PRIVACY POLICY, PRIVACY NOTICE AND USER INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR THE USERS AND VISITORS OF THE WEBSITE www.kacsa-audio.hu
- INTRODUCTION
Www.kacsa-audio.hu, ’s (hereinafter referred to as: Website) owner and operator (hereinafter: Data Controller) provides the following information to You as the Data Subject of personal data processed by the Website (hereinafter: Privacy Notice) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; GDPR) and Act CXII of 2011 on Informational Self-determination and Freedom of Information (“Info Act”).
KáCsa Audió Kft. as the owner and operator of www.kacsa-audio.hu respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This Privacy Policy aims to give you information on how KáCsa Audió Kft. collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, purchase a product or service or take part in a competition or promotion.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
This Privacy Policy has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and the free movement of data, subject to Annex CXII. the content of the law on the right to information self-determination and freedom of information.
Name of data controller: KáCsa Audió Kft.
Headquarters: 1163 Budapest, Pesti határ út 4.
Showroom: 1149 Budapest, Fogarasi Út 19/E
Website address: www.kacsa-audio.hu
E-mail: bolt@kacsa-audio.hu
Telefon: +36 1 220 9100
- TERMINOLOGY
- Personal data: any information relating to an identified or identifiable natural person (data subject); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified;
- Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data
- Data subject's consent: a voluntary, specific and well-informed and unambiguous statement of the data subject's consent to indicate his or her consent to the processing of personal data concerning him or her, by means of a statement or an unequivocal statement of confirmation;
- Controller: means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
- Data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or aggregation, blocking, erasure and destruction; and prevent further use of the data, take photographs, sound or images, and record physical identifiers (eg fingerprints or palm prints, DNA samples, irises)
- Data erasure: making data unrecognizable in such a way that it is no longer possible to be recovered
- Data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data
- Data set: the totality of the data managed in one register
- Data protection incident: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.
- Recipient: any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor.
- Information society service: a service provided electronically to absentees, usually for remuneration, to which the recipient of the service has individual access
- E-commerce service: an information society service for the purpose of holding a movable movable item, including money and securities, and natural resources that can be used for that purpose, a service, real estate, property right (collectively, goods) sale, purchase, exchange or other use.
- GDPR (General Data Protection Regulation): the new Data Protection Regulation of the European Union;
- USERS:
User is both a natural person registered on this webite and a natural person who is not registered, but who uses the services of this website, places an order, is identified or - directly or indirectly - identifiable on the basis of any specific personal data.
3. PRIVACY POLICY
The data controller declares that he / she handles personal data in accordance with the provisions of the data management information and complies with the provisions of the relevant legislation, in particular with regard to the following:
The processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the data subject.
Personal data may only be collected for specified, explicit and legitimate purposes.
The purpose of the processing of personal data must be appropriate and relevant and only to the necessary extent.
Personal information must be accurate and up to date. Inaccurate personal data must be deleted immediately.
Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for a longer period only if the storage is for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes.
The processing of personal data must be carried out in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
The principles of data protection shall apply to all information concerning an identified or identifiable natural person.
4. IMPORTANT DATA MANAGEMENT INFORMATION:
- The purpose of data management is to enable the service provider / data controller to provide appropriate additional services to the persons registered on the website during the operation of the website.
- Legal basis for data processing: consent of the data subject.
- Stakeholders: registered users of the website.
- Duration of data management and deletion of data:
The duration of data management always depends on the specific user purpose, but the data must be deleted immediately if the original purpose has already been achieved. The consent of the data subject may be withdrawn at any time by the data subject by sending a letter to the contact e-mail address. If there is no legal impediment to the deletion, then your data will be deleted.
- The data controller and its employees have the right to access the data.
- The data subject may request from the controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her and may object to the processing of such personal data and to the data subject's right to data portability.
- The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out prior to the withdrawal.
- The person concerned may exercise the right to lodge a complaint with the supervisory authority.
- If the person concerned wishes to use the benefits of registration, ie to use the services of the website for this purpose, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data, and there are no adverse consequences for the non-provision of data. However, it is not possible to use certain functions of the website without registration.
- The data subject shall have the right, at the request of the controller, to correct or supplement inaccurate personal data concerning him or her without undue delay.
- The data subject shall have the right, at the request of the controller, to delete inaccurate personal data concerning him or her without undue delay, and the controller shall delete the personal data concerning him or her without undue delay, unless there are other legal grounds for processing.
- Modification or deletion of personal data can be initiated by e-mail, telephone or letter using the contact options provided above.
5. REGISTRATION ON THE WEBSITE:
- The purpose of data management: to provide additional services and contact.
- Legal basis for registration data management: your consent.
- Stakeholders: registered users of the website.
- Duration of data processing: Data processing will take place until the withdrawal of consent. You can withdraw your consent to data management at any time by sending an e-mail to the contact e-mail address.
- The data will be deleted when the consent to the data processing is revoked. You can revoke your consent to data management at any time by sending an email to your contact email address.
- The data controller and its employees have the right to access the data.
- Data storage method: electronic.
- Modification or deletion of personal data: can be initiated by e-mail, telephone or letter using the contact options provided above.
- The provision of personal data is absolutely necessary for identification in the databases and for keeping in touch. The exact company name and address are required for invoicing, which is a legal obligation.
Type of data managed | Purpose of the data |
---|---|
Name | Identification, contact |
Address | Identification, contact |
Identification, contact | |
Phone | Identification, contact |
Date of registration | Technical operational information |
IP address | Technical operational information |
You can give your consent to the data management by intentionally checking the empty checkbox on the website and specifically for this purpose.
You, as an individual concerned, may object to the processing of your personal data in this regard and are entitled to proceed in accordance with the data management information detailed above and this prospectus and the legislation described in the prospectus.
6. PLACING AN ORDER:
- The purpose of data management: to record and fulfill orders placed through the Website, to deliver the ordered products, to keep in touch with the orders, to issue an invoice, to fulfill the accounting obligation for contact and billing.
- Legal basis for data processing: your consent. In the case of invoicing, the data management is based on a legal requirement.
- Stakeholders: registered users of the website.
- Duration of the data processing: The data processing takes place until the legal regulation or the withdrawal of the consent. You can withdraw your consent to data management at any time by sending an e-mail to the contact e-mail address.
- Deletion of data: occurs when the consent to data management is revoked. You can revoke your consent to data management at any time by sending an email to your contact email address. Billing data can be deleted in accordance with legal regulations.
- The data controller and its employees have the right to access the data.
- Data storage method: electronic.
- Modification or deletion of personal data: can be initiated by e-mail, telephone or letter using the contact options provided above.
Type of data managed | Purpose of the data |
---|---|
Name | Identification, contact, billing |
Company name | Identification, contact, billing |
Address | Identification, contact, billing |
Identification, contact | |
Phone | Identification, contact |
VAT number | Identification of the customer |
Other invoice data | Identification of the invoice |
Date of issue of the invoice | Technical operational information |
7. BILLING AND INVOICING
- The purpose of data management: to write out an electronic, or e-invoice and be able to send it as an e-mail attachment.
- The legal basis for data processing: mandatory laws regarding receipt printage and billing/invoicing without exception.
- Duration of data processing: data processing will take place until the withdrawal of consent. You can withdraw your consent to data management at any time by sending an e-mail to the contact e-mail address.
- Deletion of the data: when the consent to the data processing is revoked. You can revoke your consent to data management at any time by sending an email to your contact email address. The erasure of invoicing and billing data is done pursuant to law regulations.
- The data controller and its employees both have the right to access the data.
- Data storage method: electronic.
- Modification or deletion of data can be initiated by e-mail, telephone or letter using the contact options provided above.
Type of data managed | Purpose of data management |
---|---|
Name | Identification, contact, billing |
Company name | Identification, contact, billing |
Address | Identification, contact, billing |
Identification, contact | |
Telephone | Identification, contact |
VAT number | Identification of the customer |
Other invoicing data | Identification of the invoice |
Data of issue of invoice | Technical operational information |
8. NEWSLETTER
- As the operator of the website, we declare that we fully comply with the relevant legal provisions during the information and descriptions published by us. We further declare that when subscribing to the newsletter, we are not in a position to verify the authenticity of the contact details or to establish that the information provided relates to an individual or a company. We treat companies that contact us as customer partners.
- The purpose of data management: to send professional brochures, electronic messages containing advertisements, information, newsletters, about which you can unsubscribe at any time without consequences. You can also unsubscribe without any consequences if your business has in the meantime ceased to exist, you have left the business, or someone has provided us with your contact information.
- The legal basis for data processing: your consent. We inform you that the user may consent in advance and expressly to contact the service provider with advertising offers, information and other items at the e-mail address provided during registration. As a result, the user may consent to the service provider processing the necessary personal data for this purpose.
- We would like to inform you if you want to receive a newsletter from us, you must provide the necessary information. We will not be able to send you a newsletter if you do not provide this information.
- Duration of data processing: Data processing will take place until the withdrawal of consent. You can withdraw your consent to data management at any time by sending an e-mail to the contact e-mail address.
- Deletion of the data: when the consent to the data processing is revoked. You can revoke your consent to data management at any time by sending an email to your contact email address.
- Consent can also be revoked by clicking on the link in the newsletters sent out.
- The data controller and its employees have the right to access the data.
- Data storage method: electronic.
- Modification or deletion of data can be initiated by e-mail, telephone or letter using the contact options provided above.
- The data processor used: PaprikaSoft Kft.
Type of data managed | Purpose of the data |
---|---|
Identification, contact | |
Date of registration | Technical operational information |
IP address | Technical operational information |
Please note that the e-mail address does not need to contain any personally identifiable information. For example, it is not necessary for the e-mail address to include your name. You are completely free to choose an email address that contains information about your identity. The e-mail address used to contact you is absolutely necessary for the newsletter or professional information sent to you to reach its destination.
9. PERSON ENTITLED TO DATA PROCESSING:
The personnel/legal entity authorized to process personal data is PaprikaSoft Kft. (Headquarters: 8600 Siófok, Aradi vértanúk útja 36., Company registration number: 14 09 311722, Tax number: 23457300-2-14, hereinafter: Data Processor) as a Data Processor. The personal data to be processed may be disclosed to the current legal representative (s), employees / agents / contributors of the Data Processor. The processor shall not transfer personal data to third parties unless the data subject has given his or her express consent.
Hosting provider:
Name / company name: PaprikaSoft Kft.
Headquarters: 8600 Siófok, Aradi vértanúk útja 36.
Phone: +36 20 414 0284
E-mail: office@paprikasoft.com
-The information you provide is stored on a server operated by our hosting provider. The data can only be accessed by our employees and the employees operating the server, but they are all responsible for the secure handling of the data.
- Name of the activity: hosting service, server service.
- The purpose of data management: to ensure the operation of the website.
- Data processed: personal data provided by the data subject
- Duration of the data management and deadline for deleting the data: The data management until the end of the operation of the website or according to the contractual agreement between the website operator and the hosting provider. If necessary, the person concerned may also request the deletion of his data by contacting the hosting provider.
- The legal basis for data processing: the consent of the person concerned and data processing based on law.
10. DURATION OF DATA PROCESSING:
The Data Controller handles the personal data provided on the basis of the User's consent until the purpose of the data management is realized or the User's consent is revoked. The Data Controller manages the personal data provided by the User during the registration until the termination of the use of the Website, and in particular until the cancellation of the registration.
Unless otherwise provided by law, the Data Controller
a) for the purpose of fulfilling the legal obligation applicable to it, or
b) for the enforcement of the legitimate interest of the Data Controller or a third party, if the enforcement of this interest is proportionate to the restriction of personal data protection without further consent , and after the withdrawal of the data subject's consent. / 2011 CXII. Section 6 (5) of the Act /
In order to fulfill the accounting obligations, the Data Controller has provided the personal data provided by the User for 8 years pursuant to Section 169 of Act C of 2000, and pursuant to Section XCII of 2003 on the Taxation Procedure, retained and managed within the statutory limitation period.
11. DATA TRANSMISSION AND THE LINKING OF DATA:
The Data Controller shall not sell, rent or make available in any form personal data or information about the User to any other company or individual, except for the provision of data necessary for the fulfillment of the accounting and delivery obligation.
The Data Controller shall ensure the adequate security of the data in the manner expected of it and shall take the technical and organizational measures that guarantee the enforcement of data protection rules and principles and promote the security of personal data.
The Data Controller transfers personal data to a third party or persons only with the consent of the data subject.
-DATA-PROCESSING ACTIVITIES RELATED TO THE TRANSPORT OF GOODS:
Name of the data processor: Fáma First Kft.
The registered office of the data processor: 2220 Vecsés, Almáskert út 0174/117 hrsz.
Telephone number of the data processor: +36 20/3473107
E-mail address of the data processor: info@famafutar.hu
Company registration number: 13-09-208510
VAT number: 11678526-2-13
The Data Processor participates in the delivery of the ordered goods on the basis of a written contract concluded with the Data Controller. In doing so, the Data Processor may manage the name, address and telephone number of the customer for the duration of the delivery of the ordered goods, after which it shall be deleted immediately.
For further data protection issues, the data protection policy, which can be viewed on the data processor 's website, is authoritative.
-DATA MANAGEMENTS CONNECTED TO CARD PAYMENTS:
Name of the data processor: K&H Bank Zrt.
Headquarters of the data processor: 1095 Budapest, Lechner Ödön fasor 9
Telephone number of the data processor: +36 1/20/30/70 335 3355
The e-mail address of the data processor is: bank@kh.hu
The Data Processor participates in the processing of credit card payment transactions on the website on the basis of a written contract concluded with the Data Controller. In doing so, the Data Processor shall transfer the data of the data subject to the extent necessary for the accounting records, in accordance with the provisions of the Civil Code. It shall be managed for a period of time in accordance with Section 169 (2), after which it shall be canceled immediately.
For further data protection issues, the data protection policy, which can be viewed on the data processor 's website, is authoritative.
12. COOKIES:
Cookies are placed by the websites visited on the user's computer and contain information such as page settings or login status.
Cookies are therefore small files created by the websites you visit. Saving browsing data improves the user experience. With the help of cookies, the website remembers the settings of the website and offers locally relevant content.
The website of the service provider sends a small file (cookie) to the computer of the visitors of the website in order to determine the fact and time of the visit. The service provider informs the visitor of the website about this.
The people involved in data management are the visitors of the website.
The purpose of data management is additional services, identification, and tracking of visitors.
Legal basis for data management: The user's consent is not required if the service provider absolutely needs the use of cookies.
The scope of the data: unique identification number, time, setting data.
The user has the option to delete cookies from the browsers at any time in the Settings menu.
Data controllers entitled to access the data: The data controller does not process personal data using cookies.
Data storage method: electronic.
13. SOCIAL MEDIA:
A social media is a media tool where a message is disseminated through social users. Social media uses the Internet and online publishing opportunities to move users from content recipients to content editors.
Social media is an interface for web applications that contain user-generated content, such as Facebook, Google+, Twitter, and more.
Social media appearances can be public speaking, lectures, presentations, products or services.
Social media information can take the form of forums, blog posts, images, videos, and audio, message boards, e-mail messages, and more.
As mentioned above, the scope of the managed data can be not only personal data but also the user's public profile picture.
Stakeholders: all registered users.
The purpose of data collection is to promote the website or a related website.
The legal basis for data processing is the voluntary consent of the data subject.
Duration of data management: according to the regulations that can be viewed on the given social site.
Deadline for deleting data: according to the regulations that can be viewed on the given social site.
The right to get acquainted with the data: according to the regulations that can be viewed on the given social site.
Rights related to data management: according to the regulations that can be viewed on the given social site.
Data storage method: electronic.
It is important to note that when a user uploads or submits any personal information, he or she gives the social network operator permission to store and use such content. Therefore, it is very important to make sure that the user has full authority to communicate the published information.
14. GOOGLE ANALYTICS:
KáCsa Audió and our website uses Google Analytics.
Google Analytics uses internal cookies to generate reports for its customers about the habits of users of the website.
On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it generates reports related to the activity of the website for the website operator in order to perform the additional services.
The data is stored in an encrypted format on Google’s servers to make it more difficult and prevent data misuse.
Here's how to disable Google Analytics. Quote from the page:
Website users who do not want Google Analytics to report JavaScript on their data can install the Google Analytics Disable Browser Add-on. The plugin prohibits Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most newer browsers. The Google Analytics Disable Browser Add-on does not prevent data from being sent to the site itself and other web analytics services.
https://support.google.com/analytics/answer/6004245?hl=hu
Google's Privacy Policy: https://policies.google.com/privacy?hl=en_US
Information on the use and protection of the data can be found in detail at the links above.
DATA PROTECTION IN DETAIL:
15. RIGHTS RELATED TO DATA PROCESSING
Right to request information: You can request information from us through the contact details provided, what data of our company, on what legal basis, for what kind of data management purpose, from what source, for how long has been used. Upon your request, we will send you information immediately, but within 30 days, to the e-mail contact you provided.
Right to rectification: You can ask us to change any of your details via the contact details provided. We will take action on your request immediately, but within a maximum of 30 days, and we will send you information by e-mail.
Right of cancellation: You can ask us to delete your data via the contact details provided. At your request, we will do this immediately, but within a maximum of 30 days, and we will send information to the email contact you provided.
Right to lock: You can ask us to block your data via the contact details provided. The lock lasts as long as the reason you specify requires the data to be stored. At your request, we will do this immediately, but within a maximum of 30 days, and we will send information to the email contact you provided.
Right to protest: You can object to the data management via the contact details provided. We will investigate the protest as soon as possible, but no later than 15 days from the submission of the application, we will make a decision on its merits and we will inform you about its decision by e-mail.
16. ENFORCEMENT REGARDING DATA MANAGEMENT
Should you experience unlawful or illegal data processing, please do not hesitate to contact us, so the right legal status can be restored and problems can be absolved as soon as possible.
Should you feel that the legal status can not be restored, please inform the authorities from the contact list below:
National Data Protection and Freedom of Information Authority
Postal address: 1530 Budapest, Pf. 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: customer service (at) naih.hu
URL: https://www.naih.hu
Coordinates: N 47 ° 30'56 ''; E 18 ° 59'57 ''
17. LEGISLATION UNDERLYING DATA PROCESSING
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (general data protection regulation).
- 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information.
- Act LXVI of 1995 on Public Documents, Archives and the Protection of Private Archival Material. law.
- Decree 335/2005 on the general requirements for the management of records of bodies performing public tasks. (XII. 29.) Government Decree.
- CVIII of 2001 Act on Certain Issues in Electronic Commerce Services and Information Society Services.
- Act C of 2003 on electronic communications.
Date of entry into force of this Privacy Statement: 24.05.2018. The data controller reserves the right to make changes.