Data protection information
Hatályos: 2021.11.01.-től
1. Introduction
It is very important to us that we comply with current data protection legislation and laws, so below we discuss and describe in detail our data protection steps and processes related to data collection
Contractor details:
Name: Varga Katalin Individual Entrepreneur
Székhely: 1195 Budapest, Batthyány utca 16. 2. em. 8.
Levelezési cím: 1195 Budapest, Batthyány utca 16. 2. em. 8.
Adószám: 57449793-1-43
Phone number: +36707756705
E-mail: katalin@artdilla.com
Website: www.artdilla.com
Details of the hosting provider:
Name: Dániel Németh Individual Entrepreneur
Address: 2230, Gyömrő, Zrínyi utca 1.
Contact: info@storeo.hu
Data controller's data:
Name: Varga Katalin Individual Entrepreneur
Cím: 1195 Budapest, Batthyány utca 16. 2. em. 8.
Contact: katalin@artdilla.com
2. Types of personal data and their scope
Personal data: data that unambiguously allow an individual to be identified precisely. We process the following personal data on the Site, with a precise indication of the legal basis:
COMMUNICATION DATA
This includes any message you send to us via the website, email, social media or any other form of communication. This data is processed and retained in order to fulfil orders and to provide a basis for a decision in the event of legal claims.
Our legal basis for processing this data is the user's verifiable interest in our activities, as reflected in the messages sent to us.
CUSTOMER DATA
This includes all information related to the purchase of products and services, such as the customer's name, shipping and billing address, email address, phone number, and product purchased. This data is processed to ensure the successful fulfilment of orders and to keep a legally correct record of purchases.
The legal basis for storing the data is the performance of the contract between the buyer and the seller.
USER DATA
This includes data that is generated when you use the website, to enable the technical operation of the site, to maintain the security of the site, to keep a record of users' activity and to ensure that you always have access to the most relevant content.
The legal basis for the processing of data is the clear interest of the user in our activities, which is necessary to ensure the technical functioning of the site and the storage of these data.
TECHNICAL DATA
This includes information generated when you use the site, such as your IP address, login information, browser information, time spent on each page, page views and navigation paths, the number and time of visits to the site, time zones, and the device you use to view the site. The data source is our analytics software. We process this data to analyse users' habits on the site, to keep our site secure and to understand the usefulness of our marketing decisions.
The legal basis for processing the data is the user's clear interest in our activities, which allows us to process this data in accordance with security requirements and use it to increase business for more effective operations.
MARKETING DATA
Which includes the visitor's preferences, what marketing content they like to receive from us. We process this information to enable participation in sweepstakes and to send advertising related to our products/services in which the user has expressed an interest.
The legal basis for processing the data is the user's clear interest in our activities, which allows us to process this data in accordance with security requirements and use it to increase business for more effective operations.
From time to time, we may use the information collected for purposes such as providing targeted, relevant ads on the Facebook™ platform and various dynamic advertising platforms, and to measure the effectiveness of the ads.
The legal basis for processing the data is the user's clear interest in our activities, which allows us to process this data in accordance with security requirements and use it to increase business for more effective operations.
We do NOT collect sensitive data such as ethnicity, religious beliefs, sexuality and orientation, political opinions and trade union membership, or health background, and genetic or biometric information.
3. Methods of data collection
We may collect personal information in ways that the user provides directly to us (for example, by placing an order or sending a message). In addition, certain information is collected automatically when you use the Site, for example by "cookies" and similar technologies. These are only activated after the user has given his consent. For more information, please see our Cookie Statement.
We receive certain information from external partners, such as analytics providers like Google (a partner outside the EU), advertising networks like Facebook™ (a partner outside the EU), and payment partners like PayPal (a partner outside the EU) and Paylike.
4. Our practical steps on data protection
It is of utmost importance for the seller and/or the data controller to protect users' data and to comply with the applicable regulations. Therefore:
- After conducting a privacy impact assessment on this site, we have compiled a list of the data collected, its necessity and legal basis, and its legal compliance. The protection of users' data and compliance with applicable regulations is of utmost importance to the data controller and the vendor, and we have made data protection a priority on the site and have made significant efforts to ensure the secure collection of information collected by the site.
- In order to protect the data entered on the forms and generated on the site, we use SSL certification (Let's Encrypt Authority X3 certification) throughout the website.
- To protect the site from attack, we use premium security software (Wordfence Security) to protect your data from. "brute force" and virus attacks against the stored data.
- The purchase and user data are stored in the site's databases in encrypted form (pseudonymised), so they cannot be read by third parties.
- In this privacy statement, we provide users with forms to request information about the processing of their personal data, to modify or delete their personal data.
- From time to time, we need to provide data to our service partners (such as hosting providers, courier companies, mailing software) in order to run our business. In such cases, we always choose to ensure that they comply with the GDPR regulation and, in the case of a US-based partner, participate in the EU-US Privacy Shield initiative and sign a data management contract with them, ensuring that the data is handled responsibly.
5. Marketing communication
Marketing communication is essential to the business. The legal basis for the processing of data in this context is the expression of interest in our services or the explicit consent of users. Under the European Union's Privacy and Electronic Communications Regulations (PECR), we send marketing messages to our users if they have made a purchase from us or have expressly consented to receive marketing messages.
In all cases, we will provide a prominent means of opting out and unsubscribing from messages. You will find an unsubscribe link at the bottom of each email, or you can request to be removed from our database by contacting us at the email address on our contact page. We may also send you messages if you unsubscribe from marketing communications, but only in relation to the fulfilment of orders.
6. Comments on personal data
From time to time, it is necessary to share certain personal information with certain partners in order to maintain normal business operations:
-IT service providers and service providers that troubleshoot and maintain computer systems
-Specialist partners such as lawyers, accountants, bankers, insurers
-Governmental bodies that ask for reports on our activities
-Payment service providers that securely handle your credit card data
-Delivery services that fulfil incoming orders to the specified delivery address
International data transfers
We may need to share user data with partners outside the European Economic Area (EEA) from time to time in order to maintain our business. In many cases, countries outside the EEA do not provide the same level of protection for data, and European law prohibits the export of data unless the appropriate conditions are met. Whenever personal data is transferred outside the EEA, we will take the following steps, in addition to those discussed in section 4, to ensure that the data is handled securely:
-We only transfer data to countries that the European Commission considers appropriate from a data security perspective.
-We only use US-based services that are part of the EU-US Privacy Shield data security initiative.
If the above conditions are not met, we will ask for the explicit consent of the users to transfer the data. This consent may be withdrawn at any time.
Links to external sites
This site may occasionally contain links to external sites, or may contain code snippets embedded in the site to provide external services. Clicking on these links or using the embedded solutions may allow external partners to collect information about users. While we do our best to screen partners appropriately, we have no control over their privacy practices and are not responsible for their privacy practices.
7. Duration of processing
We will only ever store users' data for as long as we are required to do so by our legal/accounting/data reporting obligations or as necessary for the operation of the service. When deciding on the length of storage, we take into account the volume, nature and sensitivity of the data and the potential impact of a data leak in the event of a data breach.
For tax reasons, we need to keep your customers' billing and purchase information for at least 8 years to comply with our legal obligations. In certain circumstances, we may use the data in an anonymised form for statistical purposes, in which case we will retain the data indefinitely without notice.
8. Rights of the visitor
As a citizen of the European Union, the General Data Protection Regulation (GDPR) gives users of this site the following rights:
a, Access to personal data
Users of this site have the right to request a copy of the personal data stored by our website. The request will generally be fulfilled free of charge within 14 days of the request. In the event of repeated, abusive, unwarranted requests, the vendor may charge a modest fee to provide the data and may require additional time to provide the data.
In addition, the seller and/or the data controller will ask for proof of identity before disclosing the data to prevent misuse. To request personal data, please email us at the email address on our contact page.
b, Changes to personal data
If personal data have been modified or incorrectly provided, users have the right to request that the data be amended. To amend your personal data, please contact us at the e-mail address provided on our contact page.
c, Requesting the erasure of personal data
Users have the right to request the deletion of all their personal data. The request will be granted free of charge within 14 days of the request. After deletion of personal data, the user account will no longer be available and any material purchased will no longer be available, as the personal data associated with the user account is essential to access the service. The seller and/or the data controller will request proof of identity before deleting personal data to prevent misuse. To delete your personal data, please contact us at the e-mail address on our contact page.
d, Request restriction of processing of personal data
Users have the right to restrict the provision of their data to third parties (service partners) upon request. When submitting the request, the service partners to be restricted may be identified. It is important to note that cooperation with certain service providers is essential for the functioning of the site (e.g. Paylike as a payment service provider), so that if they are restricted, the services of the site will be unavailable to the user. The seller and/or the data controller will ask for proof of identity before restricting the transfer of personal data to prevent misuse. To restrict the transfer of personal data, please contact us at the e-mail address on our contact page.
In Hungary, the official body responsible for data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find out more about their data protection rights on the NAIH website.
National Authority for Data Protection and Freedom of Information,
1125 Budapest, Szilágyi Erzsébet fasor 22/C., Postal address: 1530 Budapest, Pf.: 5,
Phone: 06.1.391.1400,
Fax: 06.1.391.1410,
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
9. Anonymised data and "COOKIEs"
The website uses so-called "cookies" in e-mail messages and advertisements. "cookies" and similar technologies such as tracking codes, re-marketing tags, pixels, which are activated after the user's consent. These technologies help us to better understand users' behaviour and interests, thus helping us to operate more efficiently and effectively. Our aim is to make the use of our website as user-friendly and personal as possible.
If the user wishes to opt-out of the collection of non-personal data by these technologies, they can do so in the following ways:
-you can disable the loading of cookies by using the cookie warnings on the website
-by disabling "cookies" in your browser
For more information about additional cookies and tracking codes on this website, please see our Cookie Statement.