Privacy policy

INTRODUCTION

Zita Haklik EV. tax number: 55614232127, head office’s address: Rigo street 71 , HU-8000 Szekesfehervar, address:, Rigo street 71, HU-8000 Szekesfehervar, e-mail: zita@babushka.jdstg.link  , telephone: +36302205607  (hereinafter referred to as “Service Provider, Data Controller“) will submit the following information.

REGULATION (EEC) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 2016) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 27.), the following information is provided.

This Privacy Policy describes the data management of the following websites: www.babushkajewelry.com and above the content specification.

Amendments to these Rules will enter into force with publication at the above address.

THE DATA MANAGER AND AVAILABILITY:

Name: Zita Haklik

Head office: Rigo street 71, HU-8000 Szekesfehervar

E-mail: zita@babushka.jdstg.link

Phone: +36302205607

DEFINITION OF DEFINITIONS

  1. “personal data” means any information relating to an identified or identifiable natural person (“concerned”); a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified;
  2. “data management” means any operation or operation of automated or non-automated personal data or data files, such as collecting, capturing, rendering, rendering, storing, modifying or modifying, querying, inspecting, using, communicating, disseminating or making available by other means, alignment or interconnection, restriction, deletion or destruction;
  3. “data controller” means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by Union or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law;
  4. “data processor” means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
  5. “consignee” means a natural or legal person, a public authority, agency or any other body with whom or with which personal data is communicated, whether or not it is a third party. Public authorities which have access to personal data in an individual investigation in accordance with Union or national law shall not be considered recipients; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
  6. “consent of the party concerned” means a voluntary, concrete and appropriate and informed and explicit statement of the will of the person concerned by which he or she indicates the statement in question or a statement that expresses his / her affirmation by means of an unambiguous expression of his consent to the processing of his personal data;
  7. “privacy incident” means any breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise treated.

PRIVACY POLICY

PRINCIPLES FOR MANAGING PERSONAL DATA

Personal information:

(a) its management shall be lawfully and fair and shall be carried out in a transparent manner (“legality, fairness and transparency”);

(b) be collected for specified, unambiguous and legitimate purposes and not treated in a manner incompatible with these purposes; in accordance with Article 89 (1), no further data handling (“end-use”) for purposes of public interest archiving for scientific and historical research purposes or for statistical purposes shall not be considered incompatible with the original purpose;

(c) they must be appropriate and relevant for the purposes of data management and should be limited to the need (“saving of data”);

(d) be accurate and, where necessary, up-to-date; all reasonable measures must be taken to correct or correct inaccurate personal data for the purposes of data management (“accuracy”);

(e) its storage must take place in a form which permits the identification of the data subjects only for the time needed to manage the personal data; the retention of personal data may only take place if the personal data are processed in accordance with Article 89 (1) for public interest archiving, for scientific and historical research purposes or for statistical purposes, in accordance with the rights and subject to appropriate technical and organizational measures for the protection of their freedoms (“limited storage”);

(f) be handled in such a way as to ensure adequate security of personal data, including the protection against unauthorized or unlawful handling, accidental loss, destruction or damage to data (“integrity and confidentiality”) by means of appropriate technical or organizational measures. The controller is responsible for the above, and must be able to demonstrate compliance (“accountability”).

The data controller declares that his / her data management is carried out in accordance with the principles of this section.

DATA TREATMENTS

BUYING

  1. The fact of data collection, the scope of the data being processed and the purposes of data management:
Personal Data The aim of data management
Name Authentication
Phone number Contact and reconciliation
E-mail address Contact required for sending order (information).
Message To elaborate and customize your offer required.

 

Purchase / Request Date Perform a Technical Operation.

Purchase / Request IP Address Perform a technical operation.

It is not necessary for the e-mail address to include personal data.

  1. The circle of stakeholders: the contracting entity purchasing the website and the contracting entity is all concerned.
  2. Duration of data handling, deadline for data deletion: Ends up to the concerned cancellation request. The data controller will inform the data subject electronically of the deletion of any personal data provided by the data subject by virtue of Article 19 of the GDPR. If the concerned request for cancellation also covers the e-mail address it has provided, the data administrator will also delete the email address after the information has been provided.
  3. The person who is able to access the data, the recipient of the personal data: Personal data may be handled by the authorized personnel of the data controller in accordance with this information.
  4. Describe the rights of data subjects involved in data management:
  • The data subject may apply to the data controller for access to, correction, deletion or limitation of the personal data concerning him, and
  • the data subject has the right to data storage and to withdraw the consent at any time.
  1. To access, delete, modify or restrict access to personal data, you may be concerned with the portability of data in the following ways:

– by post at Rigo street 71, HU- 8000 Szekesfehervar

– by phone at +36302205607

– by e-mail at zita@babushka.jdstg.link

  1. Legal basis for data processing: Article 6 (1) (b) GDPR.
  2. We inform you that
  • Data management is required to complete the order.
  • You must provide your personal information so that we can deliver the order.
  • Failure to provide the data results in the fact that we are unable to post your order.

CUSTOMER RELATIONS

  1. The fact of data collection, the scope of the data being processed and the purpose of data management:

Personal Data The purpose of data management

Name, e-mail address, phone number. Relationships, identification, performance of contracts, business purpose.

  1. Scope of the stakeholder: All data subjects who are in contact with the data controller by phone / e-mail / personally or contractually.
  2. Time of data handling, deadline for deletion of data: Data handling lasts for 5 years after the data controller and the legal relationship between the data subject and the claims. 4. Personal data manager authorized to access the data, personal data addressee: Personal data may be handled by the data controller’s authorized personnel, in compliance with these principles.
  3. Describe the rights of data subjects involved in data management:
  • The data subject may apply to the data controller for access to, correction, deletion or limitation of the personal data concerning him, and
  • the data subject has the right to data storage and to withdraw the consent at any time.
  1. To access, delete, modify or restrict access to personal data, you may be concerned with the portability of data in the following ways:

– by post at 8000 Szekesfehervar, Rigo street 71.,

– by phone at +36302205607

– by e-mail at zita@babushka.jdstg.link

  1. Legal basis for data processing: Article 6 (1) (b) GDPR.
  2. We inform you that
  • Data management is required to complete the order.
  • You must provide your personal information so that we can deliver the order.
  • Failure to provide the data results in the fact that we are unable to post your order.

CUSTOMER RELATIONS

  1. The fact of data collection, the scope of the data being processed and the purpose of data management:
Personal Data The aim of data management
Name, e-mail address, phone number. Relationships, identification, performance of contracts, business purpose.

 

CUSTOMER RELATIONS AND OTHER DATA MANAGEMENT

  1. If the data controller is questioned about the use of our services, he / she may have a problem with the data subject, he / she can contact the data manager in the ways provided by the website (phone, email, etc.).
  2. The data administrator shall delete the received e-mails, messages, telephone information with the name and e-mail address of the interested party and other voluntarily entered personal data within two years from the date of communication.
  3. Data management not listed in this information is provided when data are included.
  4. The Service Provider is obliged to provide information, communicate, transfer or make available documents on the basis of an exceptional authority request or authorization by law, in case of request of other bodies.
  5. In these cases, the Service Provider shall provide the Requesting Party with personal data only to the extent and to the extent necessary to achieve the purpose of the request if it has indicated the exact purpose and scope of the data.

DATA PROCESSORS

Hosting provider

  1. Activity performed by a data processor: Hosting service
  2. Name and contact information of the data processor:Zita Haklik,

tel: +36302205607 e-mail: zita@babushka.jdstg.link

  1. The fact of data handling, the scope of the data processed: All personal data provided by the data subject.
  2. The circle of stakeholders:All stakeholders using the website.
  3. Purpose of data management:To make the web site available and to operate properly.
  4. Duration of data processing and deadline for data deletion: Data management is maintained until the agreement between the data controller and the hosting service provider terminates or the request for cancellation of the data subject to the hosting service provider.
  5. The legal basis for data processingis Article 6 (1) (f) of the GDPR, and the 2001 CVIII. On certain aspects of electronic commerce services and information society services. Law 13 / A. § (3).
  6. Rights of the person concerned:
  7. You can find out about the conditions of data management,
  8. You are entitled to receive feedback from the data controller about whether your personal data is being processed or access to all information about data management.
  9. You are entitled to receive personal information about you in a machine-readable, widely used, machine-readable format.
  10. You are entitled, at your request, to correct your inaccurate personal data without undue delay.
  11. You may object to the handling of your personal information.

COOKIE-K (SÜTIK) TREATMENT

  1. The fact of the data handling, the number of data processed:

Unique identification number, dates and times

  1. Stakeholders:

The web site is visited by all stakeholders.

  1. The purpose of data management:

Identify users and track visitors.

  1. Duration of data handling, deadline for deletion of data:

Type of cookie Legal basis of data management Data management duration Handled data session Session session The 2001 CVIII., On certain issues of electronic commerce services and information society services, Law 13 / A. § (3) The period of time before the relevant visitor’s session is closed. Connect.sid

  1. Personal data manager authorized to know the data:

By using cookies, you do not manage your personal data with the data handler.

  1. Describe the rights of data subjects involved in data management:

An affected person has the option to delete cookies in the Tools / Preferences menu of browsers, usually under the Privacy menu item.

  1. Legal basis for data handling:

No consent is required if the sole purpose of the use of cookies is the communication service provided through the electronic communications network or the provision of information society services expressly requested by the subscriber or user.

THE RIGHTS OF THE INTERESTED PARTIES

  1. Right of access

You are entitled to receive feedback from the data controller about whether your personal data is being processed and, if such processing is in progress, you have the right to have access to your personal information and the information listed in the decree.

  1. Right to rectification

You are entitled to request the data controller to correct inaccurate personal information on your request without undue delay. Taking into account the purpose of data management, you are entitled to request the supplementation of incomplete personal data, including by means of a supplementary statement.

  1. Right to Cancellation

You are entitled to request the data controller to delete your personal information without undue delay, and the data controller is obliged to delete personal information about you, without undue delay, under certain conditions.

  1. The Right to Forgive

If the data controller has disclosed the personal data and is required to cancel it, taking reasonable steps, including technical measures, to take into account the cost of technology available and the costs of implementation, in order to inform the data controllers handling the data that you have applied for the personal data in question pointing links or deleting a duplicate or duplicate of these personal data.

  1. Right to Restrict Data Management

You are entitled to request that your data controller restricts your data handling if one of the following conditions is met:

  • You dispute the accuracy of your personal data; in this case, the restriction applies to the period of time that the data controller can check the accuracy of personal data;
  • Data handling is illegal and you are opposed to the deletion of data and instead asks you to restrict them;
  • The data controller no longer needs personal data for data processing, but you require them to submit, enforce, or protect legal claims;
  • You have objected to data manipulation; in this case, the restriction applies to the period in which it is established that the legitimate reasons for the data controller have priority over your legitimate reasons.
  1. Right to data storage

You are entitled to receive personal information provided by you to a data controller in a machine-readable, widely-used machine-readable format, and have the right to transmit this data to another data controller without being obstructed by the data controller whose provided personal information to you (…)

  1. Right to Protest

You are entitled to object to the handling of your personal information (…), including profiling based on these provisions, for any reason relating to your own situation.

  1. Protest against direct business acquisition

If your personal data is handled for direct business, you are entitled to protest at any time against your personal information for this purpose, including profiling, if it is related to direct business acquisition. If you object to personal data being handled for direct business purposes, your personal information can no longer be handled for that purpose.

  1. Automated decision-making in individual cases, including profiling

You are entitled to exclude from the scope of any decision based solely on automated data handling, including profiling, which would have a bearing on it or affect it significantly. The preceding paragraph shall not apply if the decision is:

  • You are required to conclude or complete a contract between you and the data controller;
  • the granting of the right to a data controller is subject to the law of the Union or of the Member States which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or
  • you are based on your explicit consent.

MEASUREMENT DEADLINE

The data controller informs you of any measures taken in response to these requests without undue delay but in any way within one month of receipt of the request. If necessary, it may be extended by 2 months. The controller will inform you about the extension of the deadline by indicating the cause of the delay within 1 month of receipt of the request. If the data controller fails to take action upon your request, he or she will notify you without delay and at the latest within one month of the receipt of the request for reasons of non-action and whether you may file a complaint with a supervisory authority and exercise its right of appeal.

The data controller and the data processor shall take appropriate technical and organizational measures to take into account the state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probability and severity of natural persons’ rights and freedoms to guarantee an adequate level of data security, including, inter alia, where appropriate:

  1. a) the pseudonymization and encryption of personal data;

(b) ensuring, maintaining, integrity, availability and resilience of the continuing confidentiality of systems and services used to manage personal data;

(c) in the case of a physical or technical incident, the ability to restore access to personal data and the availability of data in good time;

(d) the procedure for systematic testing, assessment and evaluation of the effectiveness of the technical and organizational measures taken to guarantee the security of data processing.

INFORMATION CONCERNING THE DATA PROTECTION INCIDENT

If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay. Information given to the data subject should be clearly and easily understood and the nature of the privacy incident must be disclosed and the name and contact details of the Data Protection Officer or other contact person providing additional information should be disclosed; the likely consequences of a data protection incident should be described; describe measures taken or planned by the data controller to remedy a data protection incident, including, where appropriate, measures to mitigate any adverse consequences of a data protection incident. The person concerned shall not be informed if any of the following conditions are met:

  • the data controller has implemented appropriate technical and organizational protection measures and applied these measures to the data covered by the data protection incident, in particular the measures such as the use of encryption that make it impossible for persons who are not entitled to access to personal data to be incompatible the data;
  • after the data protection incident, the data controller has taken further measures to ensure that high risk for the rights and freedoms of the person concerned is no longer likely to be realized;
  • Informing would require disproportionate efforts. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective. If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority may, after considering whether the privacy incident is likely to pose a high risk, may inform the data subject.

NOTIFICATION OF DATA PROTECTION INCIDENT TO THE AUTHORITY

The data protection incident shall be reported to the supervisory authority under Article 55 without undue delay and, if possible, no later than 72 hours after the data protection incident becomes known, unless the data protection incident is unlikely to pose a risk to the rights of natural persons and freedom. If the notification is not filed within 72 hours, the reasons for proving the delay must also be enclosed.

COMPLEMENTARY OPPORTUNITY

You can lodge a complaint against a possible infringement of the data controller with the National Data Protection and Information Authority:

National Privacy and Freedom Authority

1125 Budapest, Szilágyi Erzsébet fasor 22 / C.

Postal address: HU-1530 Budapest, Mailbox: 5.

Phone: +36 -1-391-1400 Fax: + 36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu