Data Privacy
Privacy Policy
for visitors and customers of the websites www.pizsistore.hu, www.pizsistore.com, www.pizsi.eu.
Data controller
Name / company name: Mandzák Enikő ev.
Headquarters: Hungary, 1146 Budapest, Thököly út 31-33 B 116a
Tax number: 68600765-1-42
Registration number: 51979780
Website name, address: www.pizsistore.hu, www.pizsistore.com, www.pizsi.eu
Availability of the data management information:
Contact details of the data controller
Mailing address: 1132 Budapest, Csanády u. 4a., 7. em. 3.
E-mail: hello@pizsistore.hu
Hosting provider:
Name: Rackhost Zrt.
Mailing address: Tisza Lajos körút 41, 6722 Szeged.
Email address: info@rackhost.hu
Phone number: +36 1 445 1200
Description of data processing during the operation of the webshop
This document contains all relevant data management information regarding the operation of the webshop in accordance with the European Union's General Data Protection Regulation No. 2016/679 (hereinafter: Regulation, GDPR) and CXII of 2011. TV. (hereinafter: Infotv.) based on
Information about the use of cookies
The Data Controller uses so-called cookies when visiting the website. The cookie is an information package consisting of letters and numbers that our website sends to your browser with the aim of saving certain settings, facilitating the use of our website and helping us to collect some relevant, statistical information about our visitors.
Some of the cookies do not contain personal information and are not suitable for identifying the individual user, but some of them contain an individual identifier - a secret, randomly generated string of numbers - which is stored on your device, thereby ensuring your identification. The operational duration of each cookie is contained in the relevant description of each cookie.
Legal background and legal basis of cookies:
The legal basis for data management is your consent based on Article 6 (1) point a) of the Regulation.
Data processed for the purpose of concluding and fulfilling the contract
In order to conclude and fulfill the contract, several cases of data management may be implemented. We would like to inform you that data processing related to complaint handling and warranty administration is only carried out if you exercise one of the aforementioned rights.
If you do not make a purchase through the webshop, but are only a visitor to the webshop, then the provisions of data management for marketing purposes may apply to you if you give us consent for marketing purposes.
The data processing carried out for the purpose of concluding and fulfilling the contract in more detail:
Contact
If, for example, you contact us with a question about a product by email, contact form, or phone. Prior contact is not mandatory, you can skip this and order from the webshop at any time.
Managed data: Data provided by you during contact.
Duration of data management: The data is only processed until the contact is completed.
Legal basis for data management: Your voluntary consent, which you give to the Data Controller by contacting us. [Data management according to Article 6 (1) point a) of the Regulation]
Registration on the website
By storing the data entered during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to be entered again when making a new purchase). Registration is not a condition for concluding a contract
Managed data: During data management, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product and the date of purchase.
Duration of data management: Until you withdraw your consent.
The legal basis for data management: Your voluntary consent, which you give to the Data Controller by registering [Data management according to Article 6 (1) point a) of the Regulation]
Order processing
During the processing of orders, data management activities are necessary in order to fulfill the contract.
Managed data: During data management, the Data Controller manages your name, address, telephone number, e-mail address, the characteristics of the purchased product, the order number and the date of purchase. If you have placed an order in the webshop, data management and the provision of data are essential for the fulfillment of the contract.
Duration of data management: We process data for 5 years according to the civil law statute of limitations.
Legal basis for data management: Fulfillment of the contract. [Data management according to Article 6 (1) point b) of the Regulation]
Issue of an invoice
The data management process takes place in order to issue an invoice in accordance with the legislation and to fulfill the obligation to preserve accounting documents. The Sztv. Pursuant to § 169, paragraphs (1)-(2), economic companies must keep the accounting documents directly and indirectly supporting the accounting.
Data processed: Name, address, e-mail address, telephone number.
Duration of data management: The issued invoices are issued by Sztv. Based on § 169, paragraph (2), it must be kept for 8 years from the date of issue of the invoice.
Legal basis for data management: CXXVII of 2007 on VAT. On the basis of Section 159 (1), the issuance of the invoice is mandatory and it must be kept for 8 years on the basis of Section 169 (2) of Act C of 2000 on accounting [Data processing according to Article 6 (1) point c) of the Regulation].
Data management related to the delivery of goods
The data management process takes place in order to deliver the ordered product.
Data processed: Name, address, e-mail address, telephone number.
Duration of data management: The Data Controller manages the data until the delivery of the ordered goods.
Legal basis for data management: Contract performance [data management according to Article 6 (1) point b) of the Regulation].
Recipients and processors of data processing related to the delivery of goods
Name of recipient: Packeta Hungary Kft.
Address of the addressee: 1044 Budapest, Ezred utca 1-3. B2/11. intact.
The recipient's phone number is +36 1 400 8806
The recipient's e-mail address is: info@packeta.hu
Recipient's website: https://www.packeta.hu/
Name of recipient: tOURmix Delivery Bt.
Address of the addressee: 1025 Budapest, Józsefhegyi utca 3/C 1/4
Recipient's phone number: +36 20 483 6461
Recipient email address: info@tourmix.delivery
Recipient's website: www.tourmix.delivery
The courier service contributes to the delivery of the ordered goods based on the contract concluded with the Data Controller. The courier service handles the personal data received in accordance with the data management information available on its website.
Warranty and warranty claim management
Warranty and guarantee claims are covered by Art. 19/2014. (IV. 29.) We must act according to the rules of the NGM decree, which also determines how we must handle your claim.
Managed data
19/2014 when handling warranty and guarantee claims. (IV. 29.) We must act according to the rules of the NGM decree.
On the basis of the decree, we are obliged to take a record of the warranty or guarantee claim notified to us, in which we record:
a) your name, address, and a statement that you consent to the processing of your data recorded in the protocol in accordance with the regulations,
b) the name and purchase price of the movable object sold within the framework of the contract between you and us,
c) the date of performance of the contract,
d) the date of notification of the error,
e) the description of the error,
f) the right you want to enforce based on your warranty or guarantee claim, and also
g) the method of settlement of the warranty or guarantee claim or the reason for rejecting the claim or the right to be asserted based on it.
If we receive the purchased product from you, we must issue a receipt for this, on which it must be stated
a) your name and address,
b) data necessary to identify the thing,
c) the date of receipt of the thing, furthermore
d) the time when you can receive the repaired item.
Duration of data management: The company is obliged to keep the record of the consumer's warranty or guarantee claim for three years from the date of its recording and to present it at the request of the inspection authority.
Legal basis for data management: The legal basis for data management is Art. 19/2014. (IV. 29.) NGM decree [4. Compliance with legal obligations under § (1) and § 6 (1)] [Data management according to Article 6 (1) point c) of the Regulation].
Handling of other consumer protection complaints
The data management process takes place in order to handle consumer protection complaints. If you have contacted us with a complaint, data management and the provision of data are essential.
Managed data: Buyer's name, phone number, email address, content of complaint.
Duration of data management: Warranty complaints are kept for 5 years based on the Consumer Protection Act.
Legal basis for data management: Whether you file a complaint with us is your voluntary decision, however, if you file a complaint with us, the CLV of 1997 on consumer protection. Act 17/A. § (7) we are obliged to keep the complaint for 5 years [data management according to Article 6 (1) point c) of the Regulation].
Data processed in relation to the verifiability of consent
During the registration, order, and subscription to the newsletter, the IT system stores the IT data related to the consent for later provability.
Data processed: Date of consent and IP address of the person concerned.
Duration of data management: Due to legal requirements, the consent must be proven later, therefore the duration of data storage is stored for a period of limitation after the termination of data management.
Legal basis for data management: This obligation is prescribed by Article 7 (1) of the Regulation. [Data management according to Article 6 (1) point c) of the Regulation]
Additional data management
If the Data Controller wishes to carry out further data processing, it provides preliminary information on the essential circumstances of data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).
Data processing aimed at storing personal data:
Name of the data processor: Rackhost Zrt.
Contact details of the data processor:
Phone number: +36 1 445 1200
Email address: info@rackhost.hu
Headquarters: Tisza Lajos körút 41, 6722 Szeged.
Website: www.rackhost.hu
The Data Processor stores personal data based on the contract concluded with the Data Controller. You are not entitled to access personal data.
Billing-related data processing:
Name of the data processor: Billingo Technologies Zrt.
The registered office of the data processor: Árbóc utca 6. III. 1133 Budapest. floor
The phone number of the data processor is +36-1/500-9491
The e-mail address of the data processor is: hello@billingo.hu
Website of the data processor: www.billingo.hu
Based on the contract concluded with the Data Controller, the Data Processor participates in the registration of accounting documents. In doing so, the Data Processor will provide the name and address of the data subject to the extent necessary for accounting records, Sztv. It is processed for a period corresponding to paragraph (2) of § 169, after which it is deleted.
Data management related to online payment:
Name of data controller: Stripe Inc
The data controller is located at 185 Berry Street, Suite 550, San Francisco, CA 94107
The email address of the data controller is support@stripe.com
Website of the data controller: www.stripe.com
Based on the contract concluded with the Data Controller, the payment service provider participates in the execution of online payments, for which data is transferred to the online payment service provider during the purchase process. In doing so, the online payment service provider handles the invoicing name, name and address, order number and date of the concerned person in accordance with its own data management rules.
The purpose of the data transmission is to provide the online payment service provider with the transaction data necessary for the payment transaction initiated by the online payment service provider.
The legal basis for data transmission: the fulfillment of the contract between you and the Data Controller pursuant to Article 6 (1) point b) of the Regulation, which includes payment by the customer, and in the case of online payment, data transmission in accordance with this point is required for payment
Your rights during data management
Within the period of data management, you are entitled to the following rights according to the provisions of the Regulation:
* the right to withdraw consent
* access to personal data and information related to data management
* right to rectification
* limitation of data management,
* right to deletion
* right to protest
* right to portability.
If you wish to exercise your rights, it involves your identification, and the Data Controller must necessarily communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification can only be based on data that the Data Controller manages about you anyway), and your complaints about data management will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were a customer of ours and would like to identify yourself in order to handle complaints or warranty, please enter your order ID for identification. Using this, we can also identify you as a customer.
The Data Controller will respond to complaints related to data management within 30 days at the latest.
The right to withdraw consent
You have the right to withdraw your consent to data management at any time, in which case the data provided will be deleted from our systems. However, please note that in the case of an order that has not yet been fulfilled, the cancellation may result in us not being able to deliver to you. In addition, if the purchase has already been completed, based on the accounting regulations, we cannot delete the data related to invoicing from our systems, and if you owe us a debt, then based on a legitimate interest in the collection of the claim, we can process your data even if you withdraw your consent
Access to personal data
You are entitled to receive feedback from the Data Controller as to whether your personal data is being processed, and if it is being processed, you are entitled to:
* get access to the managed personal data and
* inform the Data Controller of the following information:
* the purposes of data management;
* categories of personal data processed about you;
* information about the recipients or categories of recipients to whom or to whom the Data Controller has disclosed or will disclose the personal data;
* the planned period of storage of personal data, or if this is not possible, the criteria for determining this period;
* your right to request from the Data Controller the correction, deletion or restriction of processing of your personal data and, in the case of data processing based on legitimate interests, to object to the processing of such personal data;
* the right to submit a complaint to the supervisory authority;
* if the data were not collected from you, all available information about their source;
* about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.
The purpose of exercising the right may be aimed at establishing and checking the legality of data management, therefore, in case of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.
Access to personal data is ensured by the Data Controller by sending you the processed personal data and information by email after your identification. If you have registered, we provide access so that you can view and check your personal data by logging into your user account.
Please indicate in your request that you are requesting access to personal data or information related to data management.
Right to rectification
You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.
Right to restriction of data processing
You have the right to request that the Data Controller restrict data processing if one of the following is true:
* You dispute the accuracy of the personal data, in this case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data, if the exact data can be determined immediately, the restriction will not apply;
* the data management is illegal, but you oppose the deletion of the data for any reason (for example, because the data are important to you in order to enforce a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of their use;
* the Data Controller no longer needs the personal data for the purpose of the indicated data management, but you require them to submit, enforce or defend legal claims; obsession
* You have objected to the data processing, but the legitimate interests of the Data Controller may also be the basis for the data processing, in this case, until it is established whether the legitimate reasons of the Data Controller take precedence over your legitimate reasons, the data processing must be limited.
If data management is subject to restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
The data controller will inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on data management.
Right to erasure and oblivion
You are entitled to have the Data Manager delete your personal data without undue delay if one of the following reasons exists:
* the personal data are no longer needed for the purpose for which they were collected or otherwise managed by the Data Controller;
* You withdraw your consent and there is no other legal basis for data processing;
* You object to data processing based on legitimate interest, and there is no overriding legitimate reason (i.e. legitimate interest) for data processing,
* the personal data was handled illegally by the Data Controller and this was established based on the complaint,
* personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller.
If, for any legitimate reason, the Data Controller has made public the personal data processed about you and is obliged to delete it for any of the above-mentioned reasons, it is obliged to take the reasonably expected steps - including technical measures - taking into account the available technology and the implementation costs, in order to inform the data controller and other data controllers that you have requested the deletion of the links to the personal data in question or the copy or duplicate of these personal data.
Deletion does not apply if data management is necessary:
* for the purpose of exercising the right to freedom of expression and information;
* fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data (such case is data processing in the context of invoicing, as the retention of the invoice is required by law), or for the purpose of performing a task carried out in the public interest or in the exercise of public authority granted to the data controller;
* to present, enforce and defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data management complaint is in progress).
Right to protest
You have the right to object to the processing of your personal data based on legitimate interests at any time for reasons related to your own situation. In this case, the Data Controller may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the presentation, enforcement or defense of legal claims .
If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.
Right to portability
If the data management is carried out in an automated way or if the data management is based on your voluntary consent, you have the right to ask the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller sends in xml, JSON or csv format at your disposal, if this is technically feasible, you can request that the Data Controller forward the data in this form to another data controller.
Automated decision making
You have the right not to be subject to the scope of a decision based solely on automated data management (including profiling) that would have legal effects on you or would similarly significantly affect you. In these cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his point of view and to submit objections to the decision.
The above does not apply if the decision:
* Necessary to conclude or fulfill the contract between you and the Data Controller;
* is made possible by EU or member state law applicable to the Data Controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession
* based on your express consent.
Registration in the data protection register
Infotv. pursuant to its provisions, the Data Controller had to register certain data operations in the data protection register. This reporting obligation was terminated on May 25, 2018.
Data security measures
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.
The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.
Remedies
If, in your opinion, the Data Controller has violated a legal provision relating to data management, or has not fulfilled any of your requests, you can initiate the investigation procedure of the National Data Protection and Freedom of Information Authority in order to terminate alleged illegal data management (address: 1363 Budapest, Pf. 9., e-mail : ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).
We would also like to inform you that in the event of a violation of the legal provisions on data management, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.
Modification of data management information
The Data Controller reserves the right to modify this data management information in a way that does not affect the purpose and legal basis of data management. By using the website after the amendment enters into force, you accept the amended data management information.
If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other than the purpose of their collection, it will inform you of the purpose of the data processing and the following information before the further data processing:
* on the period of storage of personal data, or if this is not possible, on the criteria for determining the period;
* your right to request from the Data Controller access to your personal data, their correction, deletion or restriction of processing, and in the case of data processing based on legitimate interests, you may object to the processing of personal data, and in the case of data processing based on consent or a contractual relationship, you may request data portability securing the right;
* in the case of data management based on consent, that you can withdraw your consent at any time,
* on the right to submit a complaint to the supervisory authority;
* about whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for concluding a contract, as well as whether you are obliged to provide personal data, and what possible consequences the failure to provide data may have;
* about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.
The data processing can only start after this, if the legal basis of the data processing is consent, in addition to the information, you must also consent to the data processing.