top of page

PRIVACY POLICY

 

Download/print the document HERE

You can find the document in Hungarian language HERE

 

1. Identification of controller

 

We inform you that the website https://www.mybettershelf.com/ is run by

 

Mybettershelf Kereskedelmi Korlátolt Felelősségű Társaság (Mybettershelf Trade Limited Liability Company)

Short name: Mybettershelf Kft.

Registration number: 01-09-373198

Tax number: 28768038-2-42

Headquarters: 41 Jerney Street, 3rd floor 12, Budapest 1148 Hungary (Magyarország, 1148 Budapest, Jerney utca 41. 3. em. 12. ajtó)

Postal address: 41 Jerney Street, 3rd floor 12, Budapest 1148 Hungary (Magyarország, 1148 Budapest, Jerney utca 41. 3. em. 12. ajtó)

Telephone: +36 20 365 3641

E-mail: info@mybettershelf.com

Website: https://www.mybettershelf.com/

 

(Controller hereafter).

 

2. Legal requirements concerning processing, scope of present policy

 

2.1. Service of website identified by address above (website hereafter), run by Controller identified above (Controller hereafter), is supplies services from Hungary. In accordance with this, Hungarian and European law applies to service, Users during they are using services (including processing). Controller uses information about Users primarily based on these regulations:

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and 2 repealing Directive 95/46/EC (General Data Protection Regulation), (GDPR hereafter) (AZ EURÓPAI PARLAMENT ÉS A TANÁCS (EU) 2016/679 RENDELETE (2016. április 27.) a természetes személyeknek a személyes adatok kezelése tekintetében történő védelméről és az ilyen adatok szabad áramlásáról, valamint a 95/46/EK irányelv hatályon kívül helyezéséről (általános adatvédelmi rendelet),

 

- Regulation CVIII of 2001 on Electronic commercial services and services related to some aspects of information society (az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről szóló 2001. évi CVIII. törvény (Ekertv.))

 

- and Regulation XLVIII of 2008 on Basic conditions and some limits of economic advertising activities (és a gazdasági reklámtevékenység alapvető feltételeiről és egyes korlátairól szóló 2008. évi XLVIII. törvény (Grt.)).

 

2.2. Present policy applies to processing done during the usage of the website, drawing on services offered there, as well as fulfilling orders on the webshop.

 

2.3. Based on present policy, Users are: natural persons browsing website and drawing on services of website, and natural persons ordering products from Controller.

 

3. Processing related to operation of information technology service

 

3.1. Controller uses ‘cookies’ to run the website and to collect technical data about the visitors of the website.

 

3.2. Controller represent a specific reference for visitors of the website: Information about the use of cookies

 

4. Processing related to receiving and answering messages

 

4.1. Concerned parties in data management: Users who have sent messages to Controller by sending an e-mail to Controller using the e-mail address(es) appeared on the webpage.

 

4.2. Legal basis of data management: User’s consent according to GDPR Article 6, Paragraph (1), Point a). 3 User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.

 

4.3. Scope of data management: The following data of User who sent an e-mail - name, - e-mail address, - country, - content of the message.

 

4.4. Purpose of data management: to ensure exchange of messages between Controller and User.

 

4.5. Duration of data management: until answering a request or accomplishing User’s claim in case no contract follows the message exchange. Afterwards, Controller deletes data that is handled for these purposes. If there are more exchanges of messages, data are erased after the claim has been accomplished. If contracting occurs during the process of exchange messages, and content of messages is important with regard to the contract, legal basis and period of processing happens based on Point 7 and Point 8 (order-related data management).

 

4.6. Method of data storage: on separate data managing lists in the information technology system of Controller until the end of information exchange.

 

5. Data processing in connection with asking for an offer

 

5.1. Concerned parties in data management: Users who click on ‘Contact us’ button and use the messaging interface that pops up after that to send an e-mail to Data manager.

 

5.2. Legal basis of data management: User’s consent according to GDPR Article 6, Paragraph (1), Point a). User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.

 

5.3. Scope of data management: The User sending the request for an offer: - name, - e-mail address, - country, - content of the message.

 

5.4. Purpose of data management: To make it possible for a User to ask for an offer from Data Manager.

 

5.5. Duration of data management: if a contract is not concluded following the request for an offer, in that case until the request for the offer is answered. In circumstances where signing a contract follows these exchanges of messages and the content of the messages are relevant for the contract. In such case the legal basis of data management is based on GDPR Article 6, Paragraph (1), Point b), according to which data management is necessary to accomplish a contract where User is one of the parties. As for the duration of data management Controller handles information mentioned above until keeping certificates is provided by the Counting Act (Számviteli Törvény). According to the Counting Act (Számviteli Törvény), this period is at least 8 years after making out an invoice. After passing this deadline, Controller deletes data within one year. Any other possibly handled data - e.g. Controller and User’s important messages that are relevant for ordering - are handled for 5 years after signing the contract- the period of time-barring that applies to claims of civil liability.

 

5.6. Method of data storage: on separate data managing lists in Controller’s information technology system.

 

6. Processing related to sending newsletters

 

6.1. Concerned parties in data management: Users who sign up for newsletters at website by ticking declaration of consent.

 

6.2. Legal basis of data management: User’s consent based on GDPR Article 6, Paragraph (1), Point a) and User’s consent subject to law regulating economic advertising activities § 6, Paragraph (1) and (2). User gives his/her voluntary 5 consent by filling up the filed for signing up to newsletters and after ticking the checkbox in front of the declaration of subscribing. User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal. Newsletters provide useful information to users, as well as aims direct sales purposes. User can sign up for this service regardless of drawing on other services, and it is voluntary. It is based on User’s decision after being informed. In case User does not take the newsletter service, they do not encounter any drawbacks when using website or any other services, it is not a criterion to use any other services at website.

 

6.3. Scope of data management: for sending newsletters, User’s: - name, - e-mail address, to register the consent given online: - IP-address of the device used for subscribing, - time of subscribing.

 

6.4. Purpose of data management: sending newsletters to User by Controller in e-mails about Controller’s services, information about the latest products/services and actualities, offers and advertisements.

 

6.5. Duration of data management: Controller handles information until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

 

6.6. Method of data storage: on separate data managing lists in Controller’s information technology system.

 

7. Data management related to Users’ contracting

 

7.1. Concerned parties in data management: natural person (consumer) Users who place orders on the website.

 

7.2. Legal basis of data management: based on GDPR Article 6, Paragraph (1), Point b), according to which processing is necessary to accomplishing contracts where User is one of the parties.

 

7.3. Scope of data management: Processing involves personal data and contacts. Users who are making an order: - surname, - first name, - billing address, - address of delivery, - telephone number, - e-mail address, - indication of product(s) ordered, - price of product(s) ordered, - delivery method, - payment method, - other information User might have provided in order to accomplish order, - time of order, - time of payment.

 

7.4. Purpose of data management: to make and fulfil contracts realized through orders.

 

7.5. Duration of data management: in order to fulfil orders, Controller handles information mentioned above until it is prescribed by the Act on Accounting (Számviteli Törvény) about keeping certificates. According to the Act on Accounting (Számviteli Törvény), this period is at least 8 years after making out an invoice, after passing this deadline, Controller deletes data within one year. During delivery - through which order is fulfilled - processing of necessary data (name, address of delivery, telephone number) lasts until the delivery is accomplished. When Controller forwards personal information to delivery company exclusively necessary for delivery, uses processing limitation, so data forwarded can be used only to a limited extent and time. It is the rightful interest of delivery company to store above mentioned data or some parts of them for a certain period, in case of possible discontent, complaints or civil legal disputes. However, delivery company does this as independent Controller, User may read about this in specific service provider’s privacy policy. User can get more information about such service providers in chapter “Using a Processor” of present policy, where their websites containing their privacy policy is indicated as well. Other data possibly processed during ordering – e.g. important messages between User and Controller about orders – are processed by Controller for 5 years after contracting – general term of limitation concerning civil demands.

 

7.6. Method of data storage: On separate processing list within the Controller’s information technology system, and on accounting documents that correspond to related laws about keeping bills for certain periods of time.

 

8. Data processing related to companies’ contracting in case of a natural person on behalf of a company

 

8.1. Concerned parties in data management: natural person Users (or ‘Representor’) on behalf of partner organization that place orders on the webpage.

 

8.2. Legal basis of data management: According to GDPR Article 6, Paragraph (1), Point f), data management is the legitimate interest of the organization (‘Partner Organization’ afterwards) which is represented by User. Contracting with Controller in order to order products is the legitimate interest of the Partner Organization. This can be maintained through using a natural person Representor. Controller processes Representor’s data exclusively in connection with administration and fulfilment of contract in connection with the organization he/she represents, to the extant and time necessary to it and as for the circle of data it is restricted solely to necessary data. Placing the order and necessary information exchange for fulfilling the contract will not be possible without handling the Representor person’s data ergo data management is unavoidable for contracting. A separate documentation is made about considering interests. Representor can ask information about how to reach it from Controller.

 

8.3. Scope of data management:

 

The representing person’s:

- surname,

- first name,

- e-mail address,

- telephone number,

 

The represented company’s:

- type,

- name,

- postal address,

- billing address,

- VAT number, VAT registration number.

 

Furthermore, data of purchasing:

- indication of product(s) ordered,

- price of product(s),

- delivery method,

- payment method,

- other information User might have provided in order to accomplish order,

- time of order,

- time of payment.

 

8.4. Source of data: normally the User. In case it is not the Representor itself, who gives data but someone else from the Partner Organization, the source of data is the Partner Organization. Controller takes over Representor’s data in the legal interest of the Partner Organization. It is the Partner Organization’s duty to notify Representor about data processing: handing over Representor’s data to Controller.

 

8.5. Purpose of data management: to sign and fulfil a contract resulting from an order for Users who represent companies.

 

8.6. Duration of data management: in order to fulfil orders, Controller handles information mentioned above until it is prescribed by the Act on Accounting (Számviteli Törvény) about keeping certificates. According to the Act on Accounting (Számviteli Törvény), this period is at least 8 years after making out an invoice, after passing this deadline, Controller deletes data within one year. During delivery - through which order is fulfilled - processing of necessary data (name, address of delivery, telephone number) lasts until the delivery is accomplished. When Controller forwards personal information to delivery company exclusively necessary for delivery, uses processing limitation, so data forwarded can be used only to a limited extent and time. It is the rightful interest of delivery company to store above mentioned data or some parts of them for a certain period, in case of possible discontent, complaints or civil legal disputes. However, delivery company does this as independent Controller, User may read about this in specific service provider’s privacy policy. User can get more information about such service providers in chapter “Using a Processor” of present policy, where their websites containing their privacy policy is indicated as well. Other data possibly processed during ordering – e.g. important messages between User and Controller about orders – are processed by Controller for 5 years after contracting – general term of limitation concerning civil demands.

 

8.7. Method of data storage: On separate processing list within the Controller’s information technology system, and on accounting documents that correspond to related laws about keeping bills for certain periods of time.

 

9. Data processing concerning refunds

 

9.1. In case of money refund when User paid by credit card or by any other online payment ways through paying services User can get back the paid amount of money through the given means of payment or paying service that was originally used. In case User paid by bank transfer or asks refund this way then Controller pays back the amount of money by bank transfer.

 

9.2. Concerned parties in data management: User who placed the order and affected by money refund.

 

9.3. Legal basis of processing: according to GDPR Article 6 paragraph 1, point (c) in compliance with legal obligation of the Controller.

 

9.4. Scope of data handled: - order ID, - the sum to be refunded, - legal title of refund, - User’s name, 10 - bank account number in case User paid by bank transfer or wants the money back by bank transfer.

 

9.5. Goal of processing: in case it is on a warranty, a right of withdrawal or a guarantee proceeding, the goal is to fulfil their duty in accordance with Act V of 2013 on the Civil Code (Polgári Törvénykönyvről szóló 2013. évi V. törvény)’, ’Government Decree 45/2014 (II 26) Article 23, Paragraph 1 on Detailed Rules of Contracts between Customers and Business (a fogyasztó és a vállalkozás közötti szerződések részletes szabályairól szóló 45/2014. (II. 26.) Korm. rendelet)’ or ’Government Decree 151/2003. (IX.22.) Article 5, Paragraph 5,6,7 on compulsary warranty on certain consumer durables’ (az egyes tartós fogyasztási cikkekre vonatkozó kötelező jótállásról szóló 151/2003. (IX. 22.) Korm. rendelet 5. § (5), (6), illetve (7) bekezdés)’ depending on the legal title.

 

9.6. Duration of processing: in order to refund, Controller handles information mentioned above until it is prescribed by the Act on Accounting (Számviteli Törvény) about keeping certificates. According to the Act on Accounting (Számviteli Törvény), this period is at least 8 years after making out an invoice, after passing this deadline, Controller deletes data within one year. The circle of handled data is mainly data which is included in the sales such as name, address, data relating to product concerned with refund, the sum to be refunded). Other data - that are not subject to the accounting documents - possibly processed during ordering (e.g. important messages between User and Controller about orders) is processed by Controller for 5 years after contracting – general term of limitation concerning civil demands. The interruption of the limitation period shall prolong the processing period until the new date of limitation.

 

9.7. Method of data storage: on a list of data-processing kept separately on Controller’s IT system and also data that is necessary for maintaining proper accounting is kept on accounting documents in order to fulfil its obligation of retention of supporting documents provided by Accounting Act.

 

10. Data processing related to the preservation of accounting document

 

10.1. Data subjects involved in the processing: Users placing orders on the website.

 

10.2. Legal basis of processing: according to GDPR Article 6 paragraph 1, point (c) in compliance with legal obligation of the Processor.

 

10.3. Scope of data management:

 

The User (Customer):

- name,

- billing address,

- address of delivery,

- telephone number,

- e-mail address,

- indication of product(s) ordered,

- price of product(s) ordered,

- delivery method,

- payment method,

- other information User might have provided in order to accomplish order,

- time of order,

- time of payment.

 

10.4. Purpose of data management: Article 169 of the VAT Act and Article 169 (2) of the Accounting Act to issue an invoice and to fulfil the obligations regarding the preservation of accounting documents

 

10.5. Duration of data management: Processor handles information mentioned above until it is prescribed by the Act on Accounting (Számviteli Törvény) about keeping certificates. According to the Act on Accounting (Számviteli Törvény), this period is at least 8 years after making out an invoice, after passing this deadline, Processor deletes data within one year. This scope primarily includes the data on the invoices (name, address, data relating to the ordered product and the payment of its price), and as part of the contractual documentation, the additional data included in the orders and confirmations also fall under the concept of accounting documents.

 

10.6. Method of data storage: On separate data line within the Processor’s information technology system, and on accounting documents that correspond to related laws about keeping bills for certain periods of time.

 

11. Data processing related to consumer complaints

 

11.1. Data subjects involved in the processing: Users reporting consumer complaints.

 

11.2. Legal basis of processing: according to GDPR Article 6 paragraph 1, point (c) in compliance with legal obligation of the Controller; concerning the Data Processor in relation to the handling of complaints, fulfilment of legal obligations specified in Article 17/A of the Consumer Protection Act.

 

11.3. Scope of data management:

 

The complaining User:

- surname,

- first name,

- address,

- place, time and way of proposing the complaint,

- a detailed description of his/her complaint,

- presented by the User in the complaint; all personal data that the User brings to the attention of the Data Controller in connection with his/her complaint,

- personal data contained in documents, files and other evidence that may be presented by the User,

- the place and time of taking the record of the complaint,

- in the case of a written complaint, the User's signature,

- in the case of a complaint sent by e-mail, the e-mail address of the User,

- in the case of a verbal complaint communicated by telephone or using other electronic communication services, the unique identification number of the complaint and the User's telephone number,

- possibly the identifier of the order or other transaction affected by the complaint and the information regarding its fulfilment. Telephone calls are not recorded by the Data Processor.

 

11.4. Source of data: User provides the data to Data Processor in his/her complaint. The investigation of the complaint may also require the processing of data related to the User's previous order placed with the Data Controller. The Data Processor does not obtain the User's data from other (external) sources.

 

11.5. Purpose of data processing: investigation and response to the complaint submitted by the User; fulfilment of the Data Processor’s legal obligations contained in Article 17/A of the Consumer Protection Act. The purpose of processing the User's personal identification data is to identify the User, which is necessary to investigate and respond to their complaint. Information containing personal data presented in the User's complaint, as well as the data of the previous order possibly involved in the complaint, will be used for the substantive investigation and response to the complaint, if they are necessary for all of this The User's name and address will be used to address the mail, in case the record of the complaint or the response to the complaint is sent in writing by the Data Processor by post. The User's name and e-mail address may be used to communicate via electronic mail (if this is necessary to investigate the complaint) and to respond to User’s complaint by e-mail.

 

11.6. Duration of data processing: According to Article 17/A of the Consumer Protection Act, Data Processor shall keep the record of the complaint, or, in the case of a written complaint, the submitted document and the response to the complaint for three years, after which it shall be destroyed. If the submitted claim is not considered a complaint, the Data Processor will delete the data one month after the end of the communication related to the claim. If the notification is not considered a complaint, but refers to a specific transaction related to the performance of the Data Processor and has relevant content to that, in that case, the Data Processor will process the claims arising from the contractual relationship until the expiry of the statute of limitations - which is usually 5 years from the date the claim became due - on the basis of its legitimate economic interest, after which Data Processor will delete the data.

 

11.7. Method of data storage: In a separate data file in the IT system of the Data Processor, possibly on paper depending on the method of submission, in the record of the complaint, as well as in the document containing the response to the complaint.

 

12. Forwarding data

 

12.1. Scope of concerned: Users choosing online payment after shopping at website, regardless of using other services.  

 

12.2. Addressee of data forwarding:

 

PayPal (Europe) S.a.r.l. et Cie, S.C.A.

Cégjegyzékszám: B118349

Adószám: LU 22046007

Székhely: 22-24, Boulevard Royal, 2449 Luxembourg, Luxembourg

Postacím: 22-24, Boulevard Royal, 2449 Luxembourg, Luxembourg

E-mail: dpo@paypal.com

Webhely: https://www.paypal.com/hu/home

 

as service provider company of online payment service available at Controller’s website.

 

12.3. Legal basis of data forwarding:

 

User’s legitimate interest based on GDPR Article 6, Paragraph (1), Point a). Recipient is obliged to run a fraud prevention and scout system in connection with offering payment services and has the right to handle personal data that is necessary for these. Recipient has developed its system regarding to legal obligations, for its operation data forwarding by Controller is necessary. Accordingly, to this it is Recipient’s legitimate interest to run a fraud prevention and scout system to meet its legal obligations. Recipient falls under the following provisions: - Act CCXXXVII of 2013 165. § (5) Paragraph on Credit Institutions and Financial Enterprises (a hitelintézetekről és a pénzügyi vállalkozásokról szóló 2013. évi CCXXXVII. törvény 165. § (5) bekezdése), - Act CCXXXV of 2013 92/A. § (3) Paragraph Point f) on some payment services (az egyes fizetési szolgáltatókról szóló 2013. évi CCXXXV. törvény 92/A. § (3) bekezdés f) pontja), - Act LXXXV of 2009 14. § (1) Paragraph Point v) on providing payment services (a pénzforgalmi szolgáltatás nyújtásáról szóló 2009. évi LXXXV. törvény 14. § (1) bekezdés v) pontja). Fraud prevention and providing proper operation of online services are both Controller’s and Recipient’s legitimate interest. Both organisations’ main source of revenue connects to proper operation of payment services. Nevertheless, these are User’s interests as well, in particular to avoid abuse of bank card data. Data forwarding allows preventing and detecting frauds and troubleshooting of possible stumbling block that might appears during the process of payment. Forwarded data comes from User’s data handled during booking/ordering and these data are forwarded through electronic channels which ensure encrypted data traffic solely for Recipient and only after payment is done and which are 15 not used for any other purposes by Recipient. Therefore, data forwarding puts no significant risk on User, it has no other visible effect on them. Forwarding data is necessary for reaching goals described here and is suitable for making payment services safer. In view of the above and taking the built-in guarantee operations into account, forwarding does not mean unreasonable degree encroachment into Users’ personal lives, therefore data forwarding is a necessary and proportional data processing operation. A separate documentation is made about considering interests. Representor can ask information about how to reach it from Controller.

 

12.4. Scope of data forwarding:

- products placed into the cart during shopping and shopping data of the cart (prices, expenses),

- surname,

- first name,

- e-mail address,

- address,

- unique identifier of the transaction.

 

Bank card data given during payment is directly provided for payment service provider, so Controller does not gain access to them.

 

12.5. Goal of forwarding data: Operating and managing online payment service appropriately, confirmation of transactions, operating fraud-monitoring to protect users’ interests. This is a system to reveal frauds related to online payment, supporting the control of bank transactions – and providing help through customer support service.

 

12.6. To learn more about data management and further circumstances of data management – among others: legal basis, purpose, scope of handled data and duration of data management - implemented by PayPal (Europe) S.à rl et Cie, S.C.A., User can find out more at https://www.paypal.com/hu/webapps/mpp/ua/privacy-full . 12.7. Controller does not forward information to third parties for business or marketing purposes.

 

12.8. Controller forwards information only to official bodies in accordance with legal requirements beyond the above mentioned cases.

 

13. Using data processing Controller draws on the following businesses to process data.

 

13.1. Storage space service provider

 

13.1.1. Data subjects involved in the processing: Users visiting website, regardless of using services.

 

13.1.2. Controller uses

 

Wix.com Inc.

Tax number: (EU VAT ID) - EU442008451

Headquarters: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA

Postal address: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA

Telephone: +1 415 358 0857

E-mail: abuse@wix.com

Website: https://www.wix.com/

 

as website storage place provider (Data Processor hereafter).

 

13.1.3. Defining the scope of data involved in data processing: this potentially relates to all information mentioned in present policy, the specific data circle is defined by functions used by User according to the above chapters of specific data managements.

 

13.1.4. Purpose of using data processor: To ensure functioning of website in an information technological way by using electronical host and software that is necessary for it.

 

13.1.5. Duration of data processing: It correlates with processing periods indicated in this policy for processing with various objectives.

 

13.1.6. Method of data processing: it is done electronically; processing data exclusively means to provide storage space and functionality of the software that is necessary for the operation of website in an information technological way.

 

13.2. Data processing in relation with sending newsletters

 

13.2.1. Data subjects involved in the processing: Users subscribing to newsletters, regardless of whether they use any other services.

 

13.2.2. Controller uses services of Wix.com Inc. Tax number: (EU VAT ID) - EU442008451 Headquarters: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA Postal address: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA Telephone: +1 415 358 0857 E-mail: abuse@wix.com Website: https://www.wix.com/ as company that has developed and operates the newsletter sending software that is used by Controller (Data Processor hereafter).

 

13.2.3. Defining the scope of data involved in data processing: User’s name and e-mail address who subscribed for receiving newsletters.

 

13.2.4. Purpose of using data processor: to provide information technological conditions for sending newsletters by Controller, in processing apparent through technical operations necessary for operating the software safely.

 

13.2.5. Duration of processing: Controller handles information until User’s cancellation of consent (User unsubscribes), or until deleting data based on User’s request.

 

13.2.6. Method of data processing: processing data exclusively refers to technical operations to manage software about sending newsletters in an information technological way.

 

13.3. Data procession in connection with the software and host of electronical mails.

 

13.3.1. Data subjects involved in the processing: those who are marked in present notice, those with whom Data Processor keeps contact via electrical mails.

 

13.3.2. Controller uses

 

Google Ireland Ltd.

Business registration: 11603307

Tax number: IE 6388047V

Residence: Gordon House, Barrow Street, Dublin 4, Ireland

Postal address: Gordon House, Barrow Street, Dublin 4, Ireland

Telephone: +353 1 436 1000

Website: https://www.google.ie/

 

As Data Processor which is the developer and maintainer of the service provider of host and developer of software used for electrical mails. (Data Processor hereafter)

 

13.3.3. Defining the scope of data involved in data processing: first of all, the name and e-mail address of those concerned, secondly further data of those concerned that has been sent in electrical mails.

 

13.3.4. Purpose of using data processor: to ensure functioning electrical mails.

 

13.3.5. Duration of data processing: in case contracting does not follow message exchanges, it will last until deleting electronical mails, Controller deletes mails after the end of message exchanges during correspondence. In case contracting follows message exchanges and the content of the messages are important in terms of contract, in order to fulfil orders, Controller handles information mentioned above until it is prescribed by the Act on Accounting (Számviteli Törvény) about keeping certificates. According to the Act on Accounting (Számviteli Törvény), this period is at least 8 years after making out an invoice, after passing this deadline, Controller deletes data within one year. Other data possibly processed during contracting – e.g. important messages between User and Controller about orders – are processed by Controller for 5 years after contracting – general term of limitation concerning civil demands. In case of interruption of limitation, the duration of data management is extended until the new date of limitation. Messages are stored in a software environment provided by Controller during retention time, therefore data management exists during this period.

 

13.3.6. Method of data processing: Messages are stored in a software environment provided by Controller during retention time, therefore data management exists during this period.

 

13.4. Data processing related to delivery company

 

13.4.1. Data subjects involved in the processing: Users placing an order and asking for delivery.

 

13.4.2. Controller uses services of

 

GLS General Logistics Systems Hungary Csomag-Logisztikai Korlátolt Felelősségű Társaság (GLS General Logistics Systems Hungary Parcel Logistics Company Limited GLS General Logistics Systems Hungary Co.Ltd.)

Short name: GLS General Logistics Systems Hungary Kft.

Corporate registration number: 13-09-111755

Tax number: 12369410-2-44

Headquarters: 2351 Alsónémedi, GLS 2 Európa Street, Hungary (Magyarország, 2351 Alsónémedi, GLS Európa u. 2.)

Postal address: 2351 Alsónémedi, GLS 2 Európa Street, Hungary (Magyarország, 2351 Alsónémedi, GLS Európa u. 2.)

Telephone: +36 29 886 670

Fax: +36 29 886 610

E-mail: info@gls-hungary.com

Website: https://gls-group.eu/HU/hu/home/

 

as delivery company that delivers ordered products and also

 

Magyar Posta Zártkörűen Működő Részvénytársaság (Magyar Posta Private Limited Company)

Short name: Magyar Posta Zrt.

Corporate registration number: 01-10-042463

Tax number: 10901232-2-44

Headquarters: 2-6. Dunavirág Street, Budapest 1138, Hungary (Magyarország, 1138 Budapest, Dunavirág u. 2-6.)

Postal address: 1540 Budapest, Hungary

Telephone: +36 1 767 8282

Fax: +36 46 320 136 20

E-mail: ugyfelszolgalat@posta.hu

Website: https://posta.hu

 

as delivery company that delivers ordered products and also

 

UPS Magyarország Szállítmányozó Korlátolt Felelősségű Társaság (UPS Magyarország Shipping Limited Liability Company)

Short name: UPS Magyarország Kft.

Corporate registration number: 13-09-139285

Tax number: 22776082-2-13

Headquarters: 154 Lőrinci Road, Airport City Logistic Park G. building, Vecsés 2220, Hungary (Magyarország, 2220 Vecsés, Lőrinci út 154. Airport City Logistic Park G. ép.)

Postal address: 154 Lőrinci Road, Airport City Logistic Park G. building, Vecsés 2220, Hungary (Magyarország, 2220 Vecsés, Lőrinci út 154. Airport City Logistic Park G. ép.)

Telephone: +36 1 877 0000

Fax: +36 1 877 0115

E-mail: upssaleshun@ups.com

Website: https://www.ups.com/hu/en/Home.page

 

as delivery company that delivers ordered products and also,

 

TNT Express Hungary Korlátotl Felelősségű Társaság (TNT Express Hungary Limited Liability Company)

Short name: TNT Express Hungary Kft.

Corporate registration number: 01-09-068137

Tax number: 10376166-2-44 Headquarters: Logistic Centre II, Budapest 1185 - Building 283., Office Building BUD International Airport, Hungary (Magyarország, 1185 Budapest II. Logisztikai központ – Irodaépület, BUD Nemzetközi Repülőtér 283. ép)

Postal address: Logistic Centre II, Budapest 1185 - Building 283., Office Building BUD International Airport, Hungary (Magyarország,1185 Budapest II. Logisztikai központ – Irodaépület, BUD Nemzetközi Repülőtér 283. ép)

Telephone: +36 29 886 670

Fax: +36 1 432 7117

E-mail: huheadoffice@tnt.com

Website: https://www.tnt.com/

 

as delivery company that delivers ordered products and also,

 

DPD Hungária Futárpostai, Csomagküldő Szolgáltató Korlátolt Felelősségű Társaság (DPD Hungária Courier and Parcel Service Provider Limited Liability Company)

Short name: DPD Hungária Kft.

Corporate registration number: 01-09-888141

Tax number: 13034283-2-41

Headquarters: 2nd floor, Building A, 33 Váci Street, Budapest 1134, Hungary (1134 Budapest, Váci út 33. A épület 2. em.)

Postal address: 2nd floor, Building A, 33 Váci Street, Budapest 1134, Hungary (1134 Budapest, Váci út 33. A épület 2. em.)

Telephone: +36 1 501 6200

E-mail: dpd@dpd.hu

Website: https://www.dpd.com/hu/

 

as delivery company that delivers ordered products, and also

 

FedEx Express International B.V.

Corporate registration number: 65939859

Headquarters: Taurusavenue 111, 2132 LS Hoofddorp, Netherlands

Postal address: Budapest, BUD International Airport, Logistic Center No. II, 1185

Telephone: +36 80 980 980

Website: https://www.fedex.com/

 

as delivery company that delivers ordered products (together called as Processors in the followings).

 

13.4.3. Defining the scope of data involved in data processing: in order to fulfil the contractual obligation (performing delivery) that comes from User’s order, data management affects the following data:

- surname

- first name

- e-mail address

- telephone number

- address of delivery.

 

13.4.4. Purpose of using data processor: In order to fulfil the contract made when User places an order, the goal is to deliver the ordered product to an address indicated by User, checking delivery address and time if necessary on the phone.

 

13.4.5. Duration of processing: until the time of delivering and handing over the product.

 

13.4.6. Method of data procession: it affects only those data management operations that are necessary to fulfil delivering and handing over the product.

 

13.5. Data procession related to giving invoices

 

13.5.1. Data subjects involved in the processing: Users making an order on the website, regardless of using other services of the website.

 

13.5.2. Controller makes use of the following company as data manager

 

KBOSS.hu Korlátolt Felelősségű Társaság (KBOSS.hu Limited Liability Company)

Short name: KBOSS.hu Kft.

Registration number: 01-09-303201

Tax number: 13421739-2-41

Headquarters : 7 Záhony Street, Budapest 1031 Hungary (1031 Budapest, Záhony utca 7.)

Telephone: +36 30 3544 789

E-mail: info@szamlazz.hu

Website: https://www.szamlazz.hu/

 

that has developed and operates the invoicing software that is used by Controller (Data Processor hereafter).

 

13.5.3. Defining the scope of data involved in data processing: data processing affects the name and address of those who order and also the name of the ordered item(s) and/or service(s), time of purchasing, the price and invoices about any other fees.

 

13.5.4. Purpose of using data processor: Using the software for billing, maintaining its availability and operating.

 

13.5.5. Duration of data processing: Controller handles information mentioned above until it is prescribed by the Act on Accounting (Számviteli Törvény) about keeping certificates, which is 8 years after releasing the invoice.

 

13.5.6. Method of processing: Data processing solely means technical operations necessary for providing availability and IT operation of the software used for releasing the invoice.

 

13.6. Data processing related to accounting services

 

13.6.1. Data subjects involved in the processing: Users making an order.

 

13.6.2. Controller makes use of the following company as data processor

 

Damina Anikó e. v. (Damina Anikó individual entrepreneur)

Registration number: 27079091

Tax number: 65768136143

Headquarters: „A” Building, 5, Mókus Street, Budapest 1213, Hungary (Magyarország, 1213 Budapest, Mókus út 5. A ép.)

Postal address: „A” Building, 5, Mókus Street, Budapest 1213, Hungary (Magyarország, 1213 Budapest, Mókus út 5. A ép.)

 

As the accountant of Controller’s economic performances (Data processor hereafter).

 

13.6.3. Defining the scope of data involved in data processing: data processing affects the name and address of the person who orders, and also the name of the ordered item(s), time of purchasing, the price and other fees that might be contained in the invoice.

 

13.6.4. Purpose of using data processor: To meet accounting obligations required by the applicable legislation in connection with Controller’s economic activities by using the services of above-named Data processor

 

13.6.5. Duration of data processing: up to the time arising out of Accounting Law which gives the period invoices are obliged to keep - the year that follows the 8th year period after the date of issue of the invoice.

 

13.6.6. Method of data processing: Data processing solely means work carried out to meet accounting obligations and control which happens through handling data on paper data carried and in software.

 

13.7. Data processing related to administrative tasks

 

13.7.1. Data subjects involved in the processing: Users placing the order.

 

13.7.2. Data Controller uses

 

Siposné Mehlhoffer Szonja Nóra e. v. (Siposné Mehlhoffer Szonja Nóra individual entrepreneur)

Registration number: 54569452

Tax number: 55830704127

Headquarters: 15, Kápolnásnyék 2475 Hungary (Magyarország, 2475 Kápolnásnyék, Bem u. 15.)

Postal address: 15, Kápolnásnyék 2475 Hungary (Magyarország, 2475 Kápolnásnyék, Bem u. 15.)

E-mail: szonjasolutions@gmail.com

 

individual entrepreneur, as a Data Processor to perform administrative tasks related to the preparation of invoicing and the organization of delivery (hereinafter: Data Processor).

 

13.7.3. Defining the scope of data involved in data processing: the data processing affects the name, address and telephone number of the User who placed the order, as well as the designation of the ordered product(s), the date of purchase and the purchase price and any other fees included in the receipts, as well as additional data related to the fulfilment of the order.

 

13.7.4. The purpose of using data processor: preparation for the fulfilment of the accounting obligations required by law regarding the economic activity carried out by the Data Controller, as well as the organization of delivery by using the services of the above Data Processor.

 

13.7.5. Duration of data processing: during the use of the data processor, at most for the periods specified in the chapter on orders (chapters 7 and 8).

 

13.7.6. Method of data processing: the processing of the data only means the operations necessary for the fulfilment and control of accounting obligations, which are carried out by the data processor by managing paper data carriers and digital data managed in software, and by performing the administrative tasks necessary to organize the delivery. The organization of the delivery is carried out exclusively via IT by Data Processor

 

13.8. Addressing-related data processing

 

13.8.1. Data subjects involved in the processing: Users placing orders on the website.

 

13.8.2. The data controller uses

 

BÚTOR-TRIÓ Termelő, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (Bútor-Trió Production, Trade and Service Limited Liability Company)

Short name: BÚTOR-TRIÓ Kft.

Registration number: 13-09-082486

Tax number: 11859114-2-13

Headquarters: Magyarország, 2040 Budaörs, 10314. hrsz. (Kaktusz utca)

Postal address: Magyarország, 2040 Budaörs, 10314. hrsz. (Kaktusz utca)

Telephone: +36 30 274 8610

E-mail: butortrio@butortrio.t-online.hu

Website: http://www.butortrio.hu/

 

Business Company as Data Processor to package, address, and deliver the ordered product to a delivery company (hereinafter: Data Processor).

 

13.8.3. Defining the scope of data involved in data processing: data processing affects the name, delivery address, billing address and telephone number of the User who ordered the product.

 

13.8.4. Purpose of using data processor: Addressing the package (product) sent by the Data Controller to the User and handing it over to the delivery company.

 

13.8.5. Duration of data processing: The data controller manages the data until 5 years from the conclusion of the contract - the general limitation period applicable to civil law claims - have passed.

 

13.8.6. Method of data processing: The processing of data only means the operations necessary to complete the delivery of the product to the User.

 

13.9. Controller makes use no other Data processors apart from those described above or those mentioned in document of ‘Information about using cookies’.

 

13.10.Controller enters into data processing contracts with mandatory content with data processors used by Controller in order to comply with relevant legislation and to guarantee an adequate level of data security.

 

14. Data protection, data safety

 

14.1. Controller assures the safety of data and through technical and organizational actions, as well as internal rules of procedure ensures that laws and other data and secret protection rules are kept. Controller protects data especially against illegal access, change, forwarding, making public, deletion or effacement of data, moreover, it protects against accidental effacement and damage, as well as inaccessibility of data as a result of change in applied technology.

 

14.2. Data related to measuring number of visitors of the website and habits describing use of website are handled in Controller’s information technological system in a way that prevents Controller to link data to anyone, right from the beginning.

 

14.3. Processing takes place to reach articulated and legal goals described in present policy to a necessary and proportional degree, based on relevant laws and recommendations, keeping appropriate safety measures.

 

14.4. In order to achieve these, Controller uses “https” protocol to reach the website, through which web communication can be encrypted and individually identifiable. Controller stores information in encrypted data stocks on separate lists insulated from each other based on processing goals to which certain Controller employees – performing tasks indicated in present policy – have access to, who have to protect data and it is their responsibility to handle this policy and relevant laws in an appropriate manner.

 

15. User’s rights concerning data management

 

15.1. Right to access: Controller gives information for User’s request about data being handled by itself and by Data Processor, their sources, goals of data processing, its legal basis, period, name and address of Data Processor, its activities related to data processing, consequences and effects of a possible data protection incident and actions done in order to avoid such cases, furthermore, 27 in case of forwarding concerned person’s personal data, about the legal basis and addressee of data forwarding. Controller provides information without any unreasonable delay, within maximum one month after the arrival of the request. Within the framework of the right to access, Controller provides User with a copy of personal data involved in processing, within maximum one month after the arrival of the request. For further demands from User, Controller calculates a reasonable fee based on administrative costs (see Chapter 16).

 

15.2. Right to portability of data: User has the right to get personal data about themselves in an articulate, widely used format, readable on devices, furthermore, has the right to forward these pieces of information to another Controller without the obstruction of Controller that has User’s data according to User’s consent, if: a) processing is based on User’s consent or contract; and b) processing is automatized. Practising the right to portability of data, User has the right – if it is technically practicable – to ask Controllers to forward information between each other directly.

 

15.3. Right to correction: User has the right to ask for correction of their data, which Controller fulfils without any unreasonable delay, within maximum one month after the arrival of the request. Considering the goal of processing, User has the right to ask for completing their missing personal data – for example through an additional declaration.

 

15.4. Right to limitation of processing: Controller marks personal data in order to limit processing. User may ask for such limitation if one of the following cases occur: a) User disputes accuracy of personal data, in this case limitation exceeds for the period that enables Controller to check the accuracy of personal data; b) processing is illegal, and User objects against deleting their data and asks for limitation of use; c) Controller does not need personal data for processing, however, concerned party lays claim to them in order to propose, realize or protect legal demands; or d) User has objected to legal processing done by Controller; in such cases limitation exceeds over a period in which it becomes clear whether Controller’s legal interests dominate over concerned party’s legal interests.

 

15.5. Right to cancellation (right to “effacing”): Controller deletes information if: a) personal data is no longer needed for reasons they were recorded, or were handled differently; b) User withdraws their consent to processing, and there are no other legal bases for it; c) User objects to processing and there are no prior rightful reasons for processing, or User objects to processing with direct sales objectives; d) personal data was handled illegally; e) personal data must be deleted to fulfil legal obligations claimed by European Union or member state laws; f) User requests deletion or objects to processing, and data was recorded to offer services related to information technological society directly to children. If Controller made personal data public – and according to cases mentioned above – has to erase them and must take reasonable steps, including technical ones – considering technology available and costs of realization – in order to inform Controllers involved about User requesting their personal data and the links referring to them or copies of personal data to be deleted.

 

15.6. Obligation of noticing: Controller informs User and all Controllers that are provided with information about the correction, limitation and deletion. Notification might be neglected if it seems to be impossible, or requires unreasonable efforts. Controller informs User on demand about these addressees.

 

15.7. Right to objection: User has the right to object to their data being managed rightfully by Controller at any time because of personal reasons. In such cases, Controller cannot handle personal information any longer, except when Controller proves that there are obligatory rightful reasons for processing, having priority over concerned person’s interests, rights and freedoms, or reasons that are related to proposal, enforcement or defence of legal demands.

 

16. Fulfilling of User’s requests

 

16.1. Controller offers notification and taking actions for free, as described in Point 15. If User’s request is obviously unfounded, or – especially for its repeated nature – exaggerated, Controller a) might charge a reasonable price, or b) might deny taking actions based on request, considering data requested, or administrative costs of measures to be taken to fulfil request. 

 

16.2. Controller informs User without any unreasonable delay, but maximum one month after receiving the request about actions that has been taken, including issuing copies of data. If necessary, considering the complexity of request and numbers of requests this deadline can be made longer with additional two months. Controller informs User about elongation of deadline together with indicating reasons of delay within one month after receiving the request. If concerned User sends their request electronically, Controller provides information electronically, except when concerned User asks for it in a different way.

 

16.3. If Controller does not take any steps as reaction to User’s request, without delay but within maximum of one month after receiving the request, Controller informs User about reasons why there have been no actions taken, and about the possibility of filing a complaint at Authority mentioned in Point 17 and can have the right to legal remedy described there as well.

 

16.4. User can hand in their request to Controller in any way that identifies them. Identifying Users who hand in a request is necessary because Controller can deal with only those requests that are entitled. If Controller has justified doubts about the identity of natural person handing in a request it can ask for other pieces of information to assure the identity of concerned User.

 

16.5. User can send their requests to Controller to the address

 

41 Jerney Street, 3rd floor 12, Budapest 1148 Hungary (Magyarország, 1148 Budapest, Jerney utca 41. 3. em. 12. ajtó)

 

or to the e-mail address info@mybettershelf.com

 

Controller considers requests sent in e-mail genuine only if it was sent from an e-mail address registered at Controller’s database. However, using another e-mail address does not mean disregard of such requests. Time of receiving e-mails is the first day after the e-mail was sent.

 

17. Prosecution of rights Concerned parties may practice their prosecution of rights in front of a jury and also can turn to the

 

National Authority for Data Protection and Freedom of Information: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)

Address: 9-11. Falk Miksa Street, Budapest 1055, Hungary (Magyarország, 1055 Budapest, Falk Miksa utca 9-11.)

Postal address: P.O. Box 9 Budapest 1363, Hungary (Magyarország 1363 Budapest, pf.: 9.) 30

Telephone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu/

 

In case choosing a process involving a courthouse, the lawsuit – based on concerned User’s choice – can be initiated at the courthouse in concerned person’s residence or place of stay, as courthouses are competent in confiscation of such a lawsuit.

 

Updated: February 24, 2023

Mybettershelf Kft

bottom of page