Cart 0

Privacy notice

 

about the processing of data provided when placing an order through this website


Data Controller:



  1. The Data Controller allows the data subject to order one or more products (or possibly services related to the product) from him.

What is the scope and purposes of the data processed?


  1. Scope and purpose of the data processed:

Data provided during registration and login Identification Product/service ordered

product identification/service completion

Technical data: order placement date

performance

specimen signature address

identification

operating licence

identification

delivery details*

fulfilment, delivery


What is the legal basis for processing the data?


  1. Legal basis for processing in relation to any personal data:
  • a. the legal basis for the processing is Article 6(1)(b), if the party placing the order is the data subject (e.g. a natural person, a sole trader, etc.)
  • b. if the person placing the order is a representative or contact person of the organisation concerned, the processing of his or her data is based on the legitimate interest of the Data Controller.
  • c. the processing of technical data is based on the legitimate interest of the Data Controller.

4.The legitimate interest under point (b) is that the Data Controller needs the contact details of the data subject for the performance of the contract.

5. the legitimate interest under point (c) is that the Data Controller can later prove that the order has been placed.

 

Who are the stakeholders?


  1. Data subjects: any natural person, including a contact person acting on behalf of an organisation, who can be identified or has been identified when placing an order with the Data Controller.

What is the main purpose of data processing?


  1. The main purpose of processing the data is to place the order and to contact you in connection with the fulfilment of the order.

    How is the data processed?

  2. The activities and processes involved in the processing are typically, but not exclusively, the following:
  • a. The data subject sends his or her order to the Data Controller through the means or by the means made available to him or her by the Data Controller.
  • b. The Data Controller will process the order.
  • c. The Data Controller shall record the order in the registration system established for this purpose.
  • d. The Data Controller, if the order is accepted, will notify the data subject in writing (electronically) of the acceptance of the order via the contact details provided. The notification shall be a confirmation of the order, which may also include additional information on the fulfilment.
  • e. The Data Controller will contact the data subject at the contact details provided by the data subject if the order needs to be clarified. It will also contact the data subject if it is unable to accept the order or refuses it.
  • f. The Data Controller may notify the data subject of certain processes of fulfilment (e.g. packaging, delivery, etc.) in the course of the order fulfilment.

How long does the processing last?


  1. The duration of data management lasts until the earliest condition:
  • a. in the case of a rejected order, until the order is rejected,
  • b. for 8 years in case of an accepted order, because it is considered as an accounting document.
  • c. If, according to the quality management rules operated by the Data Controller, all orders must be kept within the time limit set by the regulations, the processing is carried out until that time, for legitimate interests.

Where are the data from?


  1. Source of data: directly from the data subject.

    Are there any data disclosures (access, transfer, transmission) to third parties?

  2. Disclosure:
  • a. in the context of online product sales as a data management purpose, data related to purchases made on the Internet are transmitted via the credit card acceptance network of OTP Bank Nyrt. (1051 Budapest, Nádor u. 16.) for the purposes of financial transaction processing, transaction security and transaction tracking. The data transmitted include: surname, first name, billing address, telephone number, payment transaction data. SimplePay's Privacy Policy can be found at the following link: http://simplepay.hu/vasarlo-aff
  • b. in the case of delivery of products, the name, address, telephone number of the recipient, the value of the order will be forwarded to Express One Hungary Kft. (registered office: 1239 Budapest, Európa út 12., Cg.:01-09-980899, ugyfelszolgalat@expressone.hu).
  • c. data processor in respect of accounting, auditing and bookkeeping activities Kecskés Istvánné E..V. 6032 Nyárlőrinc, Dózsa György u. 26/a and Gácsér Norbert György E.V. Dunakeszi 2120, Hegyrejáró utca 20.

 

How does the Data Controller ensure data protection?


  1. The Data Controller shall ensure, particularly in the context of its IT security tasks:
  • a. to deny unauthorised persons access to the tools used for data management (hereinafter referred to as the 'data management system'),
  • b. preventing the unauthorised reading, copying, modification or removal of data media,
  • c. to prevent the unauthorised input of personal data into the processing system and the unauthorised access, modification or deletion of personal data stored in the processing system,
  • d. to prevent the use of data processing systems by unauthorised persons by means of data transmission equipment,
  • e. that persons authorised to use the system have access only to the personal data specified in the access authorisation,
  • f. that it is possible to verify and establish to which recipients the personal data have been or may be transmitted or made available by means of a data transmission installation
  • g. to ensure that it is possible to verify and establish a posteriori which personal data have been entered into the system by whom, at what time
  • h. to prevent the unauthorised disclosure, copying, modification or deletion of personal data during transmission or transport of the data medium
  • ensure that the data management system can be restored in the event of a malfunction.
  • j. ensure that the data management system is operational, that any errors in its operation are reported and that the personal data stored cannot be altered even if the system is not functioning properly.

Is there automated decision-making, profiling?


  1. Automated decision making, profiling: no such processing takes place.

What are the rights of data subjects?


14.The following table shows the relationship between the data subject's rights and the legal basis, so that it is clear to the data subject what rights he or she can exercise in the event of a legal basis being used.


 

Right of access (Article 15 GDPR)


The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and information about the circumstances of the processing. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards for the transfer in accordance with Article 46. The Controller shall provide the data subject with a copy of the personal data which are the subject of the processing, if the data subject so requests.

Right to withdraw consent (Article 7 GDPR)


You have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Right to rectification (Article 16 GDPR)


The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her.

Right to object (Article 21 GDPR)


The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(e) or (f) of the GDPR. In such a case, the Controller may no longer process the personal data, unless it can demonstrate legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

Right to restriction of processing (Article 18 GDPR)


The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller if any of the conditions set out in the GDPR are met, in which case the controller shall not perform any operation on the data other than storage. If the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Right to erasure (right to be forgotten) (Article 17 GDPR)


The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay where the processing has no purpose, where consent has been withdrawn and there is no other legal basis, where there is no overriding legitimate ground for processing in the event of an objection, or where the data have been unlawfully processed in the first place, or where the data must be erased in order to comply with a legal obligation. Where the controller has disclosed the personal data and is under an obligation to erase it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

Right to data portability (Article 20 GDPR)


The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to which he or she has provided the personal data, if legal conditions (automated processing and legal basis for consent or agreement) are met.

Where and how can data subjects request detailed information about the processing and transfer of their data, and where and how can they exercise their rights?


The Data Controller draws the attention of the data subjects to the fact that the data subjects may request information, exercise their right of access and other rights by sending a statement to the Data Controller by post (2310 Szigetszentmiklós, Kántor u. 5.) or by e-mail (info@decorand.com, info@decorakademia.hu). The Data Controller will examine and reply to the statement as soon as possible after receipt and will take the necessary steps in accordance with the statement, the Internal Privacy Policy and the law.

How to contact the authority in the event of a complaint (Article 77 GDPR):

 

  • National Authority for Data Protection and Freedom of Information
  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Address for correspondence: 1374 Budapest, Pf. 603.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • www: http://www.naih.hu
  • e-mail: ugyfelszolgalat@naih.hu

For more information about your rights and details of how to complain to the Authority, please visit http://naih.hu/panaszuegyintezes-rendje.html.

In the event of a breach of your rights, you can also take your case to the courts in your place of residence and claim, among other things, damages.

You can find the court in your country of residence at https://birosag.hu/birosag-kereso.

15. With regard to the data marked with *, the Data Controller draws your attention to the fact that they are essential elements of data processing, all of which are necessary for data processing.

I acknowledge that in the case of payment by credit card, the following personal data stored by the data controller Decoration & Design Kft. (2310 Szigetszentmiklós, Kántor út 5) in the user database of https://decorand.com will be transferred to OTP Mobil Kft. as data processor. The following data are transferred by the data controller: name, e-mail, billing address, telephone number

The nature and purpose of the data processing activities carried out by the data processor can be found in the SimplePay Data Processing Information Notice, at the following link: http://simplepay.hu/vasarlo-aff