Privacy policy
Download/print tha document1. Data controller identification
The webshop available at https://meminky.com available at
WeLoveShirts Limited Liability Company
Abbreviated name: WeLoveShirts Kft.Company registration number: 03-09-127585 – Registry Court of the Kecskemét General CourtTax number: 24902724-2-03Headquarters: 6000 Kecskemét, Nagy Lajos király körút 34.Business location: 6000 Kecskemét, Ceglédi út. 99E-mail: [email protected](hereinafter: Data Controller).
2. Legislation on data management, scope of the prospectus
2.1. Data Controller uses Users’ data primarily
–REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( general data protection regulation); (The EU General Data Protection Regulation), hereinafter referred to as “the GDPR”,– Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act (Ekertv.)– and Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Act (Grt.)
in accordance with the provisions of
2.2. The scope of this information applies to the use of the meminky.com website (hereinafter: website), the use of the services available there and the data management carried out during the fulfillment of the orders placed in the web store.
2.3. For the purposes of this information, User: natural persons browsing the website, using the services of the website and ordering a product from the Data Controller.
3. Legal basis for data management
3.1. The legal basis for the data processing by the Data Controller is the User’s consent for certain data processing according to Article 6 (1) (a) of the GDPR and Article 6 (1) (b) of the GDPR for the processing of data related to an order. required in which the User is a party.
3.2. In the case of data processing performed on the basis of consent, the User gives his / her consent by checking the box in front of the data processing statement placed in the relevant places. The User may read the data management information at any time by clicking on the “Data Management Information” at the bottom of each page of the website or by clicking on the link marked “Data Management Information” in the data management statement referred to in this section. By checking the box in front of the data management statement, the User declares that he / she has read the data management information and, knowing its content, consents to the processing of his / her data as described in this information.
3.3. In some cases, the Data Controller is obliged by law to perform certain data processing operations, or may have a legitimate interest in the legal basis for the processing of data. The User can read more about these in the chapters on individual data management below.
4. Data management related to ensuring the operation of an information technology service
4.1. The data controller uses cookies to operate the website and to collect technical data about the visitors to the website.
4.2. The data controller provides a separate information on the data management implemented by cookies: Data management information on the use of cookies.
5. Data management related to receiving and replying to a message
5.1. Persons affected by data management: Users who send a message to the Data Controller using the messaging interface available from the “Contact” menu of the website or by e-mail using the e-mail address (es) indicated on the website.
5.2. Legal basis for data processing: User’s consent pursuant to Article 6 (1) (a) of the GDPR.
5.3. Defining the scope of data processed:
User sending the e-mail:
– name,– His e-mail address,– order number,– any additional data provided by the User in the field of the message.
With regard to any additional data provided by the User in the message, the Data Controller will necessarily handle data only in connection with the content of the sent message upon its receipt, however, the Data Controller will not request the User to provide any personal data provided therein. When communicating such unexpected personal data, the Unexpected Personal Data will not be stored by the Data Controller, it will be deleted from its IT system immediately.
5.4. The purpose of data management: To enable the User to request an offer from the Data Controller for the selected product.
Related services:
– Write a message,– receiving an e-mail message (using the e-mail address (es) provided on the website),– responding to messages received by the Data Controller in the above ways, which the Data Controller performs within 2 working days.
5.5. Duration of data management: It lasts until the message is answered or the User’s request is fulfilled. After replying to the message / fulfilling the request, the data controller deletes the data processed for this purpose. If the exchange of information takes place through several exchanges of messages on related topics, the Data Controller shall delete the data upon completion of the exchange of information or after the fulfillment of the request.
If the exchange of messages results in the conclusion of a contract and the content of the messages is relevant to the contract, then the legal basis and duration of the data processing will be as described in point 8 (data management related to the order).
5.6. Method of data storage: In a separate data management list in the data controller’s IT system, until the end of the information exchange period.
6. Data management related to sending newsletters
6.1. Affected by data management: the User who is on the site with the “Subscribe and we are already sending the 1,000. Your coupon worth HUF! ” under the menu item by filling in your e-mail address.
6.2. Legal basis for data management: GDPR. Article 6 (1) (a) and Grt. Pursuant to Section 6 (1) and (2), the User’s consent. The User gives his / her voluntary consent by reading this data management information and filling in the fields for subscribing to the newsletter, by ticking the consent statement there. By doing so, the User declares that he / she consents to the processing of his / her data as specified in the data management information and to the sending of newsletters.
In addition to sending useful information, the newsletter service is also aimed at direct business acquisition by the Data Controller . The User can subscribe to this service independently of the use of other services. Use of this service is based on a voluntary decision made after the User has been duly informed. If the User does not use the newsletter service, it will not be disadvantaged in terms of the use of the website and the use of its additional services. The data controller does not make the use of its direct business acquisition service a condition for the use of any other service.
6.3. Defining the scope of data processed:
– e-mail address.
6.4. The purpose of data management: to send newsletters by the Data Controller to the User by e-mail. Sending newsletters means sending information about the Data Manager’s service, news and current events, attention-grabbing offers, and advertising content.
6.5. Duration of data management: The data controller manages the data processed for the purpose of sending the newsletter until the User’s consent to this is revoked (unsubscribed) or the data is deleted at the User’s request.
6.6. How to store the data: In a separate data management list in the IT system of the Data Manager
7. Data management related to registration
7.1. Stakeholders: Users registering on the site.
7.2. Legal basis for data processing: User’s consent pursuant to Article 6 (1) (a) of the GDPR. The voluntary consent is given by the User by clicking on the profile icon, then by filling in the form under “REGISTRATION” and selecting the checkbox in front of the data management statement, and finally by clicking on the “REGISTRATION” button. The user also has the opportunity to consent to the creation of a registration account during the ordering process, as described here.
7.3. Defining the scope of data processed: In the case of registering users, the data management concerns the scope of personal data and contact details to be filled in indicated on the registration form referred to above.
Scope of data:
to create a registration account:
– e-mail address– password
Additional data that can be entered voluntarily by the user in the account:
– surname– first name– billing address– Delivery Address– Username.
7.4. The purpose of data management: to register on the website, to facilitate regular purchases.
Related services:
– browse the site after logging in,– facilitating the online ordering of a product by storing the data necessary for the fulfillment of the order, and enabling the User to modify this data independently,– store previous orders and make them available to the User in the user account.
7.5. Duration of data management: In the case of registered Users, the duration of data management lasts until deleted at the request of the registered User. Data management may also be terminated by deleting the registration by the User or by deleting the User’s registration by the Data Controller. The User may cancel his registration at any time or request its deletion from the Data Controller, which request shall be executed by the Data Controller immediately, but no later than within 10 working days after the receipt of the request.
7.6. How to store the data: In a separate data management list in the IT system of the Data Manager.
8. Order-related data management
8.1. Stakeholders: Users who place an order on the website.
8.2. Legal basis for data processing: Article 6 (1) (b) of the GDPR, according to which data processing is necessary for the performance of a contract to which the User is a party.
8.3. Defining the scope of data processed: Data management concerns the scope of the following personal data and contact details.
Natural person In case of User:
– surname (billing)– first name (billing)– telephone number– e-mail – billing address– delivery name (if different)– delivery address (if different)– indication of ordered product (s)– clothing size of ordered product – in case of clothing– purchase price of the ordered product (s)– method of receipt / delivery– method of payment– any other information provided by the User during the order, necessary for the fulfillment of the order– date of the order– date of payment
In case of the customer’s representative / contact person of the economic organization, the range of data:
– contact person’s surname– contact person’s first name– company name– telephone number– e-mail address– password– billing name (business name)– billing address (business address)– delivery name (if different)– delivery address (if different).
In the case of a product ordered with a unique appearance: personal data that may appear in the text uploaded or circumscribed by the Data Subject and made available to the Data Controller, as well as any conclusions that may be drawn from the sample or text to the Data Subject.
In the case of online credit card payments, the data of the bank card used for the payment is not known to the Data Controller, the User provides it directly to the payment service provider.
8.4. Purpose of data management: Concluding and fulfilling the contract resulting from the order.
8.5. In order to use the resizing service, it is necessary to re-enter the e-mail address of the Data Subject. Based on the e-mail address entered in this way and provided or registered during the order, the order affected by the defective product and the Affected Party will be identified. During the sizing service, in addition to the size, type, color and pattern of the new product, the data of the previous order will also be used. The purpose of all this is to allow you to send a new product of the right size, type, color, pattern.
8.6. Duration of data management: The Data Controller handles the above data processed for the fulfillment of the order for the time necessary for the fulfillment of the document retention obligation arising from the Accounting Act. According to the Accounting Act, this period is at least 8 years from the issuance of the invoice, after which the data is deleted by the Data Controller within one year.
During the delivery necessary for the fulfillment of the order, the processing of the necessary data (name, delivery address, telephone number) for this purpose lasts until the delivery is completed. When transferring data necessary for the performance of a shipment to a carrier, the data controller has a data management restriction, according to which the data carrier may handle the transmitted data only to the extent and for the time necessary for the performance of the shipment.
However, it may be in the legitimate interest of the transport company to retain all or part of the above data for a certain period of time in the event of any complaints, complaints or civil disputes. However, this is already done by an independent Data Controller, the User can read more about this in the data management information of the given service provider. Such service providers used by the data controller can be found in the chapter “Use of the data processor” of this prospectus, where the contact details of their website containing their data management information are also indicated.
Any additional data handled during the order – e.g. the User and the Data Controller handle the relevant messages related to the order – the Data Controller handles them until the expiry of 5 years from the conclusion of the contract – the general limitation period applicable to civil law claims.
8.7. Method of data storage: Data in a separate data management list in the IT system of the data controller, and data necessary for regular accounting in order to fulfill the document retention obligation prescribed by the Accounting Act.
9. Data management related to product evaluation
9.1. On the website it is possible to evaluate the displayed products. The User may publish his / her comments in text and score form.
9.2. The product evaluation operated on the site is public, and the posts and posts posted there, as well as the first names of the contributors, are displayed in a way that is visible to all visitors to the site.
9.3. Information on the handling of data provided by the User in the comments:
9.3.1. Data subjects: Users who post comments on the website, for which registration is not a condition.
9.3.2. Legal basis for data processing: User’s consent pursuant to Article 6 (1) (a) of the GDPR. Before submitting the post, the user agrees to the management and publication of the data provided in the post by ticking the privacy statement and submitting the post.
9.3.3. Scope of the affected data: User’s posts and entries can be seen by other users after their publication in such a way that they can identify the first name of the User posting the given post or entry, the data published by him / her can be identified, so the User’s identity can be identified. However, this is the User’s own responsibility, the Data Controller cannot be held responsible for the related consequences.
9.3.4. If the User possibly publishes the data of another person in his / her comments, the User must obtain the consent of the relevant third party, which is presumed by the Data Controller, with regard to the publication of such third party data on the Data Controller’s website and thus transmission to the Data Controller. The Data Controller shall not be liable for the consequences of failure to consent to the processing of such data.
9.3.5. The purpose of data management: to enable product evaluation for Users.
9.3.6. Duration of data management: The duration of data management on the website in the above form lasts until deleted at the request of the User who posted there. Data management may also be terminated by deleting the User’s post by the Data Controller. The User may at any time request the deletion of his post from the Data Controller, which request shall be executed immediately by the Data Controller.
9.3.7. How to store the data: Displayed in the IT system of the Data Manager, displayed on the website interface.
10. Data processing without further consent of the data subject or after withdrawal of consent
10.1. Data recorded with the consent of the relevant User may be processed by the Data Controller without further specific consent of the relevant User or after the withdrawal of the consent pursuant to Article 6 (1) of the GDPR, as follows.
10.2. If the personal data has been collected with the consent of the relevant User, the Data Controller may, unless otherwise provided by law, handle the recorded data without further consent of the relevant User and after revoking the consent of the relevant User in the following cases:
– the data processing is necessary to fulfill a legal obligation on the controller;
– the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
– the processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular when the child concerned.
11. Additional possible legal bases for data management – independent of the User’s consent
11.1. The legal basis for data processing is also, where applicable, the GDPR. Data processing necessary to fulfill a legal obligation under Article 6 (1) (c). In some cases, the data controller may be obliged to perform mandatory data processing required by law or other legislation. In addition, the Data Controller is obliged to fulfill any official requests, which may also involve the handling and transmission of personal data, which is also the obligation of the Data Controller prescribed by law.
11.2. Pursuant to Article 6 (1) (d) and (f) of the GDPR, we also inform you that the Data Controller may process the User’s personal data without his / her consent even if the data processing is necessary to protect the vital interests of the User or another natural person. data processing is necessary to enforce the legitimate interests of the Data Controller or a third party – unless the interests or fundamental rights and freedoms of the relevant User, which require the protection of personal data, take precedence over these interests, especially if the child concerned.
11.3. Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (hereinafter: Ekertv.) 13 / A. §, the Data Controller shall also inform the User of the following.
Data management service of Ekertv. information society-related e-commerce service.
The Data Controller may manage the natural personal identification data and address necessary for the identification of the User in order to create a contract for the provision of its service, to determine its content, modify it, monitor its fulfillment, invoice the resulting fees and enforce the related claims.
For the purpose of invoicing the fees arising from the contract for the provision of its service, the Data Controller may manage the User’s natural personal identification data, address and data on the date, duration and place of use of the service.
In order to provide the service, the data controller may process the personal data that are technically necessary for the provision of the service. If the other conditions are the same, the data controller shall select and in all cases operate the means used in the provision of the service in such a way that personal data is processed only if absolutely necessary for the provision of the service and other purposes specified in this Act. only to the extent and for the time necessary. (For more information on technically necessary data management, see the ” Information on the use of cookies” document.)
The Data Controller may process data related to the use of the service for any purpose other than those specified above – in particular to increase the efficiency of its service, deliver electronic advertising or other targeted content to the User, market research – only with prior determination of the purpose of data management and with the consent of the User.
12. Management of recruitment data, applications, CVs
12.1 Personal data that may be processed: name, date and place of birth, mother's name, address, qualifications, photograph, telephone number, e-mail address, employer's record of the applicant (if any).
12.2 The purpose of the processing of personal data is: application, evaluation of the application, conclusion of an employment contract with the selected person. The data subject must be informed if the employer has not selected him/her for the job.
12.3 Legal basis for processing: consent of the data subject.
12.4 Recipients or categories of recipients of personal data: managers and employees performing labour-related tasks who are entitled to exercise rights as employers in the Company.
12.5 Duration of storage of personal data: until the application or tender is assessed. Personal data of unsuccessful applicants will be deleted. Data of those who withdraw their application or candidature will also be deleted.
12.6 The employer may retain applications only on the basis of the explicit, unambiguous and voluntary consent of the data subject, provided that the retention is necessary for the purposes of the processing in accordance with the law. Such consent shall be requested from candidates after the recruitment procedure has been completed.
13. Data transmission
13.1. Persons affected by the data transfer: Users who choose an online payment method on the website during the order, regardless of the use of other services provided by the website.
13.2. Recipient of the data transfer:
OTP Mobile Service Provider Limited Liability Company (Simplepay)
Abbreviated name: OTP Mobil Szolgáltató Kft.Company registration number: 01-09-174466Tax number: 24386106-2-43office: 1093 Budapest, Közraktár u. 30-32.Postal address: 1093 Budapest, Közraktár u. 30-32.Phone: +36 1/20/30/70 3-666-611E-mail: [email protected]Website: https://www.simplepay.hu/
business company as an online payment service provider available on the Data Controller’s website.
13.3. Legal basis for the transfer of data: legitimate interest of the Recipient under Article 6 (1) (f) GDPR.
The payee is obliged to operate a fraud prevention and detection system in connection with the provision of the payment service in accordance with the legislation applicable to him and is entitled to handle the personal data necessary for this purpose. Recipient has established a system in accordance with its legal obligation, the operation of which requires the transfer of data by the Data Controller. Accordingly, it is in the legitimate interest of the Recipient to be able to operate the fraud prevention and detection system in order to fulfill its legal obligation. Legal provisions referred to for the Consignee:
– Act CCXXXVII of 2013 on Credit Institutions and Financial Undertakings. Section 165 (5) of the Act,– Act CCXXXV of 2013 on individual payment service providers. Act 92 / A. § (3) point f),– Act LXXXV of 2009 on the provision of payment services. Section 14 (1) (v) of the Act.
It is in the legitimate interest of the Data Controller and the Recipient to prevent fraud and to ensure the proper functioning of online payments. The proper functioning of the payment service is related to the main source of revenue for both organizations. However, it is also in the interest of the User to do so, especially to avoid misuse of bank card data.
The transfer of data makes it possible to detect and detect fraud and to remove any obstacles that may arise during the payment process.
The data will be transmitted from the user’s data processed during the booking / order via the electronic channel providing encrypted data traffic, only to the Recipient and only in case of online credit card payment, which the Recipient does not use for other purposes. It follows from all this that the data transfer does not pose a significant risk to the User, it does not have any additional perceptible effect on him.
The transfer of data is necessary to achieve the objectives set out here and is also suitable for making the payment service more secure.
Taking into account the above and the built-in guarantee measures, the transfer of data does not constitute an unreasonable interference with the privacy of the Users, therefore the transfer of data is a necessary and proportionate data management operation.
13.4. Scope of data transmitted:
– products placed in the basket during the purchase and purchase data appearing in the basket (prices, costs)– surname– first name– telephone number– e-mail– address– IP address
The User provides the bank card data provided during the payment directly to the payment service provider, so they do not become the property of the Data Controller.
13.5. The purpose of the data transmission: The proper operation of the payment service and the processing of payments in the technical sense, the confirmation of transactions, the operation of fraud monitoring to protect the interests of users – fraud detection system supporting the control of electronically initiated banking transactions, and customer service assistance.
13.6. The User can find out more about the data management implemented by SimplePay, the other circumstances of the data management – among others, its legal basis, purpose, the exact scope of the processed data, the duration of the data management – at https://www.simplepay.hu/adatkezelesi-tajekoztatok .
13.7. The data controller does not transfer data to third parties for business or marketing purposes.
13.8. In addition to the above, the data controller shall only transmit data to authorities in the event of a legal obligation.
14. Use of a data processor
The data controller uses the following economic entities as data processors.
14.1. Hosting provider
14.1.1. Persons involved in data processing: Users visiting the website, regardless of the use of the services provided by the website.
14.1.2. It is used by the data controller as a data processor
Kinsta Ltd.
Company registration number: 09030972VAT number: GB 214637911Grinstead, United Kingdom, RH19 4LZAddress: Unit 22 Bulrushes Business Park, Coombe Hill Road, EastGrinstead, United Kingdom, RH19 4LZE-mail: [email protected]Website: https://kinsta.com
business company as a web hosting provider (hereinafter: Data Processor).
14.1.3. Defining the scope of data covered by the data processing: The data processing concerns all the data indicated in this prospectus.
14.1.4. Purpose of data processing: To ensure the operation of the website in the sense of information technology for the relevant User.
14.1.5. Duration of data processing: Same as the data processing periods indicated in this prospectus for data processing regulated according to the data management purposes concerning each data group.
14.1.6. The processing of data only means the provision of storage space necessary for the operation of the website in the IT sense.
14.2. Data processing related to sending newsletters
14.2.1. Persons involved in data processing: Users who subscribe to the newsletter on the website, regardless of the use of other services provided by the website.
14.2.2. The data controller uses the
THE ROCKET SCIENCE GROUP LLC (MailChimp)
Abbreviated Name: THE ROCKET SCIENCE GROUP LLCCompany Registration
Number: 20161685162Tax Number: 20161685162Location: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USALocation: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USAPostal address: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USAPhone: +1 678 999 0141E-mail: [email protected]Website: https://mailchimp.com/
as a developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter: Data Processor).
14.2.3. Defining the scope of data involved in the data processing: The data processing concerns the name and e-mail address of the User subscribing to the newsletter.
14.2.4. The purpose of data processing: To ensure the operation of the software used by the Data Controller for sending newsletters in the sense of information technology, by means of data management in the technical operations necessary for the safe operation of the software.
14.2.5. Duration of data processing: Until the withdrawal of the User’s consent to send a newsletter (unsubscribe) or the deletion of the data at the request of the User.
14.2.6. The processing of the data means only the technical operations necessary for the operation of the software sending the newsletter in the IT sense.
14.3.1. Persons involved in data processing: Users who provide their data when subscribing to or ordering from the website.
14.3.2. The data controller uses the
Zapier Inc.
Head office: 548 Market St. 62411, San Fransisco, CA94104-5401 USALocation: 548 Market St. 62411, San Fransisco, CA94104-5401 USAPostacĂm: 548 Market St. 62411, San Fransisco, CA94104-5401 USAPhone: +1 877 381 8743E-mail: [email protected]Website: https://zapier.com/
business company as a provider of software assisting the administrative data processing used by the Data Controller (hereinafter: Data Processor).
14.3.3. Defining the scope of data affected by data processing: The data processing affects the e-mail address of the User in case of subscribing to the newsletter, and the order data in case of ordering.
14.3.4. The purpose of data processing: it automatically facilitates the transfer of data between the software used by the Data Controller, thus facilitating the administration.
14.3.5. Duration of data processing: With regard to subscribing to a newsletter, until the User’s consent to send a newsletter is revoked (unsubscribe), or until the data is deleted at the User’s request. As a general rule, for orders up to 5 years from the date of order.
14.4.1. Persons involved in data processing: Users who place an order on the website.
14.4.2. The data controller uses the
PrintNode Ltd.
Company registration number: 10383892
Tax number: GB233738796
Location: 1 Tuthill Park, Wardington, Oxford OX17 1RR, United Kingdom
Location: 1 Tuthill Park, Wardington, Oxford OX17 1RR, United Kingdom
Postal address: 1 Tuthill Park, Wardington, Oxford OX17 1RR, United Kingdom
Phone: +44 20 3743 7310
Email: [email protected]
Website: https: // www.printnode.com/
company as a provider of label printing software used by the Data Controller (hereinafter: Data Processor).
14.4.3. Defining the scope of data affected by data processing: Data processing affects the name, delivery address, billing address and telephone number of the User ordering the product.
14.4.4. Purpose of data processing: Addressing of the package (product) sent by the Data Controller to the User.
Duration of data processing: The data controller handles the data until 5 years from the conclusion of the contract – the general limitation period applicable to civil law claims.
14.5. Data management relating to electronic mail software
14.5.1. Stakeholders involved in data processing: The Stakeholders indicated in this prospectus, with whom the Data Controller maintains contact by electronic mail.
14.5.2. The data controller uses the
HelpScout Inc.
Headquarters: 100 City Hall Plaza, 5th Floor, Boston, MA 02108, USA
Phone: +1 866-376-9322
Email: [email protected]
Website: https://www.helpscout.com/
as a developer and maintainer of software for electronic mail (hereinafter referred to as “Data Processor”).
14.5.3. Defining the scope of data involved in the data processing: firstly the name and e-mail address of the data subject, and secondly the additional data sent by the Data Subject by e-mail.
14.5.4. Purpose of data processing: To ensure the operation of electronic mail.
14.5.5. Nature of data processing: The processing of data means only the provision of the software required for electronic mail.
14.6. Hosting services for electronic mail
14.6.1. Stakeholders involved in data processing: The Stakeholders indicated in this prospectus, with whom the Data Controller maintains contact by electronic mail.
14.6.2. The data controller uses the
Google Ireland Ltd.
Company registration number: 11603307
Tax number: IE 6388047V
Headquarters: Gordon House, Barrow Street, Dublin 4, Ireland
Postal address: Gordon House, Barrow Street, Dublin 4, Ireland
Phone: +353 1 436 1000
Website: https://www.google.ie/
as a provider of electronic storage for electronic mail (hereinafter: Data Processor).
14.6.3. Defining the scope of the data involved in the data processing: firstly the name and e-mail address of the data subject, and secondly the additional data sent by the Data Subject by e-mail.
14.6.4. Purpose of data processing: To provide the storage space necessary for the operation of electronic mail.
14.6.5. Nature of data processing: The processing of data means only the provision of storage space for electronic mail.
14.7. Data processing related to SMS sending
14.7.1. Stakeholders: Users who order a product on the website.
14.7.2. The data controller uses the
TOPefekt s. r. o.
Tax number: CZ29444268 Registered
office: B. Nemcove 767/13, 78701 Sumperk, Czech Republic
Location: B. Nemcove 767/13, 78701 Sumperk, Czech Republic
Postal address: B. Nemcove 767/13, 78701 Sumperk, Czech Republic
Telephone: +420 581 110 998
Website: http://www.woo-sms.net/
company as the developer and maintainer of the SMS sending software used by the Data Controller (hereinafter: Data Processor).
14.7.3. Defining the scope of data affected by data processing: Data processing affects the name and telephone number of the User placing the order. The data processing affects the name and telephone number of the User placing the order, if he / she did not receive the delivered product, did not appear for the product in case of personal receipt, or did not pay the purchase price of the product in case of advance transfer.
14.7.4. The purpose of the data processing: the notification sent by the Data Controller in connection with the delivery of the products ordered by the User but not taken over by the User.
14.7.5. Duration of data processing: By the user until receipt of the product.
14.8. Product delivery data processing
14.8.1. Scope of data processing: Users who order the product by delivery to the address indicated by them, delivery to a parcel point or MPL parcel machine, or receipt by PostaPont.
14.8.2. The data controller uses the
GLS General Logistics Systems Hungary Package Logistics Limited Liability Company
Abbreviated name: GLS General Logistics Systems Hungary Kft.
Company registration number: 13-09-111755
Tax number: 12369410-2-44 Registered
office: 2351 Alsónémedi, GLS Európa u. 2.
Postal address: 2351 Alsónémedi, GLS Európa u. 2.
Phone: +36 29 886 670
Fax: +36 29 886 610
E-mail: [email protected]
Website: https://gls-group.eu/EN/hu/home
a transport company (hereinafter: Data Processor ) – in respect of Users requesting home delivery to the Hungarian address with the GLS service,
and the
Magyar Posta Private Limited Company
Abbreviated name: Magyar Posta Zrt.
Company registration number: 01-10-042463
Tax number: 10901232-2-44 Registered
office: 1138 Budapest, Dunavirág utca 2-6.
Postal address: 1540 Budapest
Phone: +36 1 767 8282
Fax: +36 46 320 136
E-mail: [email protected]
Website: https://posta.hu
the company delivering the ordered products and providing the MPL PostaPont and parcel machine service (hereinafter: Data Processor ), – in respect of Users requesting home delivery to the Hungarian address with the MPL service and requesting delivery to MPL PostaPont or parcel machine,
and the
Csomagküldő.hu Limited Liability Company
Abbreviated name: Csomagküldő.hu Kft.
Company registration number: 01-09-202186
Tax number: 25140550-2-41 Registered
office: 1031 Budapest, VĂzimolnár utca 10. 6. em. 54.
Postal address: 1031 Budapest, VĂzimolnár utca 10. 6. em. 54.
Phone: +36 1 400 88 06
E-mail: [email protected]
Website: https://www.csomagkuldo.hu/
the ordered product in Hungary Mail Order Ltd Package points of delivery, in case of foreign orders the delivery organization of business association executive (hereinafter. Data Processing ) operators and shipping and packaging points partners – requesting delivery of the Mail Order Ltd Package thereof, and requesting home delivery abroad sent Users with respect..
14.8.3. Defining the scope of data affected by data processing: Data processing affects the following data of the User in order to fulfill the contract concluded following the User’s order (execution of delivery):
– surname
– first name
– telephone number
– delivery address.
14.8.4. The purpose of data processing: within the framework of the fulfillment of the contract concluded following the User’s order, the delivery of the ordered product by delivery to the address indicated by the User, if necessary by telephone consultation on the place and time of delivery.
14.8.5. Duration of data processing: the time required to complete the delivery and delivery.
14.8.6. Data processing is limited to the data processing operations necessary to complete the delivery and delivery.
14.8.7. Csomagküldő.hu Kft. Forwards the data necessary for the delivery of the product to the partners of the delivery or package points for the delivery of the product, whose identity can be found on the website of the Kft.: Https://www.csomagkuldo.hu/ .
14.9. Data processing related to the production of invoices
14.9.1. Persons involved in data processing: Users who place an order on the website, regardless of the use of other services provided by the website.
14.9.2. It is used by the data controller as a data processor
Octonull Limited Liability Company
Abbreviated name: Octonull Kft.
Company registration number: 01-09-198177
Tax number: 25073364-2-42
Registered
office: 1085 Budapest, József körút 74. I. em. 6.
Postal address: 8230 BalatonfĂĽred JĂłkai u 5.
Phone: +36 70 904 8287
E-mail: [email protected]
Website: https://www.billingo.hu/
company as the developer and maintainer of the billing software used by the Data Controller (hereinafter: Data Processor).
14.9.3. Defining the scope of data involved in the data processing: The data processing concerns the name and address of the user placing the order, as well as the indication of the ordered product (s) and / or service (s), the date of purchase and receipts, delivery charges and any other fees.
14.9.4. The purpose of data processing: To ensure the operation of the software used by the Data Controller for issuing invoices in the information technology sense, by means of data management in the technical operations necessary for the secure operation of the software.
14.9.5. Duration of data processing: the time required to fulfill the document retention obligation arising from the Accounting Act – up to 8 years from the issuance of the invoice.
14.9.6. The processing of the data means only the technical operations necessary for the IT operation of the software used to issue the invoice.
14.10. Data processing related to accounting services
14.10.1. Scope of data processing: Users who place an order.
14.10.2. It is used by the data controller as a data processor
MONA-VÉD Accounting and Tax Experts Limited Liability Company
Abbreviated name: MONA-VÉD Kft.
Company registration number: 13-09-130998
Tax number: 14880207-2-13
Registered
office: 2200 Monor, Attila utca 24.
Postal address: 2200 Monor, Attila utca 24.
Phone: +36 20 365 5729
Website: –
company as the accountant of the data controller’s economic activity (hereinafter: Data Processor).
14.10.3. Defining the scope of data affected by the data processing: The data processing concerns the name and address of the User placing the order, as well as the data on the receipts containing the ordered item (s), date of purchase and purchase price, delivery fee and any other fees.
14.10.4. Purpose of data processing: Fulfillment of the accounting obligations prescribed by law for the economic activity performed by the Data Controller by using the service of the above Data Processor.
14.10.5. Duration of data processing: up to the time necessary for the fulfillment of the document retention obligation arising from the Accounting Act – until the cancellation in the year following the 8th year after the issuance of the invoice.
14.10.6. The processing of data is limited to the operations necessary to fulfill and verify the accounting obligations.
14.11. Data is not processed for any other purpose.
14.12. The Data Controller does not use any data processor other than the Data Processors indicated above.
15. User rights related to data management
15.1. Right of access: At the request of the User, the Data Controller shall provide information on the data processed by the User or processed by the Data Processor, their source, purpose, legal basis, duration, name, address and activities related to data processing, if any. the circumstances, effects and measures taken to remedy the data protection incident and, in the case of transfers of personal data of the data subject, the legal basis and the recipient of the transfer. The Data Controller shall provide the information without undue delay, but no later than within one month from the receipt of the request.
Under the right of access, the Data Controller shall provide the User with a copy of the personal data subject to data processing no later than within one month from the receipt of the request. The Data Controller may charge a reasonable fee based on administrative costs (according to clause 15) for additional copies requested by the User.
15.2. Right to data portability: The user has the right to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine-readable format, and he / she has the right to transfer this data to another data controller without being hindered by the controller to whom you have provided the personal data if:
a) the data processing is based on the User’s consent or contract; and
(b) the data processing is automated.
In exercising the right to data portability as described above, the User is entitled to request, if technically feasible, the direct transfer of personal data between data controllers.
15.3. Right to rectification: The User may request the rectification of his / her managed data, which the Data Controller shall perform without undue delay, but no later than within one month from the receipt of the request. Taking into account the purpose of data management, the User is entitled to request the completion of incomplete personal data, inter alia by means of an additional statement.
15.4. Right to restrict data management: The data controller marks the personal data he / she handles for the purpose of restricting data management. User is entitled to restrict the data management at the request of the Data Controller if any of the following is met:
a) the User disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to check the accuracy of the personal data;
b) the data processing is illegal and the User objects to the deletion of the data and instead requests a restriction on their use;
c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession
d) the User objected to the data processing carried out on the basis of the legitimate interest of the Data Controller; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
15.5. Right to delete: The data controller deletes the personal data if:
(a) personal data are no longer required for the purpose for which they were collected or otherwise processed;
b) the User withdraws the consent on which the data processing is based, and the data processing has no other legal basis;
c) the User objects to the data processing and there is no priority legitimate reason for the data processing, or the User objects to the data processing for the purpose of direct business acquisition;
(d) personal data have been processed unlawfully;
(e) personal data must be deleted in order to fulfill a legal obligation to which the controller is subject under Union or Member State law;
f) the User requests the deletion or objects to the data processing and the personal data was collected in connection with the provision of information society services directly to children.
The data controller shall notify the affected User of the rectification, restriction and deletion, as well as all data controllers to whom the data has previously been transmitted. Notification may be omitted if it proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the User about these recipients.
15.6. Right to protest: The User has the right to protest at any time for reasons related to his / her situation against the processing of his / her personal data based on the legitimate interest of the Data Controller. In that case, the controller may not further process the personal data unless the controller demonstrates that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, assert or defend legal claims. are related.
16. Fulfilling User Requests
16.1. The information and measures provided for in point 14 shall be provided free of charge by the Data Controller. If the request of the User concerned is clearly unfounded or, in particular due to its repetitive nature, excessive, the Data Controller, taking into account the administrative costs involved in providing the requested information or information or taking the requested action:
(a) charge a reasonable fee, or
(b) refuse to act on the request.
16.2. The Data Controller shall, without undue delay, but no later than within one month from the receipt of the request, inform the User of the measures taken following the request, including the issuance of copies of the data. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the User about the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. If the relevant User has submitted his / her request electronically, the information shall be provided electronically by the Data Controller, unless the User concerned requests otherwise.
16.3. If the Data Controller does not take action at the request of the User concerned, without delay, but no later than within one month from the receipt of the request, inform the data subject of the reasons for non-action and that the User may lodge a complaint with the supervisory authority indicated in point 17, and may exercise its right of judicial review as set forth herein.
16.4. User may submit his / her requests to the Data Controller in any way that allows the identification of his / her person. The identification of the User submitting the request is necessary because the Data Controller can fulfill the requests only to those entitled to do so. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, he / she may request the provision of additional information necessary to confirm the identity of the User concerned.
16.5. User requests can be sent by post to the address of Data Controller 6000 Kecskemét, Ceglédi út 99 , by e-mail to [email protected] . A request sent by e-mail is considered authentic by the Data Controller only if it is sent from the e-mail address provided and registered by the User to the Data Controller, however, the use of another e-mail address does not mean that the request is ignored. In the case of e-mail, the date of receipt shall be the first working day following dispatch.
17. Data protection, data security
17.1. Within the scope of his / her data management and data processing activities, the data controller ensures the security of the data, ensures the enforcement of the legislation and other data and confidentiality rules through technical and organizational measures and internal procedural rules. It shall protect, in particular, the data processed against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage and from inaccessibility due to changes in the technology used.
17.2. From the very beginning, the data used by the Data Controller’s IT system records the data on which the traffic is measured and the habits of using the website are mapped in such a way that they cannot be directly linked to any person.
17.3. The data will only be processed to the extent necessary and proportionate to achieve the legitimate purpose set out in this prospectus, in accordance with the relevant legislation and recommendations, with appropriate security measures.
17.4. To do this, the Data Controller uses the http protocol with the “https” scheme to access the website, with which the web communication can be encrypted and uniquely identified. In addition, in accordance with the above, the Data Controller stores the processed data in data management lists recorded in the form of encrypted data files, separate for each data management purpose, which may be accessed by specific employees of the Data Controller. appropriate responsible management.
18. Enforcement
Data subjects can exercise their rights in court and apply to the National Data Protection and Freedom of Information Authority:
National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c.
Postal address: 1530 Budapest, Pf .: 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: [email protected]
Website: http://www.naih.hu/
In the event of a choice of court, the lawsuit may, at the option of the User concerned, be instituted before the court of the place of residence or stay of the person concerned, as the lawsuit falls within the jurisdiction of the court.
February 23, 2024
WeLoveShirts Kft.