Privacy policy

THE JUHASZDORA.COM WEBSITE 

PRIVACY POLICY

Dóra Juhász (hereinafter: Data Controller) hereby informs visitors to the website www.juhaszdora.com (hereinafter: Website) in the juhaszdora.com electronic store located on the Website (hereinafter: Webstore) customers, subscribers to the newsletter (in summary hereafter: Data Subject, User, Consumer or you) about the personal data it handles, the practice followed in the management of personal data, and the manner and possibilities of exercising the rights of the data subject.

Dóra Juhász e.v. website available under the domain name www.juhaszdora.com. (hereinafter: Service Provider) is considered its own Website.

The Data Controller reserves the right to amend this Data Protection Notice (hereinafter: "Notice"). The Data Controller publishes the currently valid version of the Information on its website. By using the Website, the User accepts the contents of the Information Sheet at the same time, so please read this Information Sheet carefully before using the Website. The User gives his consent to the individual data management by using the Website and by voluntarily providing the data in question.

The use of the text and content of this Notice by third parties for their own purposes without consent on another website, its copying, or the adoption of the entire text or any part of the text is prohibited.

DEFINITIONS

  • "data subject": natural person identified or identifiable on the basis of any information;
  • "personal data": any information relating to the data subject; can be identified as a natural person who, directly or indirectly, in particular by an identifier, such as a name, number, location data, online identifier or the likeness of the natural person, one or more of the physical, physiological, genetic, mental, economic, cultural or social identity identifiable by factor;
  • "data management": any operation or set of operations carried out on personal data or data files regardless of the procedure used - i.e. automated or paper-based - such as collection, recording, organization, segmentation, storage, transformation or change, querying, viewing, use, deletion and destruction;
  • "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others;
  • "data transfer": making data available to a specific third party;
  • "user": the person providing information with consumer status who places an order regarding the services available on the Website, and thus whose personal data is collected and managed by the Data Controller; or a visitor to the Website.
  • "consent": the voluntary, specific and well-informed and clear declaration of the data subject's will, by which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her;
  • "data processing": the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
  • "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled; "service": fulfillment of orders for products/bags available on the website;
  • "homepage/website": www.juhaszdora.com

1. DATA OF THE SERVICE PROVIDER

Name: Juhász Dóra egyéni vállalkozó

Headquarters and mailing address: 1027 Budapest, Fő utca 63-65. V/2.

Workshop: 1027 Budapest, Jurányi utca 1.

Registration number: 31368481

VAT number: 66060761-1-41 (HU66060761)

E-mail addressmail@juhaszdora.com

Phone number: +3670 316 4497  

2. BASIC PRINCIPLES RELATING TO DATA MANAGEMENT

The Data Controller collects and processes personal data legally and fairly, as well as in a transparent manner for the Data Subject. The Data Controller collects and processes personal data only for specific, clear and legal purposes. The personal data managed by the Data Controller are adequate and relevant in terms of the purposes of the data management, and are limited to what is necessary in terms of extent and duration.

The Data Controller manages the data in such a way that the appropriate security of the personal data is ensured by applying appropriate technical or organizational measures, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of the data.

In order to verify compliance with the presented principles, the Data Controller keeps internal data management records of its individual data management operations. If the informant does not provide his own personal data, the informant is obliged to obtain the Data Subject's consent.

3. SCOPE OF PROCESSED DATA, PURPOSE, DURATION AND LEGAL BASIS OF DATA PROCESSING

 The Data Controller carries out data management related to the management of personal data for the following purposes and in connection with the activities listed below:

 

1. Data of website visitors
Managed data circle Purpose of data management Duration of data management Legal basis for data management
date of visit;IP address of the User's computer at the time of visit; identification number,

 

 

the type of browser used by the User.

 

· website use; · checking the operation of the services during website visits; · collecting statistical information; · preventing abuses.

 

60 days from viewing the website.

 

Voluntary consent of the User is Article 6 (1) point a) of the GDPR; the Elker. TV. 13/A. (3) of §

 

2. Data management related to online shopping (juhaszdora.com web store).
Managed data circle Purpose of data management Duration of data management Legal basis for data management

 Personal identification data:

surname and first name,e-mail address, telephone number; other possible personal data entered in the "other requests" column, coupon code (optional)

 

Shipping and billing information:personal identification data + address (country, settlement, street name, house number, postal code).

 

Other: date of order; bank account number in case of transfer.


· order processing;

 

 · identification and registration of customers, purchases and payments;  · confirmation;  · issuance of a regular invoice;  · order fulfillment and delivery of products;  · enforcement of claims;  · contacting and maintaining contact with the customer;  · execution of technical operations;

 

 

The data related to the performance of the contract concluded electronically are used for the benefit of the contract and are deleted or destroyed upon its termination or upon expiry of the legally defined deadline.

 

Pursuant to Section 169 (1) of the Accounting Act, accounting receipts and supporting documents must be kept for 8 years.

 

In the case of data processed for the purpose of contacting us, we store them until the Data Subject withdraws his consent.

 

Infotv. Paragraph (1) of § 5, or based on Article 6 (1) point a) of the GDPR (consent). In addition, data management is necessary in order to fulfill the contract pursuant to GDPR Article 6 (1) point b) and Elker tv. 13/A. based on paragraph (3) of §  The fulfillment of the legal obligation to issue invoices and make payments is Article 6 (1) point c) of the GDPR, as well as Account. TV. Paragraph (2) of § 169 and the VAT Act. It is done on the basis of § 169.

 

We inform you that- to enter into a contract concluded electronically, it is essential to provide personal data in order to be able to complete the order for the desired service;- failure to provide data will result in us not being able to process your order.

 

3. Data management related to sending messages or electronic correspondence

Managed data circle Purpose of data management Duration of data management Legal basis for data management

 

User's last and first name, e-mail address, and other personal data provided in the message and the circumstances of the case.

 

 

 

 

 

· providing more information about the products, handling requests for information, documenting the case;

 

· identification of the User;

 

· identification of the User;

 

 

Until the Data Subject withdraws his consent (he can do so at any time), otherwise the communication by e-mail will be archived and the Data Controller will delete it no later than 1 year after answering the question asked in the e-mail.   Until the Data Subject withdraws his consent (he can do so at any time), otherwise the communication by e-mail will be archived and the Data Controller will delete it no later than 1 year after answering the question asked in the e-mail.   The legal basis for processing data is the User's voluntary consent based on Article 6 (1) point a) of the GDPR; and the fulfillment of legal obligations pursuant to Article 6 (1) c) of the GDPR and Fgy. TV. Based on § 17/A. 
The legal basis for processing data is the User's voluntary consent based on Article 6 (1) point a) of the GDPR; and the fulfillment of legal obligations pursuant to Article 6 (1) c) of the GDPR and Fgy. TV. Based on § 17/A.

 

4. Data management related to sending newsletters
Managed data circle Purpose of data management Duration of data management Legal basis for data management

 

Name, e-mail address, time of registration, IP address at the time of registration.

 

Identification of the User, enabling subscription to the newsletter (electronic message), information about promotions and news.

 

Data processing lasts until the consent statement is revoked, i.e. until unsubscription.

 

 

Voluntary consent of the User based on point a) of Article 6 (1) of the GDPR, Elkertv. 13/A.§a and Grt. Paragraph (5) of § 6.

5. Establishing partner relationships; data processed for the purpose of contact

Managed data circle Purpose of data management Duration of data management Legal basis for data management

 

Name, e-mail address, phone number, position.

 

Continuation of communication during the offer phase; maintaining a relationship in order to facilitate the contractual relationship.

 

The data management lasts until the cancellation request of the concerned Partner.
Voluntary consent of the concerned Partner based on Article 6 (1) point a) of the GDPR. The concerned Partner gives his consent to the processing of his personal data by voluntarily handing over the contact details to the Data Controller.
6. Data management during and after the contractual legal relationship for the purpose of possible claim enforcement
Managed data circle Purpose of data management Duration of data management Legal basis for data management
Name, e-mail address, phone number, job title.

 

Contract performance; contact necessary for fulfillment, identification of the person concerned.  Claims arising from a contract.

 

 

Until the duration of the contractual relationship, or until the end of the time available for asserting claims arising from it. On the basis of the express consent statement of any person concerned, until their statement is revoked.

 

Data management is necessary for the performance of the contract based on GDPR Article 6 (1) point b) and/or the Data Controller's legitimate interest in the referenced para. based on point f).
7. Data management related to the fulfillment of tax and accounting obligations
Managed data circle Purpose of data management Duration of data management Legal basis for data management

-Possible range of data:

 name, address, tax status, tax identification number, signature of recipient, payer, business ID number.

 

Fulfillment of tax and accounting obligations.
8 years after the termination of the legal relationship giving the legal basis. Fulfillment of the legal obligation according to Article 6 (1) point c) of the GDPR (Law CXXVII of 2017 § 169 § 202, Law C of 2000 § 167, Law CXVII of 1995).
8. Data management related to potential complaints
Purpose of data management Duration of data management Legal basis for data management

 

Investigating and documenting the circumstances of the complaint in order to make reports, requests and comments available to the Data Controller.

 

 

The Data Controller is obliged to keep the minutes of the oral complaint, the written complaint and the copy of the response for 5 years, and present it to the inspection authorities upon their request.

 

 

If the data is transferred by the Data Controller to Account TV. is obliged to keep the data, then the Data Controller will only delete the data after 8 years from the date of the complaint, regardless of the consent of the data subject.

 

The legal basis for the processing of data handled during complaint handling activities is the consent of the data subject pursuant to Article 6 (1) point a) of the GDPR and/or the fulfillment of a contract based on Article 6 (1) point b) of the GDPR, or fulfillment of a legal obligation GDPR Article 6 (1) c) and Fgy. TV. Based on § 17/A.

4. NEWSLETTER

The Data Controller provides the possibility to subscribe to the newsletter via the Website. 

In this way, the User can give prior and explicit consent, bearing in mind the provisions of this Notice, to inform the Data Controller about news, current affairs, and promotions related to the Data Controller's activities through electronic messages (newsletters) via the provided contact details, and the Data Controller to manage the personal data necessary for sending the information. The Data Controller does not send unsolicited promotional messages.

In the case of a newsletter, the Data Controller manages the data provided by the User during subscription to the newsletter until the User unsubscribes from the newsletter by clicking on the "Unsubscribe" button at the bottom of the newsletter message or requests - without limitation or obligation to provide reasons - to be removed from the list of subscribers to the newsletter e by email or post. In case of unsubscribing, the Data Controller will not contact the User with further newsletters and offers. The User can unsubscribe from the newsletter free of charge and withdraw his consent at any time. The Data Controller will inform the User electronically about unsubscribing or deletion from the newsletter address list.

Information on the scope, purpose, legal basis of the processed data, and the duration of the data management can be found in Section III of this Notice. can be found in point 4 of chapter.

5. SOCIAL MEDIA SITES

The scope of the managed data: Facebook, Instagram registered name, public profile picture of the User, other personal data provided in comments.

Scope of stakeholders: all stakeholders who registered on the Facebook social network and "liked" and "followed" the page of the Data Controller.

The Data Subject can find out about the source of the data, its management, the method of transfer and its legal basis on the given social page. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site. https://www.facebook.com/policy; https://www.instagram.com/about/legal/privacy.

The legal basis for data management: the voluntary consent of the concerned person to the processing of her personal data on social networking sites.

6. DATA PROCESSORS REQUIRED

The Data Controller is entitled to use a Data Processor to carry out its activities. The Data Processor does not make an independent decision. For their part, the Data Processors record the personal data provided by the Data Controllers and managed or processed by them in accordance with the provisions of the GDPR, or processed.

GDPR

If you are a resident of the EEA (European Economic Area), you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. 

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. 

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address above.

1. The Data Controller uses the following Data Processor for IT activities:

Name: Shopify Inc.

Headquarters: 33 New Montgomery St #750, San Francisco, CA 94105, USA

Website: www.shopify.com

  • Activity provided by the data processor: hosting service; system administrator service (check, technical update, other improvements, repair tasks).
  • Scope of data: personal data of the user of the Website or placing an order.

 

2. The Data Controller uses the following Data Processors and Data Transmitters in the context of online marketing activities:

A) Name: Shopify Inc.

Headquarters: 33 New Montgomery St #750, San Francisco, CA 94105, USA

Website: www.shopify.com

B) Name: Google, owned by Google Ireland Ltd

Registered office: Gordon House, Barrow Street, Ireland, Dublin, D04 E5W5.

Website: www.google.com

  • Activity provided by the data processor: newsletter service; respectively promoting and advertising the services available on the Website, increasing the number of visitors to the Website.

 

3. The Data Controller uses the following Data Processor for accounting activities:

Name: IT.Control Services Bt.

Headquarters: 9011 Győr, Honfoglazal u. 71/B building.

  • Activity performed by a data processor: processing invoices issued in the Data Controller's system.
  • Scope of data: name, billing name, billing address.
  • Duration of data processing, deadline for data deletion: 8 years based on § 169 (2) of Act C of 2000 on accounting.

4. The Data Controller uses the following Data Processors for invoicing activities:

A) Name: Szamlazz.hu, which is owned by KBOSS.hu Kft

Headquarters: 1031 Budapest, Záhony utca 7.

Website: www.szamlazz.hu

 

B.) Név: Naturasoft, amely a NATURASOFT Magyarország Kft. tulajdona

Székhely: 1113 Budapest, Daróczi út 11.   

Weboldal: naturasoft.hu


5. The Data Controller uses the following Data Processors

  • during online payment:

Név: Stripe, Inc.

Székhely: 354 Oyster Point Blvd South San Francisco, CA 94080, USA

Weboldal: www.stripe.com

  • when paying by bank card:

A) Name: myPOS owned by myPOS Europe Ltd

Headquarters: The Shard, Level 24, 32 London Bridge Street, London, United Kingdom

Website: www.mypos.eu

B) Name: Raiffeisen Bank Zrt.

Headquarters: 1054 Budapest, Akadémia utca 6.

  • The purpose of the data processing: processing payments, confirming transactions and checking abuses for the protection of users.

    6. The Data Controller uses the following Data Processors for package delivery:

    A.) GLS General Logistics Systems Hungary Kft. /head office: 2351 Alsónémedi, GLS Európa utca 2./

    B.) Packeta Hungary Kft. /headquarters: 1044 Budapest, Ezred utca 1-3./

    C.) Magyar Posta Zrt. /headquarters: 1138 Budapest, Dunavirág utca 2-6./ Scope of data: name, shipping name, address.

    • Scope of data: name, delivery name, address, telephone number.

    7. MANAGEMENT OF TECHNICAL DATA, COOKIES

    A "cookie" is a short text file (string of characters) that our web server sends to the affected device (be it any computer, mobile phone or tablet) and reads it back, i.e. the data of the User's logged-in device, which is the use of the service are generated during and recorded by our system as an automatic result of technical processes, especially the date and time of the visit, the IP address of the User's computer, and the type of browser.

    According to the law, cookies can be stored on your device if this is absolutely necessary for the efficient and secure operation of our website. These data, which are recorded automatically, are automatically logged by the system upon entry and exit without the User's separate statement or action. These data cannot be combined with other personal user data, except in cases made mandatory by law. Only the Data Controller has access to the data. We need your permission to use all other types of cookies.

    • Security cookie;
    • Temporary (session) cookies: they are automatically deleted after the User visits/closes the browser. These cookies are used so that the Service Provider's website can function more efficiently and securely, so they are essential for certain functions of the Website or certain applications to function properly;
    • Persistent cookies: these are stored for a longer time in the cookie file of the browser. The duration of this depends on the settings the User uses in his Internet browser.

    External servers assist in the independent measurement and auditing of the website's visitor and other web analytics data (Google Analytics, Facebook Analytics). The regulations for the service provide information on the handling of measurement data. Contacts:

    www.google.com/analytics/;https://analytics.facebook.com/

    Cookies to improve the user experience:

    these cookies collect information about the user's use of the website, for example, which pages are visited most often or what error message is received from the website. These cookies do not collect information that identifies the visitor, that is, they work with completely general, anonymous information. We use the data obtained from these to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

    Google Adwords cookie:

    when someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, in Google products, such as to customize the ads displayed in Google Search. For example, it uses such cookies to remember your most recent searches, your previous interactions with ads or search results from certain advertisers, and your visits to advertisers' websites. AdWords conversion tracking uses cookies. To track sales and other conversions resulting from the ad, cookies are saved on the user's computer when that person clicks on an ad. Some of the common uses of cookies are: to select ads based on what is relevant to the user, to improve reporting on campaign performance, and to avoid showing ads that the user has already seen.

    Google Analytics cookie:

    Google Analytics is Google's analysis tool, which helps the owners of websites and applications to get a more accurate picture of the activities of their visitors. The service may use cookies to collect information and report statistical data on the use of the website without individually identifying visitors to Google. The main cookie used by Google Analytics is the „__ga” cookie. In addition to the reports generated from website usage statistics, Google Analytics - together with some of the advertising cookies described above - can also be used to display more relevant ads in Google products (such as Google Search) and across the Internet.

    Remarketing cookiek-k

    a korábbi látogatók vagy felhasználók számára a Google Display Hálózaton található egyéb webhelyeken való böngészés, illetve termékeivel vagy szolgáltatásaival kapcsolatos kifejezések keresésekor jelenhetnek meg.

    Session cookie:

    these cookies store the location of the visitor, the language of the browser, the currency of the payment, and their lifetime is until the browser is closed, or a maximum of 2 hours.

    Mobile version, design cookie:

    detects the device used by the visitor and switches to full view on mobile. Its lifespan is 365 days.

    Cookie acceptance -cookie:

    when you arrive at the website, you accept the statement about the storage of cookies in the warning window. Its lifespan is 365 days.

    Facebook pixel (Facebook cookie)

    Facebook pixel is a code with the help of which a report is prepared on the website about conversions, target audiences can be compiled, and the owner of the page receives detailed analysis data about the visitors' use of the website. With the help of the Facebook pixel, you can display personalized offers and advertisements to website visitors on the Facebook interface. You can read Facebook's privacy policy here: https://www.facebook.com/privacy/explanation

    If the User does not want the external service providers to measure the above data in the manner and for the purpose described, install the blocking add-on in her browser.

    Browsers allow you to change cookie settings. Most browsers automatically accept cookies by default, but this can be changed to prevent automatic acceptance once set. For more information on changing your browser settings, please consult your browser's instructions or help.

    8. METHOD OF DATA MANAGEMENT

    The Data Controller stores the data provided by the User for a specific purpose.

    The Data Controller does not check the personal data provided to him. The person providing the data is solely responsible for the accuracy of the data provided. All responsibility related to a specified e-mail address rests solely with the User who provided the e-mail address.

    Az Adatkezelő a megadott személyes adatokat az e Tájékoztatóban meghatározott céloktól eltérő célokra nem használja fel. Az Adatkezelő az általa kezelt személyes adatokat a jelen Tájékoztatóban meghatározott Adatfeldolgozókon kívül harmadik félnek nem adja át.

    The User can contact the Data Controller with any questions or comments related to data management via the known contact details.

    The Data Controller will provide information on data processing not listed in this Notice when the data is collected.

    In response to an exceptional official request, or in the case of requests from other bodies based on the authorization of the law, the Data Controller is obliged to provide information, communicate and transfer data, and make documents available. In these cases, the Data Controller only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

    9. RIGHTS OF THE DATA PARTIES

    1. Right of access

    The data subject is entitled to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data is being processed, he is entitled to access the personal data and the information listed in the Regulation.

    2. Right to rectification

    The Data Subject may request that the Data Controller correct inaccurate personal data concerning the Data Subject without undue delay. Taking into account the purpose of data management, the Data Subject may request the addition of incomplete personal data.

    3. The right to erasure

    The data subject may request that the Data Controller delete the personal data processed on the basis of his consent without undue delay under the conditions specified in the Regulation.

    4. The right to be forgotten

    If the Data Controller has disclosed the personal data and is obliged to delete it, taking into account the available technology and the costs of the implementation, it will take the reasonably expected steps - including technical measures - in order to inform the data controllers handling the data that the Data Subject has requested the personal data in question the deletion of links or duplicates of these personal data.

    5. The right to restrict data processing

    The data subject may request that the Data Controller restrict data processing upon request, if the conditions specified in Article 18 (1) of the GDPR are met.

    6. The right to data portability

    The data subject is entitled to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller.

    7. The right to protest

    The data subject has the right to object to the processing of his personal data at any time.

    8. Request for information

    The data subject has the right to request information from the Data Controller at any time regarding the processing of his personal data. Access to personal data, their deletion, modification, or restriction of processing, data portability, and objections to data processing are provided for in II. The Data Subject can initiate the process via one of the contact details indicated in point:

    9. Action deadline

    The Data Controller shall inform the Data Subject in writing of the measures taken following the above requests without undue delay, but no later than within 30 days of receipt of the request. If necessary, this can be extended by 30 days. The Data Controller shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within 30 days of receiving the request.

     If the Data Controller does not take measures following the Data Subject's request, it shall notify in writing the factual and legal reasons for the rejection of the request without delay, but no later than one month from the receipt of the request, the reasons for the failure to take action, and the fact that the Data Subject may file a complaint under Article XI. at the supervisory authority specified in point or you can use your right of judicial remedy.

    10. NOTIFYING THE USER ABOUT THE DATA PROTECTION INCIDENT

     The Data Controller informs the Data Subject about the data protection incident without undue delay - in a clear and understandable manner - if the data protection incident is likely to involve a high risk for the rights and freedoms of the Data Subject(s).

    In the information provided to the Data Subject, the Data Controller describes the nature of the data protection incident, and provides the name and contact details of the contact person providing further information; describes the likely consequences of a data protection incident; describes the measures taken or planned to remedy the data protection incident, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

    The Data Controller is not obliged to inform the Users if one of the cases set out in Article 34, paragraph (3) of the GDPR is met.

    11. ENFORCEMENT OPTIONS

    • The Data Subject can contact the Data Controller with comments regarding the handling of his personal data in II. at one of the contact details specified in
    • In the event of a violation of their rights, the Data Subject may apply to the court against the Data Controller. The court acts out of sequence in the case.
    • A complaint against a potential violation of the Data Controller can be filed with the National Data Protection and Freedom of Information Authority.

    1055 Budapest, Falk Miksa u. 9-11.

    Mailing address: 1363 Budapest, PO Box: 9.

    Telephone: +36 -1-683-5969

    Fax: +36-1-391-1410

    E-mail: ugyfelszolgalat@naih.hu

    Website: www.naih.hu

    12. OTHER PROVISIONS

    The Data Controller undertakes to ensure the security of the data. It also takes the technical measures to ensure that the recorded, stored and managed data are protected, and does everything to prevent their destruction, unauthorized use and unauthorized change. The data is stored on a secure, password-protected computer, data storage or cloud storage. Based on the relevant request, the Data Controller provides information on its requirements, responsibilities and the backup procedure related to backups affecting its IT systems.

    The Data Controller pays attention to the fact that, during its data management, it acts in accordance with the applicable data protection legislation and established data protection official practice. Its basic data management principles are in line with the applicable legislation on data protection, and in particular with the following:

    • Regulation 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);
    • CXII of 2011 Act on the right to self-determination of information and freedom of information (Infotv.)
    • CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society (Ekertv.);
    • Act V of 2013 on the Civil Code (Ptk.);
    • CLV of 1997. law on consumer protection (Fgytv.);
    • Act C of 2000 on accounting (Accounting);
    • XLVIII of 2008 Act on the basic conditions and certain limitations of economic advertising activity (Grt.).

    17. October 2022.

    Dóra Juhász e.v

    ----------------------------------------------------------

    A SHopify automatikus verziója:

    ENGLISH: 

    This Privacy Policy describes how juhaszdora.myshopify.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

    Contact

    After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at shop@juhaszdora.com or by mail using the details provided below:

    Juhász Dóra egyéni vállalkozó, Fő, 63-65. , V/2., Budapest, II., 1027, Hungary

    Collecting Personal Information

    When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

    • Device information
      • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
      • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels [ADD OR SUBTRACT ANY OTHER TRACKING TECHNOLOGIES USED].
      • Disclosure for a business purpose: shared with our processor Shopify [ADD ANY OTHER VENDORS WITH WHOM YOU SHARE THIS INFORMATION].
      • Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site [ADD OR SUBTRACT ANY OTHER PERSONAL INFORMATION COLLECTED].
    • Order information
      • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
      • Source of collection: collected from you.
      • Disclosure for a business purpose: shared with our processor Shopify [ADD ANY OTHER VENDORS WITH WHOM YOU SHARE THIS INFORMATION. FOR EXAMPLE, SALES CHANNELS, PAYMENT GATEWAYS, SHIPPING AND FULFILLMENT APPS].
      • Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers [INSERT ANY OTHER PAYMENT TYPES ACCEPTED]), email address, and phone number.
    • Customer support information
      • Purpose of collection:
      • Source of collection:
      • Disclosure for a business purpose:
      • Personal Information collected: [INSERT ANY OTHER INFORMATION YOU COLLECT: OFFLINE DATA, PURCHASED MARKETING DATA/LISTS]
      • Purpose of collection: to provide customer support.
      • Source of collection: collected from you
      • Disclosure for a business purpose: [ADD ANY VENDORS USED TO PROVIDE CUSTOMER SUPPORT]
      • Personal Information collected: [ADD ANY MODIFICATIONS TO THE INFORMATION LISTED ABOVE OR ADDITIONAL INFORMATION AS NEED.]

    [INSERT FOLLOWING SECTION IF AGE RESTRICTION IS REQUIRED]

    Minors

    The Site is not intended for individuals under the age of [INSERT AGE]. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.

    Sharing Personal Information

    We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

    • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
    • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
    • [INSERT INFORMATION ABOUT OTHER SERVICE PROVIDERS]

    [INCLUDE FOLLOWING SECTION IF USING REMARKETING OR TARGETED ADVERTISING]

    Behavioural Advertising

    As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

    • [INSERT IF APPLICABLE] We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
    • [INSERT IF YOU USE A THIRD PARTY MARKETING APP THAT COLLECTS INFORMATION ABOUT BUYER ACTIVITY ON YOUR SITE] We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
    • [INSERT IF USING SHOPIFY AUDIENCES] We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.
    • [INSERT OTHER ADVERTISING SERVICES USED]

    For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

    You can opt out of targeted advertising by:

    [INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED. COMMON LINKS INCLUDE:

  • FACEBOOK - https://www.facebook.com/settings/?tab=ads
  • GOOGLE - https://www.google.com/settings/ads/anonymous
  • Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

    Using Personal Information

    We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

    [INCLUDE THE FOLLOWING SECTION IF YOUR STORE IS LOCATED IN OR IF YOU HAVE CUSTOMERS IN EUROPE]

    Lawful basis

    Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

    [INCLUDE ALL THAT APPLY TO YOUR BUSINESS]

    • Your consent;
    • The performance of the contract between you and the Site;
    • Compliance with our legal obligations;
    • To protect your vital interests;
    • To perform a task carried out in the public interest;
    • For our legitimate interests, which do not override your fundamental rights and freedoms.

    Retention

    When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

    Automatic decision-making

    If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

    We [DO/DO NOT] engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

    Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

    Services that include elements of automated decision-making include:

    • Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
    • Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

    Selling Personal Information

    [INCLUDE THIS SECTION IF YOUR BUSINESS IS SUBJECT TO THE CALIFORNIA CONSUMER PRIVACY ACT AND SELLS PERSONAL INFORMATION AS DEFINED BY THE CALIFORNIA CONSUMER PRIVACY ACT]

    Our Site sells Personal Information, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).

    [Insert:

    • categories of information sold;
    • IF USING SHOPIFY AUDIENCES: information about your use of the Site, your purchases, and the email address associated with your purchase
    • instructions on how to opt-out of sale;
    • whether your business sells information of minors (under 16) and whether you obtain affirmative authorization;
    • if you provide a financial incentive to sell information, provide information about what that incentive is.]

     

    Your rights

    [INCLUDE FOLLOWING SECTION IF YOUR STORE IS LOCATED IN OR IF YOU HAVE CUSTOMERS IN EUROPE]

    GDPR

    If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. [OR INSERT ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS, ERASURE, CORRECTION, AND PORTABILITY REQUESTS]

    Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

    [INCLUDE FOLLOWING SECTION IF YOUR BUSINESS IS SUBJECT TO THE CALIFORNIA CONSUMER PRIVACY ACT]

    CCPA

    If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. [OR INSERT ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS, ERASURE, CORRECTION, AND PORTABILITY REQUESTS]

    If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address above.

    Cookies

    A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

    We use the following cookies to optimize your experience on our Site and to provide our services.

    [Be sure to check this list against Shopify’s current list of cookies on the merchant storefront: https://www.shopify.com/legal/cookies ]

    Cookies Necessary for the Functioning of the Store

    Name Function Duration
    _ab Used in connection with access to admin. 2y
    _secure_session_id Used in connection with navigation through a storefront. 24h
    _shopify_country Used in connection with checkout. session
    _shopify_m Used for managing customer privacy settings. 1y
    _shopify_tm Used for managing customer privacy settings. 30min
    _shopify_tw Used for managing customer privacy settings. 2w
    _storefront_u Used to facilitate updating customer account information. 1min
    _tracking_consent Tracking preferences. 1y
    c Used in connection with checkout. 1y
    cart Used in connection with shopping cart. 2w
    cart_currency Used in connection with shopping cart. 2w
    cart_sig Used in connection with checkout. 2w
    cart_ts Used in connection with checkout. 2w
    cart_ver Used in connection with shopping cart. 2w
    checkout Used in connection with checkout. 4w
    checkout_token Used in connection with checkout. 1y
    dynamic_checkout_shown_on_cart Used in connection with checkout. 30min
    hide_shopify_pay_for_checkout Used in connection with checkout. session
    keep_alive Used in connection with buyer localization. 2w
    master_device_id Used in connection with merchant login. 2y
    previous_step Used in connection with checkout. 1y
    remember_me Used in connection with checkout. 1y
    secure_customer_sig Used in connection with customer login. 20y
    shopify_pay Used in connection with checkout. 1y
    shopify_pay_redirect Used in connection with checkout. 30 minutes, 3w or 1y depending on value
    storefront_digest Used in connection with customer login. 2y
    tracked_start_checkout Used in connection with checkout. 1y
    checkout_one_experiment Used in connection with checkout. session

    Reporting and Analytics

    Name Function Duration
    _landing_page Track landing pages. 2w
    _orig_referrer Track landing pages. 2w
    _s Shopify analytics. 30min
    _shopify_d Shopify analytics. session
    _shopify_s Shopify analytics. 30min
    _shopify_sa_p Shopify analytics relating to marketing & referrals. 30min
    _shopify_sa_t Shopify analytics relating to marketing & referrals. 30min
    _shopify_y Shopify analytics. 1y
    _y Shopify analytics. 1y
    _shopify_evids Shopify analytics. session
    _shopify_ga Shopify and Google Analytics. session

    [INSERT OTHER COOKIES OR TRACKING TECHNOLOGIES THAT YOU USE]

    The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

    You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

    Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

    Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

    Do Not Track

    Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

    Changes

    We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

    Complaints

    As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.

    If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: [Add contact information or website for the data protection authority in your jurisdiction. For example: https://ico.org.uk/make-a-complaint/]

    Last updated: [Date]