Privacy notice – everhale.hu
Introduction
A/Az EverHale Trade Kft. (3600 Ózd, Október 23. tér 1., tax number: 29019399-2-05, company registration number/registration number: 05-09-033733) (hereinafter: Service provider, data controller) is subject to the following regulations:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.), we provide the following information.
This data protection policy regulates the data management of the following sites/mobile applications: https://everhale.hu
The data protection policy is available from the following page: https://everhale.hu/en/privacy-policy/
Amendments to the regulations will come into effect upon publication at the above address.
The data controller and its contact details:
Company name: EverHale Trade Kft.
Headquarters: 3600 Ózd, Október 23. tér 1.
E-mail: hello@everhale.hu
Phone: +36 70 551 0159
Concept definitions
- “personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
- “data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;
- “data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
- “data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
- “recipient”: the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
- “consent of the data subject”: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
- “data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.
Principles for handling personal data
Personal data:
- its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject (“legality, fair procedure and transparency”);
- be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose (“purpose limitation”);
- they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary (“data sparing”);
- they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (“accuracy”);
- its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms (“limited storage capacity”);
- must be handled in such a way that adequate security of personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (“integrity and confidentiality”).
- The data controller is responsible for compliance with the above, and must also be able to prove this compliance (“accountability”).
The data controller declares that its data management is carried out in accordance with the basic principles contained in this point.
Data management related to the operation of the online store/use of services
- The fact of data collection, the scope of processed data and the purpose of data management:
Personal data | Purpose of data management | Legal basis |
Username | Identification, enabling registration. | Article 6 (1) point b) of the GDPR and Elker tv. 13/A. (3) of § |
Password | It is used for secure access to the user account. | |
Surname and first name | It is necessary for making contact, making purchases, issuing regular invoices, and exercising the right of withdrawal. | |
E-mail address | Keeping in touch. | |
Phone number | Keeping in touch, more effectively negotiating questions related to invoicing or delivery. | |
Billing name and address | Issuing the regular invoice, as well as creating the contract, defining its content, amending it, monitoring its performance, invoicing the resulting fees, and asserting related claims. | Article 6(1)(c) and Section 169(2) of Act C of 2000 on Accounting |
Shipping name and address | Enabling home delivery. | Article 6 (1) point b) of the GDPR and Elker tv. 13/A. (3) of § |
Date of purchase/registration | Execution of a technical operation. | |
The IP address at the time of purchase/registration | Execution of a technical operation. |
- Scope of stakeholders: All stakeholders registered/purchased on the webshop website. Neither the username nor the e-mail address is required to contain personal data.
- Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it lasts until the data subject’s request for deletion. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as this data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. The data subject’s contractual data can be deleted after the expiration of the civil law limitation period based on the deletion request of the data subject.
The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.
- The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data can be processed by the data controller, as well as its sales and marketing staff, in compliance with the above principles.
- Description of the rights of data subjects related to data management:
- The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
- the data subject has the right to data portability and to withdraw consent at any time.
- The data subject can initiate access to personal data, their deletion, modification or limitation of processing, data portability in the following ways:
- by post at Október 23. tér 1, 3600 Ózd,
- by e-mail at hello@everhale.hu,
- by phone at +36 20 535 1084.
Legal basis for data management:- Article 6(1)(b) and (c) GDPR,
- CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):
For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.
- In case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).
- In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:22. according to § 5 years.
6:22 a.m. § [Prescription]
(1) If this law does not provide otherwise, claims are time-barred within five years.
(2) The statute of limitations begins when the claim becomes due.
(3) The agreement to change the limitation period must be in writing.
(4) An agreement excluding the limitation period is void.
We would like to inform you that in order to fulfill the data management contract and to provide you with an offer, you are required to provide personal data so that we can fulfill your order.
failure to provide data will result in us not being able to process your order.
Management of cookies
The so-called “password-protected session cookies”, “shopping cart cookies”, “security cookies”, “necessary cookies”, “functional cookies” and “cookies responsible for managing website statistics” it is not necessary to request prior consent from the data subjects for its use.
The fact of the data management, the scope of the managed data: Unique identification number, dates, times
Scope of stakeholders: All stakeholders visiting the website.
Purpose of data management: Identification of users and tracking of visitors.
Duration of data management, deadline for data deletion:
Cookie type | Legal basis for data management | Data handling duration |
Session cookies | CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of § |
The relevant until the end of the visitor session lasting period |
Persistent or saved cookies | CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of § | until the data subject is deleted |
Statistical and marketing cookies | CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of § | 1 month – 2 years |
- The person of the possible data controllers entitled to access the data: The data controller does not manage personal data through the use of cookies.
- Description of data processing rights of data subjects: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.
- Legal basis for data management: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.
- Most browsers that our users use allow you to set which cookies are saved and allow (certain) cookies to be deleted again. If you limit the saving of cookies on certain websites or do not allow third-party cookies, this may lead to the fact that our website can no longer be used in its entirety under certain circumstances. Here you can find information on how to customize cookie settings for standard browsers:
Google Chrome (https://support.google.com/chrome/answer/95647?hl=hu)
Internet Explorer (https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies)
Firefox (https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn)
Safari (https://support.apple.com/hu-hu/guide/safari/sfri11471/mac)
Using Google Ads conversion tracking
- The data controller uses the online advertising program called “Google Ads”, and also uses Google’s conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
- When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
- When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
- Each Google Ads customer receives a different cookie, so they cannot be tracked through the websites of Ads customers.
- The information – obtained with the help of conversion tracking cookies – serves the purpose of creating conversion statistics for Ads’ customers who choose conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
- If you do not want to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.
- Further information and Google’s data protection statement are available on the following page: google.de/policies/privacy/
Application of Google Analytics
- This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
- The information created by cookies related to the website used by the User is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
- The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
- Within the scope of Google Analytics, the IP address transmitted by the User’s browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User’s website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
Newsletter, DM activity
- XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the User may give prior and express consent to contact the Service Provider with its advertising offers and other mailings at the contact details provided during registration.
- In addition, the Customer may, bearing in mind the provisions of this information, consent to the Service Provider handling his personal data necessary for sending advertising offers.
- The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from the sending of offers free of charge without limitation or justification. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.
- The fact of data collection, the scope of processed data and the purpose of data management:
Personal data | Purpose of data management | Legal basis |
Name, e-mail address. | Identification, enabling subscription to the newsletter/discount coupons. |
The consent of the data subject, Article 6, paragraph 1, point a). XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. § 6 (5) of the Act. |
Date of subscription | Execution of a technical operation. | |
IP address at the time of registration | Execution of a technical operation. |
- Scope of stakeholders: All stakeholders who subscribe to the newsletter.
- Purpose of data management: sending electronic messages containing advertising (e-mail, sms, push message) to the person concerned, providing information about current information, products, promotions, new functions, etc.
- The duration of the data management, the deadline for deleting the data: the data management lasts until the withdrawal of the consent statement, i.e. until the unsubscription.
- The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data can be processed by the data controller, as well as its sales and marketing staff, in compliance with the above principles.
- Description of the rights of data subjects related to data management:
- The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, as well as
- you can object to the processing of your personal data and
- the data subject has the right to data portability and to withdraw consent at any time.
- The data subject can initiate access to personal data, its deletion, modification, or restriction of processing, data portability, or objection in the following ways:
- by post at Október 23. tér 1, 3600 Ózd,
- via e-mail at hello@everhale.hu e-mail address,
- by phone at +36 20 535 1084.
- The person concerned can unsubscribe from the newsletter free of charge at any time. +36 70 551 0159