Cart 0

General information on data management

as data controller, hereby informs you, as data subject, of the processing activities carried out by the Data Controller and considered relevant by the Data Controller, as well as of other relevant facts. The Data Controller processes data in addition to the processing activities set out in this notice, this notice only contains a summary and brief description of the most significant processing activities.

The Data Controller draws the attention of the data subjects to the following

  • does not carry out joint processing.
  • the data subjects may exercise their rights (right of access, right of rectification, right to erasure and "right to be forgotten", right to blocking/restriction of data, right to object, right to data portability, right to withdraw consent, see detailed description of rights at the end of this notice) by sending a statement to the e-mail addresses info@decorand.com, info@decorakademia.hu or other contact details of the Data Controller, and by lodging a complaint with the authority (for contact details see NAIH, www.naih.hu), and, if they consider that their rights have been infringed, they may apply to the competent court in their place of residence. The Data Controller draws the attention of the data subjects to the fact that the exercise of their rights may be subject to conditions and limitations in relation to the processing of a data file, which the Data Controller is obliged to examine in the exercise of the data subjects' rights. In the event that a right cannot be exercised by the data subject in relation to a given processing operation, the Data Controller shall inform the data subject in writing (including by electronic means) of the factual and/or legal grounds excluding/limiting the exercise of the right and shall keep a record thereof.
  • the Data Controller shall ensure, in particular, in the context of its IT security responsibilities:
    • denying unauthorised persons access to the means used for data processing (hereinafter referred to as the 'data management system'),
    • preventing the unauthorised reading, copying, modification or removal of data media,
    • preventing the unauthorised input of personal data into the processing system and the unauthorised access, modification or deletion of personal data stored in the processing system,
    • to prevent the use of data processing systems by unauthorised persons by means of data transmission equipment,
    • that persons authorised to use the system have access only to the personal data specified in the access authorisation,
    • that it is possible to verify and establish to which recipients the personal data have been or may be transmitted or made available by means of a data transmission installation
    • that it is possible to verify and establish a posteriori which personal data have been entered into the system by whom, at what time
    • preventing unauthorised access to, copying, modification or deletion of personal data during transmission or transport of the data medium
    • ensure that the data management system can be restored in the event of a malfunction.
    • ensure that the data management system is operational, that any errors in its operation are reported and that the personal data stored cannot be altered even if the system is not functioning properly.

 

  • the Data Controller uses external service providers on the website on the basis of:
    • the aim is web analytics and ad serving.
    • External web analytics and ad serving service providers working with the Data Controller: Facebook Inc, Google LLC.
    • e Third-party service providers may have access to the IP address of the data subject, and in many cases they also use cookies, sometimes web beacons (a click tag (a marker code identifying the click on a particular advertisement) or other click metrics on websites, sometimes in emails, to personalise or analyse services and to generate statistics.
    • e Cookies set by third-party service providers can be deleted from the user's device at any time, and the use of cookies can usually be refused by selecting the appropriate settings on the browser(s). A cookie placed by an External Service Provider can be identified by the domain associated with that cookie. It is not possible to refuse web beacons, clicktags and other click metrics.
    • the Third Party Service Providers process the Personal Data transferred to them in accordance with their own privacy notices.

 

  • more detailed explanations of each of the processing operations set out in the format of the table below are also available on paper at the Data Controller's registered office/office and, upon request, the Data Controller will send them to the data subject electronically.
  • profiling does not take place in relation to any of the processing.
  • data communication (data processing, data transfer) to third parties is carried out as follows:
    • in the context of online product sales as a data processing purpose, data related to purchases made on the Internet are transmitted via the credit card acceptance network of OTP Bank Nyrt. (1051 Budapest, Nádor u. 16.) for the purposes of financial transaction processing, transaction security and transaction tracking. The data transmitted include: surname, first name, delivery address, billing address, telephone number, e-mail address, payment transaction data.
    • in the case of delivery of products, the name, address, telephone number of the recipient, the value of the order will be forwarded to Express One Hungary Kft. (registered office: 1239 Budapest, Európa út 12., Cg.:01-09-980899 ugyfelszolgalat@expressone.hu).
    • accounting, auditing, bookkeeping activities data processor Kecskés Istvánné E..V. 6032 Nyárlőrinc, Dózsa György u. 26/a and Gácsér Norbert György E.V. Dunakeszi 2120, Hegyrejáró utca 20.
    • operation and maintenance tasks are performed by Vision Software Kft. (1149 Budapest, Pósa Lajos u. 51.).
    • may disclose data for other purposes in relation to a given processing, as set out in the detailed information notice for that processing.

The Data Controller again draws your attention to the fact that it carries out other processing activities which do not concern you as a data subject or which the Data Controller does not consider relevant for the purposes of this information, about which you can find more information in information documents formally separate from this information.


 


 




 


 


 




 



 



 

Rights of the data subject


The following table shows the relationship between the data subject's rights and the legal basis, so that it is clear to the data subject what rights he or she can exercise under the legal basis used.


 

Right of access (Article 15 GDPR)


The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and information about the circumstances of the processing. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards for the transfer in accordance with Article 46. The Controller shall provide the data subject with a copy of the personal data which are the subject of the processing, if the data subject so requests.

Right to withdraw consent (Article 7 GDPR)


You have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Right to rectification (Article 16 GDPR)


The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her.

Right to object (Article 21 GDPR)


The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(e) or (f) of the GDPR. In such a case, the Controller may no longer process the personal data, unless it can demonstrate legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

Right to restriction of processing (Article 18 GDPR)


The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller if any of the conditions set out in the GDPR are met, in which case the Controller shall not perform any operation on the data other than storage. Where the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Right to erasure (right to be forgotten) (Article 17 GDPR)


The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay where the processing has no purpose, the data subject has withdrawn his or her consent and there is no other legal basis for the processing, there is no legitimate ground for the processing which overrides any objection, the data have been unlawfully processed, and the data must be erased in order to comply with a legal obligation. Where the controller has disclosed the personal data and is under an obligation to erase it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

Right to data portability (Article 20 GDPR)


The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to which he or she has provided the personal data, if legal conditions (automated processing and legal basis for consent or agreement) are met.

Where and how can data subjects request detailed information about the processing and transfer of their data, and where and how can they exercise their rights?


The Data Controller draws the attention of the data subjects to the fact that the data subjects may request information, exercise their right of access and other rights by sending a statement to the Data Controller by post (2310 Szigetszentmiklós, Kántor u. 5.) or by e-mail (info@decorand.com, info@decorakademia.hu). The Data Controller will examine and reply to the statement as soon as possible after receipt and will take the necessary steps in accordance with the statement, the Internal Privacy Policy and the law.

How to contact the authority in the event of a complaint (Article 77 GDPR):

  • National Authority for Data Protection and Freedom of Information
  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Address for correspondence: 1374 Budapest, Pf. 603.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410

 

For more information about your rights and details of how to complain to the Authority, please visit http://naih.hu/panaszuegyintezes-rendje.html.

In the event of a breach of your rights, you can also take your case to the courts in your place of residence and claim, among other things, damages.

You can find the court in your country of residence at https://birosag.hu/birosag-kereso.

Closed: 4 November 2020