Information on data management
Data Controller
Name: Valéria Tolnai ev.
Registered office: 4031, Debrecen, Kishegyesi út 156.A. A.ép. II/8.
Mailing address, complaint handling: 4031, Debrecen, Kishegyesi út 156.A. II/8.
Email: tolnaiarany@gmail.com
Phone number: +36 20 484 4571
Website: https://www.tolnaiarany.hu/
Hosting provider
Name: WIX
Website: https://www.wix.com
Contact: https://www.wix.com/about/contact-us
Description of data processing during the operation of the webshop
This document contains all relevant data processing information regarding the operation of the webshop in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Infotv.).
Information on the use of cookies
What is a cookie?
The Data Controller uses so-called cookies when visiting the website. A cookie is a package of letters and numbers that our website sends to your browser in order to save certain settings, make our website easier to use and help us collect some relevant, statistical information about our visitors.
Some of the cookies do not contain personal information and are not suitable for identifying the individual user, but some of them contain a unique identifier - a secret, randomly generated number - that is stored by your device, thus ensuring your identification. The operating period of each cookie is included in the relevant description of each cookie.
Legal background and legal basis of cookies:
We basically distinguish between three types of cookies: cookies that are essential for the operation, which serve the proper functioning of the Website, cookies for statistical purposes and cookies for marketing purposes.
The legal basis for data processing is your consent in the case of cookies for statistical and marketing purposes pursuant to Article 6(1)(a) of the Regulation, and the legitimate interest necessary to ensure the operation of the Website in the case of cookies necessary for operation pursuant to Article 6(1)(f) of the Regulation.
Main characteristics of the cookies used by the website:
Essential and essential cookies:
These cookies serve essential functions such as security, identity verification and network management. These cookies cannot be disabled. If you do not accept the use of these cookies, certain functions may not be available to you.
The lifespan of these types of cookies is limited only to the duration of the work session.
employee_login_last_email When logging in, the email address is stored until the browser is closed.
Ealrm, ealem, ealpw Provides permanent login. Lifespan 180 days.
come_from Performs a login redirect. Lifespan 10 minutes.
currency Stores the customer's currency. Lifespan 30 days.
Statistical cookies:
These cookies help us understand how visitors interact with our website, identify errors, and perform better overall analysis. Cookies designed to improve the user experience collect information about how users use the website, such as which pages they visit most often or what error messages they receive on the website. These cookies do not collect information that identifies the visitor, i.e. they work with completely general, anonymous information. We use the data obtained from them to improve the performance of the website. The lifespan of these types of cookies is limited only to the duration of the session.
Functional cookies:
These cookies collect data and store visitor habits, so that we can improve the personal experience and customize certain features.
Marketing cookies:
These cookies are used to track the effectiveness of advertising. They are designed to provide users with a better experience and to show ads that are more relevant to their interests.
Remarketing cookies:
They may be displayed to previous visitors or users when they browse other sites on the Google Display Network or search for terms related to your products or services
predictionio:
A user identification cookie used to recommend personalized ads. It has a lifespan of 3 months.
Facebook pixel (Facebook cookie):
The Facebook pixel is a code that is used to generate reports on conversions on a website, create target audiences, and provide the website owner with detailed analytics about how visitors use the website. Facebook pixel allows you to display personalized offers and ads to website visitors on Facebook. You can read Facebook's privacy policy here: https://www.facebook.com/privacy/explanation
You can find more information about deleting cookies at the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
Data processed for the purpose of concluding and fulfilling a contract
Several data processing cases may be implemented for the purpose of concluding and fulfilling a contract. We would like to inform you that data processing related to complaint handling and warranty administration will only be implemented if you exercise one of the aforementioned rights.
If you do not make a purchase through the webshop, but are only a visitor to the webshop, then the data processing for marketing purposes may apply to you if you give us your consent for marketing purposes.
In more detail, the data processing carried out for the purpose of concluding and fulfilling the contract:
Contact
For example, if you contact us by email, via a contact form, or by phone with a question about a product. Prior contact is not mandatory, and you can order from the webshop at any time without doing so.
Processed data
The data you provide during the contact.
Duration of data processing
We will only process the data until the contact is completed.
Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller when contacting us. [Data processing pursuant to Article 6(1)(a) of the Regulation]
Registration on the website
By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to be provided again when making a new purchase). Registration is not a condition for concluding a contract.
Data processed
During data processing, the Data Controller processes your name, address, telephone number, e-mail address, characteristics of the purchased product and the date of purchase.
Duration of data processing
Until you withdraw your consent.
Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by registering [Data processing pursuant to Article 6(1)(a) of the Regulation]
Order processing
During the processing of orders, data processing activities are necessary in order to fulfill the contract.
Data processed
During data processing, the Data Controller processes your name, address, telephone number, e-mail address, characteristics of the purchased product, order number and date of purchase.
If you have placed an order in the webshop, data processing and the provision of data are essential for the fulfillment of the contract.
Duration of data processing
The data is processed for 5 years according to the civil law limitation period.
Legal basis for data processing
Performance of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]
Issuance of the invoice
The data processing process takes place in order to issue an invoice in accordance with the law and to fulfill the obligation to retain accounting documents. Pursuant to Section 169(1)-(2) of the VAT Act, business entities must retain the accounting documents directly and indirectly supporting the accounting settlement.
Processed data
Name, address, and in the case of a legal entity, also the tax number.
Duration of data processing
According to Section 169(2) of the VAT Act, issued invoices must be retained for 8 years from the date of issue of the invoice.
Legal basis for data processing
Act CXXVII of 2007 on Value Added Tax According to Section 159 (1), the issuance of an invoice is mandatory and it must be kept for 8 years according to Section 169 (2) of Act C of 2000 on Accounting [Data processing pursuant to Article 6 (1) (c) of the Regulation].
Data processing related to the delivery of goods
The data processing process takes place in order to deliver the ordered product.
Data processed
Name, address, e-mail address, telephone number.
Duration of data processing
The Data Controller processes the data until the delivery of the ordered product.
Legal basis for data processing
Performance of a contract [Data processing pursuant to Article 6 (1) (b) of the Regulation].
Recipients and data processors of data processing related to the delivery of goods
Name of the recipient: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Address of the recipient: 2351 Alsónémedi, GLS Európa u. 2.
Phone number of the recipient: +36 29 886 700, +36 20 890-0660
Email address of the recipient: info@gls-hungary.com
Website of the recipient: https://gls-group.com/HU/hu/home/
The courier service participates in the delivery of the ordered goods based on the contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.
Handling of warranty and guarantee claims
We must proceed with warranty and guarantee claims in accordance with the rules of Decree 19/2014. (IV. 29.) NGM, which also determines how we must handle your claim.
Processed data
When handling warranty and guarantee claims, we must act in accordance with the rules of Decree 19/2014. (IV. 29.) of the Ministry of National Economy.
Based on the decree, we are obliged to record a report on the warranty or guarantee claim reported to us, in which we record:
a) your name, address, and your declaration that you consent to the processing of your data recorded in the report in accordance with the provisions of the decree,
b) the name and purchase price of the movable property sold under the contract concluded between you and us,
c) the date of performance of the contract,
d) the date of notification of the defect,
e) a description of the defect,
f) the right you wish to assert based on your warranty or guarantee claim, and
g) the method of settling the warranty or guarantee claim or the reason for rejecting the claim or the right you wish to assert based on it.
If we take over the purchased product from you, we must issue a receipt, which must include
a) your name and address,
b) the data necessary to identify the item,
c) the date of receipt of the item, and
d) the date when you can receive the repaired item.
Duration of data processing
The company is obliged to keep the minutes of the consumer's warranty or guarantee claim for three years from the date of its receipt and to present them to the supervisory authority upon request.
Legal basis for data processing
The legal basis for data processing is compliance with the legal obligations pursuant to Regulation 19/2014. (IV. 29.) of the Ministry of the Interior [4. Section (1) and 6. Section (1)] [Data processing pursuant to Article 6. Section (1) c) of the Regulation].
Management of other consumer complaints
The data management process is carried out in order to handle consumer complaints. If you have contacted us with a complaint, then data management and the provision of data are essential.
Processed data
Customer name, telephone number, email address, content of the complaint.
Duration of data management
We retain warranty complaints for 5 years in accordance with the Consumer Protection Act.
Legal basis for data management
It is your voluntary decision whether to contact us with a complaint, however, if you contact us, we are obliged to retain the complaint for 3 years in accordance with Section 17/A. (7) of Act CLV of 1997 on Consumer Protection [Data management pursuant to Article 6(1)(c) of the Regulation].
Data processed in connection with the verification of consent
During registration, ordering, and subscribing to the newsletter, the IT system stores IT data related to consent for the purpose of later verification.
Processed data
Date of consent and IP address of the data subject.
Duration of data processing
Due to legal requirements, consent must be verified later, therefore the data storage period is stored for the limitation period after the termination of data processing.
Legal basis for data processing
Article 7(1) of the Regulation stipulates this obligation. [Data processing pursuant to Article 6(1)(c) of the Regulation]
Data processing for marketing purposes
Data processing related to sending newsletters
The data processing process takes place in order to send newsletters.
Processed data
Name, e-mail address.
Duration of data processing
Until the data subject withdraws their consent.
Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [Data processing pursuant to Article 6(1)(a) of the Regulation]
Remarketing
Data processing as a remarketing activity is implemented using cookies.
Processed data
Data processed by cookies as defined in the cookie policy.
Duration of data processing
Data storage period of the given cookie, more information is available here:
Google general cookie policy:
https://www.google.com/policies/technologies/types/
Google Analytics policy:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook policy:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by using the website [Data processing pursuant to Article 6(1)(a) of the Regulation].
Further data processing
If the Data Controller intends to carry out further data processing, it will provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).
Recipients of personal data
Data processing for the storage of personal data
Name of the data processor: WIX
Contact details of the data processor:
https://www.wix.com/about/contact-us
The Data Processor stores personal data based on a contract concluded with the Data Controller. It is not entitled to access personal data.
Data processing activity related to sending newsletters
Name of the company operating the newsletter sending system: WIX
Website and contact details of the company operating the newsletter sending system: https://www.wix.com
Contact details of the company operating the newsletter sending system: https://www.wix.com/about/contact-us
The Data Processor participates in sending newsletters based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the name and e-mail address of the data subject to the extent necessary for sending the newsletter.
Accounting-related data processing
Name of the data processor: Marianna Nagy-Sándor
Registered office of the data processor: 3348 Szilvásvárad, Egri út 15/1
Phone number of the data processor: +36 30 564 0252
Email address of the data processor: optimaonlineiroda@gmail.com
Website of the data processor:
The Data Processor contributes to the accounting of accounting documents based on a written contract concluded with the Data Controller. In the course of this, the Data Processor processes the name and address of the data subject to the extent necessary for the accounting records, for a period in accordance with Section 169 (2) of the Sztv., and deletes it immediately thereafter.
Invoicing-related data processing
Name of the data processor: KBOSS.hu Kft.
The data processor’s registered office is: 1031 Budapest, Záhony utca 7.
The data processor’s telephone number:
The data processor’s e-mail address: info@szamlazz.hu
The data processor’s website: https://www.szamlazz.hu/
The Data Processor cooperates in the accounting records based on a contract concluded with the Data Controller. In the course of this, the Data Processor processes the name and address of the data subject to the extent necessary for the accounting records, for a period of time in accordance with Section 169 (2) of the Data Protection Act, and then deletes them.
Data processing related to online payments
Name of the data controller: STRIPE
Registered office of the data controller:
Phone number of the data controller:
Email address of the data controller:
Website of the data controller: https://stripe.com/en-hu/contact
The payment service provider cooperates in the implementation of the Online Payment based on the contract concluded with the Data Controller, for which purpose data is transferred to the online payment service provider during the purchase process. In this process, the online payment service provider processes the billing name and address of the data subject, the order number and date in accordance with its own data processing rules.
Purpose of the data transfer: to provide the online payment service provider with the transaction data necessary for the payment transaction initiated by it related to the purchase.
The legal basis for the data transfer is: the performance of a contract concluded between you and the Data Controller pursuant to Article 6(1)(b) of the Regulation, which includes payment by the buyer, and in the case of online payment, the data transfer required for payment pursuant to this point
Your rights during data processing
Within the period of data processing, you have the following rights under the provisions of the Regulation:
- the right to withdraw consent
- access to personal data and information about data processing
- right to rectification
- restriction of data processing,
- right to erasure
- right to object
- right to portability.
If you wish to exercise your rights, this will involve your identification and the Data Controller will necessarily have to communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification may only be based on data that the Data Controller already processes about you), and your complaints regarding data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and would like to identify yourself for the purpose of complaint management or warranty management, please provide your order ID for identification. We can also use this to identify you as a customer.
The Data Controller will respond to complaints regarding data processing within 30 days at the latest.
Right to withdraw consent
You have the right to withdraw your consent to data processing at any time, in which case we will delete the data provided from our systems. Please note, however, that in the case of an order that has not yet been fulfilled, withdrawal may result in us not being able to deliver to you. In addition, if the purchase has already been made, we cannot delete billing-related data from our systems based on accounting regulations, and if you owe us a debt, we may process your data based on a legitimate interest in collecting the claim even if you withdraw your consent.
Access to personal data
You have the right to receive feedback from the Data Controller as to whether your personal data is being processed, and if data processing is in progress, you have the right to:
- receive access to the personal data processed and
- be informed by the Data Controller of the following information:
- the purposes of the data processing;
- the categories of personal data processed about you;
- information about the recipients or categories of recipients to whom or with whom the Data Controller has disclosed or will disclose the personal data;
- the planned period for which the personal data will be stored, or, if this is not possible, the criteria for determining this period;
- your right to request from the Controller rectification, erasure or restriction of processing of personal data concerning you and, where processing is based on legitimate interests, to object to the processing of such personal data;
- the right to lodge a complaint with a supervisory authority;
- if the data were not collected from you, all available information on their source;
- the fact of automated decision-making (if such a process is used), including profiling, and at least in such cases, intelligible information on the logic involved and the significance and foreseeable consequences of such processing for you.
The purpose of exercising the right may be to establish and verify the lawfulness of data processing, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.
The Data Controller provides access to personal data by sending you the processed personal data and information by email after identifying you. If you have registered, we provide access so that you can view and verify the personal data processed about you by logging into your user account.
Please indicate in your request whether you are requesting access to personal data or information related to data processing.
Right to rectification
You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.
Right to restriction of processing
You have the right to obtain from the Controller restriction of processing where one of the following applies:
- You contest the accuracy of the personal data, in which case the restriction shall apply for a period enabling the Controller to verify the accuracy of the personal data; if the accuracy of the data can be ascertained immediately, the restriction shall not apply;
- the processing is unlawful, but you oppose the erasure of the data for any reason (for example, because the data are important to you for the exercise of legal claims), and therefore you do not request the erasure of the data, but instead request the restriction of their use;
- the Controller no longer needs the personal data for the purposes of the specified processing, but you require them for the establishment, exercise or defence of legal claims; or
- You have objected to the processing, but the legitimate interests of the Data Controller may also justify the processing, in which case the processing must be restricted until it is determined whether the legitimate grounds of the Data Controller override your legitimate grounds.
If the processing is subject to restriction, such personal data may only be processed, with the exception of storage, with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the Union or a Member State.
The Data Controller will inform you in advance (at least 3 working days before the lifting of the restriction) of the data processing restriction.
Right to erasure - right to be forgotten
You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;
- you withdraw your consent and there is no other legal basis for the processing;
- you object to processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for the processing;
- the personal data have been unlawfully processed by the Data Controller and this has been established on the basis of a complaint;
- the personal data must be erased for compliance with a legal obligation to which the Data Controller is subject under Union or Member State law.
Where the Controller has made personal data concerning you public for any legitimate reason and is required to erase them for any of the reasons set out above, the Controller shall take reasonable steps, including technical measures, taking into account available technology and the cost of implementation, to inform other controllers processing the data that you have requested the erasure of links to or copies or replications of the personal data concerned.
Erasure shall not apply where processing is necessary:
- for the exercise of the right to freedom of expression and information;
- for compliance with an obligation to process personal data under Union or Member State law to which the Controller is subject (such is the case for processing in the context of invoicing, as the retention of the invoice is required by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- to submit, enforce or defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data processing complaint is in progress).
Right to object
You have the right to object at any time to the processing of your personal data based on legitimate interests, on grounds relating to your particular situation. In such a case, the Controller shall not process the personal data any longer, unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the processing of personal data is carried out for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling insofar as it is related to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to portability
Where the processing is carried out by automated means or where the processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller shall make available to you in xml, JSON or csv format, and, where technically feasible, you may request that the Data Controller transmit the data in this form to another data controller.
Automated decision-making
You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. In such cases, the Data Controller shall take suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to object to the decision.
The above shall not apply if the decision:
is necessary for entering into, or the performance of, a contract between you and the Controller;
is permitted by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
Registration in the data protection register
According to the provisions of the Infotv., the Data Controller had to report certain data processing operations to the data protection register. This reporting obligation ceased on May 25, 2018.
Data security measures
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.
The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.
Legal remedies
If you believe that the Data Controller has violated any legal provisions relating to data processing or has not complied with any of your requests, you may initiate an investigation procedure with the National Data Protection and Freedom of Information Authority in order to terminate the allegedly unlawful data processing (correspondence address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).
We also inform you that in the event of a violation of the legal provisions relating to data processing or if the Data Controller has not complied with any of your requests, you may file a civil lawsuit against the Data Controller in court.
Amendment of the Data Processing Notice
The Data Controller reserves the right to amend this Data Processing Notice in a manner that does not affect the purpose and legal basis of the dat
a processing. By using the website after the amendment comes into force, you accept the amended Data Processing Notice.
If the Data Controller intends to carry out further data processing in relation to the collected data for a purpose other than the purpose of their collection, it will inform you of the purpose of the data processing and the following information before further data processing:
- the duration of storage of the personal data, or if this is not possible, the criteria for determining the duration;
- your right to request from the Data Controller access to, rectification, erasure or restriction of processing of your personal data, and in the case of data processing based on legitimate interest, you may object to the processing of your personal data, and in the case of data processing based on consent or a contractual relationship, you may request the right to data portability;
- in the case of data processing based on consent, that you may withdraw your consent at any time,
the right to lodge a complaint with a supervisory authority;
- whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for entering into a contract, and whether you are obliged to provide the personal data, and what the possible consequences of not providing the data may be;
- the fact of automated decision-making (if such a procedure is used), including profiling, and at least in these cases, understandable information about the logic involved and the significance of such data processing and the likely consequences for you.
Data processing may only begin after this, if the legal basis for data processing is consent, you must also consent to the data processing in addition to being informed.
Product range:
Additional useful content: