Privacy Policy

Date of acceptance: 2021-09-10

Data Controller

Name:PATKÓS Ltd. 

headquarters:5000 Szolnok, GárdonyiGéza str. 28.

address, complaints:5000 Szolnok, GárdonyiGéza str. 28.

E-mail:imre.patkos@gmail.com

Telephone number:+36202724721

Website: https://patkosnadak.hu

 

Hosting service provider

Name: ProfiTárhely Ltd.

Postal address: 6000 Kecskemét, Szolnoki str. 23.

E-mail address:ugyfelszolgalat@profitarhely.hu

Telephone number:+36 20 254 0866

 

A description of the data controlling activities performed during the operation of the web shop

 

Information regarding the use of cookies

What is a cookie?

The Data controller uses cookies when visiting the site. Cookies are information packages made up of letters and numbers which are sent by our website to your browser in order to save certain settings, make the use of our site easier and also contributes to gathering some relevant statistical information on our visitors.

Some cookies do not contain any personal information and are not suitable for identifying the user, some however contain a unique identifier – a secret randomly generated number – that your device stores and ensures that you can be identified. The operational duration of some cookies is detailed in the individual descriptions of cookies.

The legal background and basis for cookies:

Based on point a.) of paragraph (1) of article 6. of the Decree, the legal basis for data controlling is your consent. 

 

The main types of cookies used by the site:

Google Analytics cookie:Google Analytics is Google’s analysis tool which helps website and application owners to receive a clearer picture on the activities of their visitors. The service may use cookies to gather information and create a report from the statistical data related to the use of the site without personally identifying the user for Google. The main cookie used by Google Analytics is the „__ga” cookie. Aside from the statistical data reports related to site use, Google analytics – along with the few advertising cookies mentioned before – may also be used to display more relevant ads within Google products (e.g.: in Google Search) and all over the internet.

Cookies essential for operation:These cookies are essential for using the website and allow the use of website’s basic functions. Without these, several functions of the website will not be available for you. The lifetime of these types of cookies are restricted to the duration of the session.

Cookies intended to improve user experience:These cookies gather information on the user’s website use, for instance which pages they viewed most often or what type of error message they receive from the site. These cookies do not collect information capable of identifying the user, meaning they only use general anonymous information. The data collected this way is used to improve the website’s performance. The lifetime of these types of cookies are restricted to the duration of the session.

Session cookie:These cookies store the user’s location, the browser’s language and the payment currency. They are deleted when the browser is closed or after a maximum of two hours.

Referer cookies:They indicate the external site from which the user came from. They are deleted after the browser is closed.

Last viewed product cookie:Records the product that was last viewed by the visitor. Their lifetime is 60 days.

last viewed category cookie:Records the last viewed category. Their lifetime is 60 days.

Recommended products cookie:They record the list of products to be recommended under the “recommend to a friend” function. Their lifetime is 60 days.

Mobil version, design cookie:Identifies the device used by the visitor and changes to complete view on mobile. Its lifetime is 365 days.

Enable the use of cookies cookie:Accepting the statement on the use of cookies when entering the site. Its lifetime is 365 days.

Basket cookie:Records the products placed into the basket. Its lifetime is 365 days.

Backend identifier cookie:Identifies the backend server for the website. It is deleted when the browser is closed.

If you do not accept the use of cookies, then certain functions will not be available to you. Further information regarding the deletion of cookies can be found at the following links:

Data processed for contract completion

Several data may be processed for contract completion. We hereby inform you that administration regarding complaints and warranties will only be performed if you exercise these rights.

If you do not make any purchases on the web shop and are simplyvisiting, then the information detailed under marketing data processing is relevant to you if you provide consent for data processing for marketing purposes.

Detailed list of data processed for contract completion:

Contact

If you contact us via e-mail, contact form or telephone regarding a product. Prior contact is not necessary, you may order at any time from the web shop.

Processed data
The data you provided during contact. (Name, e-mail, telephone number)

Data processing duration
We will only process data until contact is maintained.

Legal basis for data processing
Your consent which you provide to the Data processor when you initiate contact [data controlling based on point a) of paragraph (1) of article 5. of the Decree]

 

Order processing

Activities necessary for contract completion during order processing.

Processed data
During data processing the Data processor will process your name, address, telephone number, e-mail address, the properties of the purchased product, the order number, and the purchase date.

If you submitted an order in the web shop, then data processing and data providing are necessary for contract completion.

Data processing duration
Based on the limitation periods in civil law, data will be processed for 5 years.

Legal basis for data processing
Contract completion. [data processing based on point b) of paragraph (1) of article 4. of the Decree]

 

Invoice issuing

The data processing procedure occurs for the purposes of issuing an invoice and fulfilling the obligation for the preservation of accounting documents. Based on paragraphs (1) and (2) of section 169. § of CTV, business organisations must preserve the accounting documents directly and indirectly confirming bookkeeping.

Processed data
Ordered product, buyer’s name, address/headquarters, tax number

Data processing duration
Based on paragraph (2) of section 169. § of CTV., the issued invoices must preserved for 8 years starting from the date of issuing.

Legal basis for data processing
According to paragraph (1) of section 159. § of Act CXXVII. of 2007 on value added tax, the issuing on an invoice is mandatory and must be preserved for 8 years according to paragraph (2) of section 169. § of CTV. [data processing based on point c) of paragraph (1) of article 6. of the Decree].

 

Data processing related to the transport of goods

Data processing occurs with regards to the shipping of ordered products.

Processed data
Name, address, e-mail, telephone number

Data processing duration
The Data Controller will process the data until the ordered goods have been shipped.

Legal basis for data processing
Contract completion [b) of paragraph (1) of article 6. of the Decree].

 

Recipients and data controllers of processed data related to product shipping

Recipient’s name:GLS General Logistics Systems Hungary Csomag-LogisztikaiLtd.

Recipient’s headquarters:2351 Alsónémedi, GLS Európastr. 2.

Recipient’s telephone number:06-29-88-67-00

Recipient’s e-mail address:info@gls-hungary.com

Recipient’s website:https://gls-group.eu/HU/hu/home

 

Based on the contract with the Data processor, the courier service participates in the delivery of the ordered product. The personal data received by the courier service will be processed according to their privacy policy found on their website.

 

Recipient’s name:DPD HungáriaLtd.

Recipient’s headquarters:1158 Budapest, Késmárkstreet 14. B. ép.

Recipient’s telephone number:+36-1/501-6200

Recipient’s e-mail address:dpd@dpd.hu

Recipient’s website:https://www.dpd.com/hu/

 

Based on the contract with the Data processor, the courier service participates in the delivery of the ordered product. The personal data received by the courier service will be processed according to their privacy policy found on their website.

 

Recipient’s name:Magyar Posta ZártkörűenMűködőRészvénytársaság

Recipient’s headquarters:1138 Budapest, Dunavirágstreet 2-6.

Recipient’s telephone number:+36-1/767-8200

Recipient’s e-mail address:ugyfelszolgalat@posta.hu

Recipient’s website:posta.hu

 

Based on the contract with the Data processor, the courier service participates in the delivery of the ordered product. The personal data received by the courier service will be processed according to their privacy policy found on their website.

 

 

The handling of warranty claims

Warranty claims must be handled according to the 19/2014. (IV. 29.) NGMdecree which also determines how we must process your claim.

 

Processed data

Warranty claims must be handled according to the 19/2014. (IV. 29.) NGMdecree

Based on the decree we must create a report on the warranty claims submitted towards us in which we will record:

  1. Your name, address and statement saying that you consent to the handling of your data recorded in the report in accordance with the decree,
  2. the name of the movable property and its purchasing price which was sold within the framework of the contract between you and our company,
  3. the date and time of contract completion,
  4. the date and time the problem was reported,
  5. a description of the problem,
  6. the right you wish to exercise according to your warranty claim, furthermore
  7. the method of settling the warrant claim and the reason for denying the warranty right.

If we receive the product from you, we will provide you a receipt confirming this, which must contain:

  1. Your name and address,
  2. the details necessary for identifying the product,
  3. the date and time the product was received,
  4. the date and time when you are able to receive the product.

 

Data processing duration
The company must preserve the report created regarding the warranty claim for three years and must present it to the controlling authority when requested.

 

Legal basis for data processing
The legal basis for data processing is adherence to the legal obligations of the 19/2014. (IV. 29.) NGM Decree [paragraph (1) section 4. § and paragraph (1) section 4. § as well as data handling according to point c) of paragraph (1) of article 6. od the Decree].

 

Handling additional consumer complaints

The data processing procedure occurs in order to handle customer complains. If you’ve made a complaint towards us, then providing data and data processing are necessary.

Processed data
Customer name, telephone number, e-mail address, subject of the complaint.

Data processing duration
Based on the consumer protection law, we will hold onto warranty complaints for 3 years.

Legal basis for data processing
Whether you submit a complaint to us is your voluntary decision, however if you do so, then based on paragraph (7) of section 17/A. § of Act CLV. of 1997, we must hold onto the complaint for 5 years [data processing according to point c) of paragraph (1) of article 6. of the Decree]

 

Data processed regarding consent certification

When registering, ordering, or subscribing to the newsletter, the IT system saves the data related to consent for future certification purposes.

Data processed
The date and time of consent, the affected individual’s IP address.

Data processing duration
Because of legal requirements we must be able to verify consent in the future, therefore the duration of data storage will extend to the limitation period following the cessation of data processing.

Legal basis for processing
This obligation is recorded in paragraph (1) of article 7. of the Decree. [data processing according to point c) of paragraph (1) of article 6. of the Decree].

 

Additional data processing

If the data controller wishes to perform further data processing, then they must provide a prior notification on the relevant circumstances of the data processing (legal background and basis for data processing, the goal of data processing, the scope of data processing, the duration of data processing).

We hereby inform you that the Data Controller must comply with written, legally authorised requests for data by the authorities. The Data Controller keeps a list on forwarded data according to paragraphs (2)-(3) of section 15. § of the Freedom of Information Act (what data they sent to which authority, the legal basis for sending data, and the date and time of sending), regarding which the Data Controller will inform you of its contents, excluding cases where notification is prohibited by law.

 

Recipients of personal data

Data processing regarding personal data

Data processor’s name: ProfiTárhelyLtd.

Data processor’s contact information:

Telephone number:+36 20 254 0866

E-mail address:ugyfelszolgalat@profitarhely.hu

Headquarters:6000 Kecskemét, Szolnokistr. 23.

Website:https://profitarhely.hu/

In accordance with their contract with the Data Controller, the Data Processor is responsible for the storage of personal data. They are not entitled to view the contents of personal data.

 

Data processing related to accounting

Data processor’s name:SzámTanSzámviteliIrodaLtd.

Data processor’s headquarters:5000 Szolnok, Rétstreet 4,

Data processor’s telephone number:  30-2357877

Data processor’s e-mail address:szamtankontir@gmail.com

Data processor’s website:

In accordance with their contract with the Data Controller, the Data Processor will cooperate in the recording of accounting documents. During this the Data Processor will process the affected individual’s name and address to the extent necessary for accounting records for a duration that is in accordance with paragraph (2) of section 169. of the Accounting Law, after which it will be deleted as soon as possible.

 

Your rights during data processing

Based on the Decree, you are entitled to the following rights for the duration of data processing:

  • the right to withdraw consent,
  • the right to access personal data and the right to access and modify information related to data processing.
  • the right to restrict data processing
  • the right to deletion
  • the right to object
  • the right to portability.

If you wish to exercise your rights, then that will entail your identification and the Data Controller must communicate with you. To confirm your identity, you are going to have to provide personal information (however identity confirmation can only be based on data that the Data Controller processes in the first place). Furthermore, your complaint regarding data processing will be saved on the e-mail account of the Data Controller.

The Data Controller will answer any complaints regarding data processing within 30 days.

 

The right to withdraw consent

You have the right to withdraw consent to process your data at any time. In this case we will delete your data from our database. Please note however that during an uncomplete order this consent withdrawal may result in us not being able to complete shipping. Also, if the purchase is completed we are unable to delete billing details from our database as per the relevant accounting laws. Furthermore, if you have any outstanding debts towards us then based on our legitimate interest of recovering claims, we will still be able to process your data even if consent is revoked.

 

Access to personal data

You have the right to receive feedback from the Data Controller on whether the processing of your personal data is underway, and if it is underway then:

  • to receive access to the processed personal data and
  • to receive notification by the Data Processor on the following information:
    • the goal of data processing;
    • the categories of your processed personal information;
    • information on recipients or recipient categories with whom the Data Controller will provide or will provide personal data;
    • planned duration of personal data storage, or if this is not possible then the criteria for determining this duration;
    • the right to request the Data Controller to amend, delete or restrict the handling your personal data and may object to the handling of personal data in the case of data processing that is based on legitimate interest;
    • the right to submit a complaint addressed to the supervisory authority;
    • if the data was not gathered from you then you may request all available information on the source;
    • information on an automated decision (if such procedure exists) including profiling, or at least the logic applied in such cases as well as related information detailing the effect and consequences that may affect you.

The goal of practicing your right may be to determine the legality and monitoring data processing, therefore after several requests for information the Data Controller may charge you a fee in exchange for providing information.

Access to personal data will be ensured by the Data Controller by sending your processed personal data and information via e-mail following your identification. If you have a registration, then we will ensure access through your account. You will be able to view processed personal information after logging into your account.

Please indicate whether you require access to personal information or require information regarding data processing in your request.

 

Right to amend

You have the right to request the Data Controller to amend inaccurate personal information related to you as soon as possible.

 

The right to restrict data processing

You may request the Data Controller to restrict data processing if any of the following conditions are true:

  • You dispute the accuracy of your personal data. In this case the restriction is active for the duration that enables the Data Controller to check the accuracy of the data. If the accurate data can be checked immediately then restriction will not be implemented;
  • The data processing is illegal, but you oppose the deletion of your data for any reason (e.g.: because the data is important for you in order to enforce your legal claims) so instead of requesting it to be deleted you request for its use to be restricted;
  • The Data Processor no longer requires your personal data for the indicated data processing goals, but you require it for the presentation, validation or protection of legal claims, or;
  • You objected to the data processing, but the Data Controller’s legitimate interest may be basis for data processing. In this case data processing must be restricted until such a time where it is determined that the Data Controller’s legitimate interests are prioritised in opposition to your legitimate reasons.

If data processing is restricted then such personal information may only be processed with the affected individual’s consent, or for the presentation, validation or protection of legal claims, or the protection of the rights of another natural or legal person, or the important public interest of the European Union or one of its member states.

The Data Processor will notify you on lifting data processing restrictions (at least 3 days before restrictions are lifted).

 

The right to deletion

You have the right to request the Data Controller to delete your personal data as soon as possible if any of the following conditions are true:

  • personal data is no longer required for the purposes they were originally gathered or was processed;
  • you withdraw your consent and there is no additional legal basis for data processing;
  • you object to the data processing based on legitimate interest and there is no priority legal right (legitimate interest) for data processing;
  • personal data was processed by the Data Controller in an unlawful manner, and this fact was confirmed on the basis of a complaint;
  • personal data must be deleted based on the legal requirements of the European Union or a member state applicable to the Data Processor.

If the Data Controller made your processed personal data public for any reason and must delete this data for any of the reasons stated above, then they must take reasonable steps by taking into account the available technology and the costs of implementation – including technological measures – in order notify additional data processors that you requested the deletion of the copy of the personal data or links related to the personal data or duplicate of the personal data.

Deletion will not occur if data processing is necessary:

  • for the freedom of expression and the practice of the right to information;
  • completion of obligations requiring the processing of personal data applicable to the data controller based on the legal regulations of the European Union or any of its member states (such a case would be data processing with regards to billing, as regulations state that the invoice must be preserved), furthermore from public interest or in order to perform tasks within the scope of the public powers given to the data processor;
  • for the presentation, validation, and defence of legal claims (e.g.: if the Data Processor has claims towards you which have not been completed or if a consumer, data processing complaint is underway.)

 

The right to object

You are entitled to object to your data being processed based on legitimate interest for for reasons related to your personal circumstances at any time. In this case the Data Processor cannot process the data any further, excluding cases where they are able to prove that data processing is justified by a compelling legitimate interest that has priority over your own interest, rights and freedom, or which are related to the presentation, validation or defence or legal claims.

If personal data is handled for the purposes of direct marketing then you are entitled to object to the processing of personal data for this purpose, including profiling if it is related to direct marketing. If you object to data processing for direct marketing purposes, then such data cannot be processed for this goal in the future.

 

The right to portability

If data processing occurs in an automated manner or if data processing is based on your voluntary consent, then you have the right to receive the data from the Data Controller that you provided. The Data Controller will send this data to you in xml, JSON or csv format. If it is technically possible then you may request the Data Controller to send your data to other data controllers in these formats.

Automated decision-making

You have to right to prevent tany automated decisions (including profiling) that would have a legal effect concerning you or would otherwise affect you in a major way. In such cases the Data Controller must take steps to protect the affected individual’s rights, freedom and legitimate interests, including the right to ask for human involvement on behalf of the Data Controller, to express their view, and to object to the decision.

The above-mentioned measures will not be applied in cases where the decision:

  • is necessary for signing and completing the contract between you and the data controller;
  • is made possible by a legal regulation of the European Union or a member state which also establishes appropriate measures concerning your rights, freedoms and legitimate interests;
  • is based on your explicit consent.

 

Signing into the data protection records

Based on the Freedom of Information Act the Data Controller was required to record certain data processing activities into the data protection records. This obligation for recording was terminated on the 25th of May 2018.

 

Data security measures

The Data Controller states that they took the necessary security measures to protect personal data from unauthorised access, modification, forwarding, publishing or deletion, and also against accidental deletion, corruption, and inaccessibility as a result of changing technology.

Based on the organisational and technical possibilities, the Data Controller will do everything in their power to ensure that their Data Processors also take the necessary security steps when handling your data.

 

Legal remedies

If you think that the Data Controller violated any of the regulations concerning data processing or did not fulfil one of your claims then you may request an examination procedure of the perceived unlawful handling at the National Authority for Data Protection and Freedom (postal address: 1363 Budapest, PO Box: 9., e-mail: ugyfelszolgalat@naih.hu).

We also inform you that in case of violating the legal regulations concerning data processing or if the Data Controller did not fulfil one of your claims, then you may file a lawsuit against the Data Controller in court.

 

Modifying the privacy policy

The Data Controller reserves the right to modify the current privacy policy in a way that does not affect the goal and legal basis of data processing. When you enter the modified version of the website you will be able to accept the modified privacy policy.

If the Data Controller wishes to perform data processing outside of the original goal of data processing, then they will inform you on the goal of the new data processing beforehand as well as the following information:

  • the duration of the storage of personal data or if this not possible then the criteria for determining this duration;
  • the right to request the Data Controller to amend, delete or restrict the handling of your personal data and object to the handling of personal data in the case of data processing that is based on legitimate interest, and request the right to portabilityin the case of data processing that is based on consent or a contractual relationship;
  • in case of consensual data processing that you may withdraw consent at any time;
  • the right to submit a complaint to the supervisory authority;
  • whether providing personal data is based on legal regulations or contractual provisions or whether it is a prerequisite to singing a contract, whether you need to provide personal data and what consequences neglecting the provision of personal data might have;
  • information on an automated decision (if such procedure exists) including profiling, or at least the logic applied in such cases as well as related information detailing the effect and consequences that may affect you.

Data processing can only begin following this. If the legal basis for data processing is consent, then after being notified you must consent to data processing.

The current document contains all relevant data processing information based on the 2016/679 Decree of the European Union on General Data Protection Regulation (referred to henceforth as Decree. GDPR) and Act CXII of 2011. (referred to henceforth as Freedom of Information Act).