscription from newsletter, in certain cases until the accomplishment of engagement. User may protest against data management any time, may ask to stop data management and request for deletion of data specifically or globally. Data Manager processes requests like these immediately, but maximum 10 working days from arrival of request. User may unsubscribe from newsletters at any time by using the unsubscribe link in newsletters or by sending an e-mail to mybettershelf@gmail.com Users might send the above mentioned requests or protests to this e-mail address, too. Data Manager only considers such e-mails authentic, if User has given the e-mail address they might be sent from previously to Data Manager and is registered in Data Manager’s system when User subscribed to newsletters or has given data in a contract/declaration. However, sending such requests from another e-mail address does not mean that they are ignored.

 

13. Method of storing data

 

13.1. Data Manager stores information on separate lists in its information technology system divided into different database, according to data management goals.

14. Forwarding data

14.1. Scope of concerned: Users choosing online payment after shopping at website, regardless of using other services.

 

14.2. Addresse of data forwarding:

PayPal, Inc.

Premises: 2211 North First Street, San Jose, California 95131, USA

Postal address: P.O. Box 45950, Omaha, NE 68145-0950, USA

Telephone:  + 1 408-967-1000

Website: https://www.paypal.com

as service provider company of online payment service at Data Manager’s website.

14.3. Legal basis of data forwarding: User’s consent based on GDPR Article 6, Paragraph (1), Point a). User consents voluntarily to forwarding their data by getting to know the privacy policy, choosing online payment and sending an order.

 

14.4. Scope of data forwarded:

- user name

- surname

- first name

- country

- telephone number

- e-mail address.

 

14.5. Goal of forwarding data: Operating and managing online payment service appropriately, confirmation of transactions, operating fraud-monitoring to protect users’ interests. This is a system to reveal frauds related to online payment, supporting the control of bank transactions – and providing help through customer support service.

 

14.6. Data are exclusively forwarded to achieve the above mentioned goals.

 

14.7. Data Manager forwards information only to official bodies in accordance with legal requirements.

 

14.8. Data Manager does not forward information to third parties for business or marketing purposes.

 

14.9. Data Manager keeps track of forwarding data in a register.

15. Requisition of data processor

Data Manager draws on the following businesses to process data.

 

15.1. Information technology data processing

 

15.1.1. Parties concerned of data processing: Users visiting website, regardless of services used.

 

15.1.2. Data Manager draws on

 

  • Wix.com Inc.

  • Tax number: (EU VAT ID) - EU442008451

  • Premises: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA

  • Postal address: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA

  • Telephone: +1 415 3580857

  • E-mail: abuse@wix.com

  • Website: https://www.wix.com/

 

as website storage place provider (Data Processor hereafter).

15.1.3. Legal basis of data processing: Data Manager may draw on a data processor on the basis of GDPR Paragraph 6, Article (1), Point a) about User’s consent, provided Users are informed beforehand. User voluntarily consents in any way as described in the above chapters, to Data Manager draw on a data processor to handle User’s data.

 

15.1.4. Defining the scope of data involved in data processing: this relates to all information mentioned in present manual.

 

15.1.5. Goal of data processing: To ensure functioning of website in an information technological way through data handling of services provided, apparent in necessary technical actions.

 

15.1.6. Period of data processing: It correlates with data management periods indicated in this manual for data management with various objectives.

 

15.1.7. Processing data exclusively refer to technological operations necessary to manage website in an information technical aspect.

15.2. Data processing in relation to sending newsletters

 

15.2.1. Concerned parties: Users subscribing to newsletter, regarless of whether they use any other services.

 

15.2.2. Data Manager draws on services of

  • Wix.com Inc.

  • Tax number: (EU VAT ID) - EU442008451

  • Headquarters: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA

  • Postal address: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA

  • Telephone: +1 415 3580857

  • E-mail: abuse@wix.com

  • Website: https://www.wix.com/

as company that has developed and operates newsletter sending software used by Data Manager (Data Processor hereafter).

 

15.2.3. Legal basis of data processing: Data Manager may draw on services of a data processor, based on User’s consent according to GDPR Article 6, Paragraph (1), Point a), provided Users are informed beforehand. User consents voluntarily to Data Manager sending newsletters to them and to necessary data to be handled by Data Processor, after getting acquainted with Privacy policy – see also chapter about sending newsletters.

 

15.2.4. Definition of data to be processed: data processing involves all data mentioned in present manual in chapter about sending newsletters.

15.2.5. Goal of data processing: to provide information technological conditions for sending newsletters by Data Manager, in data management apparent through technical operations necessary for operating the software safely.

 

15.2.6. Period of data processing: is the same as the period indicated in present manual’s chapter about sending newsletters.

 

15.2.7. Processing data exclusively refers to technical operations to manage software about sending newsletters in an information technological way.

15.3. Data processing related to e-mailing

 

15.3.1. Concerned parties: Users sending e-mails to public e-mail address communicated on website, regardless of whether they draw on any other services.

 

15.3.2. Data Manager draws on services of

 

GOOGLE INC.

  • Short name: GOOGLE INC.

  • Corporate registration number: 20031277465

  • Tax number: 20031277465

  • Headquarters: 1600 Amphitheatre Parkway Mountain View CA 94043 US

  • Premises: 1600 Amphitheatre Parkway Mountain View CA 94043 US

  • Postal address: 1600 Amphitheatre Parkway Mountain View CA 94043 US

  • Telephone: -

  • E-mail: not available

  • Website: https://www.google.hu/
     

as company that has developed and operates the e-mailing service software used by Data Manager (Data Processor hereafter), as well as hosting service provider (Data Processor hereafter).

 

15.3.3. Legal basis of data processing: Data Manager may draw on the services of a data processor, based on User’s consent according to GDPR Article 6, Paragraph (1), Point a), provided Users are informed beforehand. User consents voluntarily to Data Manager use Data Processor by sending an e-mail to Data Manager, after getting acquainted with Privacy policy.

 

15.3.4. Scope of data involved in data processing: User’s name, e-mail address and other information optionally sent in an e-mail by them.

 

15.3.5. Goal of data processing: to provide necessary information technological conditions for sending e-mails by Data Manager, apparent in data management through technical operations necessary for operating software safely.

 

15.3.6. Period of data processing: is the same as the period indicated in present manual’s chapter about sending messages.

 

15.3.7. Processing data exclusively refers to technical aspects to operate software about reception and send of e-mails in an information technological way.

15.4. Data processing related to delivery of products

 

15.4.1. Concerned parties: Users choosing delivery of products after placing an order at website, regardless of whether they draw on any other services.

 

15.4.2 Data Manager draws on services of

 

  • PMP EXPRESS LOGISZTIKAI Korlátolt Felelősségű Társaság

  • (PMP EXPRESS LOGISZTIKAI Ltd.)

  • Short name: PMP EXPRESS LOGISZTIKAI Kft.

  • Corporate registration number: 09-09-020200

  • Tax number: 23068577-2-09

  • Headquarters: H- 4030 Debrecen, Békés u. 3. (H- 4030 Debrecen, Békés Str. 3.)

  • Postal address: H- 4030 Debrecen, Békés u. 3. (H- 4030 Debrecen, Békés Str. 3.)

  • Telephone: +3652310184

  • E-mail: info@pmpexpress.hu

  • Website: https://www.pmpexpress.hu/

 

as logistics company organizing the delivery of ordered products (Data Processor hereafter).

15.4.3. Data Manager draws on services of

 

  • GLS General Logistics Systems Hungary Csomag-Logisztikai Korlátolt Felelősségű Társaság

  • (GLS General Logistics Systems Hungary Package-logistics Delivery and Service Provider Ltd.)

  • Short name: GLS General Logistics Systems Hungary Kft. (GLS General Logistics Systems Hungary Ltd.)

  • Corporate registration number: 13-09-111755

  • Tax number: 12369410-2-44

  • Headquarters: H- 2351 Alsónémedi, GLS Európa u. 2. (2351 Alsónémedi, GLS Európa Str. 2)

  • Postal address: H- 2351 Alsónémedi, GLS Európa u. 2. (2351 Alsónémedi, GLS Európa Str. 2)

  • Telephone: +36 29 886 670

  • Fax: +36 29 886 610

  • E-mail: info@gls-hungary.com

  • Website: https://gls-group.eu/HU/hu/home,

as delivering ordered products (Data Processor hereafter).

 

15.4.4. Data Processor draws on services of

 

  • Magyar Posta Zártkörűen Működő Részvénytársaság (Hungarian Post Office Ltd.)

  • Short name: Magyar Posta Zrt.

  • Corporate registration number: 01-10-042463

  • Tax number: 10901232-2-44

  • Headquarters: H- 1138 Budapest, Dunavirág utca 2-6. (1138 Budapest, Dunavirág Street 2-6)

  • Postal address: H- 1540 Budapest 

  • Telephone: +36 1 767 8282 

  • Fax: +36 46 320 136

  • E-mail: ugyfelszolgalat@posta.hu

  • Website: https://posta.hu

  • as delivery company that delivers products ordered (Data Processor hereafter).

 

15.4.5. Data Processor draws on services of

  • UPS Magyarország Szállítmányozó Korlátolt Felelősségű Társaság

  • (UPS Delivery Ltd.)

  • Short name: UPS Magyarország Kft (UPS Magyarország Ltd.)

  • Corporate registration number: 13-09-139285

  • Tax number: 22776082-2-13

  • Headquarters: H- 2220 Vecsés, Lőrinci út 154. Airport City Logistic (2220 Vecsés, Lőrinci Road 154. Airport City Logistic)

  • Postal address: H- 2220 Vecsés, Lőrinci út 154. Airport City Logistic (2220 Vecsés, Lőrinci Road 154, Airport City Logistic)

  • Telephone: +36 1 877 0000

  • Fax: +36 29 886 610

  • E-mail: upssaleshun@ups.com

  • Website: https://www.ups.com/hu/en/Home.page,

as delivering ordered products (Data Processor hereafter).

 

15.4.6. Data Processor draws on services of

 

  • TNT Express Hungary Kft.

  • (TNT Express Hungary Ltd.)

  • Short name: TNT Express Hungary Kft. (TNT Express Hungary Ltd.)

  • Corporate registration number: 01-09-068137

  • Tax number: 10376166-2-44

  • Headquarters: H- 1185 Budapest II. Logisztikai központ – Irodaépület (1185 Budapest Logistics Centre II - Office Building)

  • Postal address: H- 1185 Budapest II. Logisztikai központ – Irodaépület (1185 Budapest Logistics Centre II - Office Building)

  • Telephone: +36 1 432 7117

  • Fax: -

  • E-mail: huheadoffice@tnt.com

  • Website: https://www.tnt.com/express/hu_hu/site/company.htm,
     

as delivering ordered products (Data Processor hereafter).

 

15.4.7. Legal basis of data processing: according to GDPR Article 6, Paragraph (1), Point b), data management is necessary to fulfill contracts in which User is one of the parties. Data Manager may use services of a data processor to fulfill contracts – provided Users are informed beforehand. User, while getting acquainted with Privacy policy and during the process of placing an order, is informed about the content of the contract and data processors being used to handle User’s data necessary to fulfil their orders.

 

15.4.8. Scope of data involved in data processing: data that is needed to fulfill contract about User’s order (fulfillment of delivery):

- surname

- first name

- telephone number

- address of delivery.

 

15.4.9. Goal of data processing:  In order to fulfill contract made when User placed an order, goal is delivery of ordered product to an address indicated by User, checking delivery address and time if necessary on the phone.

 

15.4.10. Period of data processing: time needed for delivery.

 

15.4.11. Data processing exclusively means technical operations needed to fulfill delivery.

 

16. User’s rights concerning data processing

16.1. Right to access: Data Manager gives information on User’s request about data being handled by itself and by Data Processor, their sources, goals of data processing, its legal basis, period, name and address of Data Processor, its activities related to data processing, consequences and effects of a possible data protection incident and actions done in order to avoid such cases, furthermore, in case of forwarding, concerned person’s personal data, about the legal basis and addresse of data forwarding. Data Manager provides information without any unreasonable delay, within maximum one month from arrival of request.

Within the framework of the right to access, Data Manager provides User with a copy of personal data involved in data management, within maximum one month from arrival of request. For further User demands, Data Manager calculates a reasonable fee based on administrative costs (see Chapter 18).

 

16.2. Right to portability of data: User has the right to get personal data about themselves in an articulate, widely used format, readable on devices, furthermore, has the right to forward these pieces of information to another data manager without the obstruction of data manager that received data according to User’s consent, if:

a) data management has been based on User’s consent or contract; and

b) data management is automatised.

Practising the right to portability of data, User has the right – if it is technically practicable – to ask data managers to forward information between each other directly.

 

16.3. Right to correction: User may ask for correction of their data, which Data Manager fulfils without any unreasonable delay, within maximum one month after arrival of request. Considering the goal of data management, User has the right to ask for completing their missing personal data – through an additional declaration for example.

 

16.4. Right to limitation of data management: Data Manager indicates personal data in order to limit data management. User may ask for such limitation if one of the following cases occur:

a) User disputes accuracy of personal data, in this case limitation exceeds for the period that enables Data Manager to check accuracy of personal data;

b) data management is illegal, and User objects to deletion of data, but requests limitation of use;

c) Data Manager does not need personal data for data managent, however, concerned party lays claim to them in order to propose, realize or protect legal demands; or

d) User has objected to legal data management done by Data Manager; in such cases limitation exceeds over period in which it becomes clear whether Data Manager’s legal interests dominate over concenred party’s legal interests.

Every User has the right to object or prohibit their data (name, address and contacts) to appear on sales lists and be used for precise sales objectives, to be used for sending newsletters, or handing them to a third person, furthermore, every User may ask for other limitation of their personal data, to delete information from any or specific lists Data Manager owns, including data handed over to third person. Data Manager performs deletion without any unreasonable delay, but maximum within 10 working days after arrival of such a request. In another 15 days, Data Manager informs concerned User about fulfilment of request.

 

16.5. Right to cancellation (right to “effacing”): Data Manager deletes information if:

a) personal data are no longer needed for reasons they were recorded, or were handled differently;

b) User withdraws their consent to data management, and there are no other legal bases to it;

c) User objects to data management and there are no prior rightful reasons for data management, or User objects to data management with direct sales objectives;

d) personal data was handled illegally;

e) personal data must be deleted to fulfil legal obligations claimed by European Union or member state laws;

f) User requests deletion or objects to data management, and data was recorded with regard to services offered related to information technological society.

If Data Manager made personal data public – and according to cases mentioned above – has to erase them and must take reasonable steps, including technical ones – considering technology available and costs of realization – in order to inform data managers involved about User requesting their personal data and the links referring to them or copies of personal data to be deleted.

Data Manager informs User and all data managers that were provided with information about the correction, limitation and deletion. Notification might be neglected if seems to be impossible, or requires unreasonable efforts. Data Manager informs User on demand about these addressees.

 

16.6. Right to objection: User has the right to object to their data being managed rightfully by Data Manager at any time because of personal reasons, including profile creation based on mentioned actions. In such cases, Data Manager cannot handle personal information any longer, except when Data Manager proves that there are obligatory rightful reasons for data management, having priority over concerned person’s interests, rights and freedoms, or reasons that are related to proposal, enforcement or defence of legal demands.

17. Fulfilling User’s requests

17.1. Data Manager offers notification and taking actions for free, as described in Point 17. If User’s request is obviously unfounded, or – especially for its repeated nature – exaggerated, Data Manager

a) might charge a reasonable price, or

b) might deny taking actions based on request,

considering data requested, or administrative costs of measures to be taken to fulfill request.

 

17.2. Data Manager informs User without any unreasonable delay, but maximum one month after receiving request, about actions taken, including issuing copies of data. If necessary, considering the complexity of request and numbers of requests, this deadline can be made longer with additional two months. Data Manager informs User about elongation of deadline together with indicating reasons of delay within one month after receiving request. If concerned User handed in their request electronically, Data Manager provides information electronically, except when concerned User asks for it in a different way.

 

17.3. If Data Manager does not take any steps as reaction to User’s request, without delay, but within one month the most after receiving request, informs User about reasons why there have been no actions, and about the possibility of filing a complaint at Authority mentioned in Point 19, and can have the right to legal remedy described there as well.

 

17.4. User may hand in their request to Data Manager in any way that identifies them. Identifying Users handing in a request is necessary, because Data Manager can deal with requests that are entitled. If Data Manager has justified doubts about the identity of natural person handing in a request, may ask for other pieces of information to assure identity of concerned User.

User can send their requests to Data Manager to the address indicated in Point 1.1, or to the e-mail address mybettershelf@gmail.com Data Manager considers requests sent in e-mail genuine only if it was sent from an e-mail address registered at Data Manager’s database. However, using another e-mail address does not mean inobservance of such requests. Time of receipt of e-mails is the first day after the e-mail was sent.

18. Data protection, data safety

18.1. Data Manager assures safety of data, and through technical and organizational actions, as well as internal rules of procedure, ensures that laws and other data and secret protection rules are kept. Data Manager protects especially against illegal access, change, forwarding, making public, deletion or disaffirmation of data, moreover, it protects against accidental disaffirmation and damage, as well as inaccessibility of data as a result of change in applied technology.

 

18.2. In order to achieve these, Data Manger uses “https” protocol to reach website, through which web communication can be encrypted and individually identifiable. Data Manager stores information in encrypted data stocks on separate lists insulated from each other based on data management goals, to which certain Data Manager employees – performing tasks at present website – have access to, who have to protect data and it is their job responsibility to handle this manual and relevant laws in an appropriate manner.

 

18.3. Data related to measuring number of visitors at website and habits describing use of website are handled in Data Manager’s information technologyical system in a way that prevents Data Manager to link data to anyone, right from the beginning.

 

18.4. Data are managed to reach articulated and legal goals described in present manual to a necessary and proportional degree, based on relevant laws and recommendations, keeping appropriate safety measures.

19. Prosecution of rights

Concerned parties may practice their prosecution of rights based on Civil Code 2013 Law V (Polgári Törvénykönyvről szóló 2013. évi V. törvény) and GDPR at a couthouse, and can turn to the National Authority for Data Protection and Freedom of Information:

  • Nemzeti Adatvédelmi és Információszabadság Hatóság

  • (National Authority for Data Protection and Freedom of Information)

  • Address: H- 1125 Budapest, Szilágyi Erzsébet fasor 22/c. (1125 Budapest, Szilágyi Erzsébet Avenue 22/c)

  • Postal address: H- 1530 Budapest, Pf.: 5.(1530 Budapest, P.O. Box 5)

  • Telephone: +36 1 391 1400

  • Fax: +36 1 391 1410

  • E-mail: ugyfelszolgalat@naih.hu

  • Website: http://www.naih.hu/

 

In case choosing a process involving a courthouse, the lawsuit – based on concerned User’s choice – may be initiated at the courthouse in concerned person’s residence or commorancy, as courthouses are competent in confiscation of such a lawsuit.

20. Data management related to the use of forums

20.1. Forum in operation at website: opportunity to post commentsto articles appearing at website.

 

20.2. Comments can be released by using the social site module of Facebook. Forum operated at website is public, comments and posts released there, as well as comment-makers, become visible to all users of website. Registered users of social media site are directed at comment-makers’ profile sites by clicking on comment-makers’ names, so data shared by comment makers become visible, too. For further regulations and policy can be read at Facebook social media site (see the links “Privacy Policy” and “Terms and Conditions”).

 

20.3. Policy about data released by Users in comments, entries:

 

Scope of concerned parties: Users placing a comment or entry at website.

User releases their comments individually and directly. Data Manager does not examine content of comment before release, it happens automatically.

Legal basis of data management: according to GDPR Article 6, Paragraph (1), Point a), User’s consent. By making comments at Data Manager’s website, User consents to the release of their comments there.

 

Scope of data: User’s name and incidentally their small-sized profile photo provided in their Facebook profile and User’s comments. Facebook profile data becombe visible by clicking on the name of comment-maker. Release of these data is the responsibility of User, Data Manager cannot be held responsible for any consequences related to this.

 

If User incidentally releases data of another person, User must get concerned third party’s consent to release of their data and forwarding them to Data Manager’s website. Data Manager presupposes such consent. Data Manager is not responsible for consequences of lack of consent to handle such data.

Goal of data management: to enable Users to exchange information  and comment related to contents of website.

 

Period of data management: data management described above lasts until commenting User deletes comment or asks Data Manager to delete it. Data management can also finish if Data Manager initiates deletion by its own decision. User may ask Data Manager for deletion of their comment or entry at any time, whic request is executed immediately, however, User’s comment might have appeared at other places of Facebook, according to User’s settings of their social media site. Data Manager neither has influence on release and archiving of such comments by Facebook, nor on the release of comments on the social media site. User can delete such releases by using the social media site, or request this from service provider of social media site.

Storage of data: in the information technology system of Facebook, as well as using an incorporated module at website of Data Manager by displaying each comment.