PROCESSING POLICY

 

1. Controllers

Name: Basic Collection Korlátolt Felelősségű Társaság

Address:  1051. Budapest, József Attila str. 12.

Representative of the Controller: Yehuda Bar-Shaked, managing director

Contact of the Controller in respect of data protection: yehuda@basiccollection.com

Name: StyleHub.com Kft.

Address: 1027 Budapest, Medve str. 24. I/1., 

Representative of the Controller: András Attila Pfaff, managing director

Contact of the Controller in respect of data protection: yehuda@basiccollection.com

The present policy is the unilateral obligation of the controller as per the Regulation No. 2016/679 of the European Parliament and of the Council  (EU) (27th April, 2016) and the relevant legal rules of the Member States.

The Present Policy may be unilaterally amended and/or withdrawn by the Controller, with the simultaneous notification of the Data Subjects. The provision of information is implemented by publishing it on the website or by direct notification of the Data Subjects, depending on the nature of the change.

2. The purpose of processing

2.1. Advertising of products and service(s), provision of information for the Users

  • contacting with the purpose of direct sales and marketing with the advertisement of new products, projects and information on other news
  • measurement of customer satisfaction
  • invitation to marketing events.

Legal ground for the processing: Legitimate interest – The legitimate interest of the controller is the direct sales

The data subject provided the following data for the controller at the time of purchasing a product. The controller informs the data subject in the present policy that it reclassifies the purpose of processing of the data managed during the activities laid down in sections 2.1 -2.7 referring to a legitimate interest and uses them for direct sales.

  • Name
  • Billing address
  • Delivery address
  • E-mail address
  • Telephone number
  • Individual ID number

Planned deadline of processing: Until objection

2.2. The issue of the invoice and the mandatory documentation related to the fulfilment of the service

Legal ground for processing: Legal obligation (compliance with the Act on Accounting)

Provision of the data is the condition of the conclusion of the contract. Failing to give the data the Controller cannot fulfil the ordered services.

The scope of the processed data:

  • Name
  • Permanent address
  • E-mail address (In case of remote printing of the invoice or licensing of an e-invoice)
  • Individual ID number

The possible consequence for failing to provide the data: failure of the contract

The planned deadline of processing: 8 years

2.3. Guarantee

Related to the replacement, repair, and fulfilment of guarantee for possible faulty products supplied by the controller.

Legal ground for processing: Legal obligation

The scope of the processed data:

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Signature

The possible consequence for failing to provide the data: the failure of the contract

The planned deadline of processing: 5 years

2.4. Complaint handling

Processing related to the complaint-book or book of the customers at the site of the controller.

Legal ground for processing: Legal obligation

The scope of the processed data:

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Signature

The possible consequence for failing to provide the data: the failure of the contract

The planned deadline of processing: 5 years

2.5. Contacting partners, customers and suppliers

The processing of the contact details, the conclusion of the contract, management of e-mail addresses and phone numbers, personal contact, orders and searching for new suppliers.

Legal ground for processing: Legitimate interest – The legitimate interest of the controller is to process the contacts details for the fulfilment of the contract.

The scope of the processed data:

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Signature

The possible consequence for failing to provide the data: the failure of the contract

The planned deadline of processing: 5 years

2.6. Management of registrations coming from the website

Keeping contact with the partners and clients via e-mail and phone, issuing of offers, further contact for providing business offers and information.

Legal ground for processing: With consent

The scope of the processed data:

  • Name
  • E-mail address

The planned deadline of processing: Until objection

2.7. Management of the public data collected from the Internet

The controller regularly collects and includes in databases the e-mail addresses, names and phone numbers publicly accessible on the Internet and belonging to the target group of the controller.

Legal ground for processing: Legitimate interest – The legitimate interest of the controller is the direct sales

The scope of the processed data:

  • Name
  • E-mail address
  • Telephone number

The planned deadline of processing: Until objection

2.8. Processing related to the GDPR

Processing of data, keeping records of data transfers, data protection breaches, demands and questions of the Data Subjects

Legal ground for processing: Legal obligation

  • Name
  • Data protection ID
  • Date, type and content of the application of the data subject
  • The result of the application of the data subject
  • Date, documentation and results of the breach

The possible consequence for failing to provide the data: the failure of the contract

The planned deadline of processing: It must not be sorted out

3. The scope of the data subjects

The employees and clients in contractual relationship with the Controller, who give personal data for contacting purposes.

4. Children

Our services are not offered for persons below 16 years. We process the personal data of children below 16 years – due to the legal stipulations - solely with the consent of the –concerned parent. If we become aware that we have collected personal data from children below 16 years with different purposes from the above, then we will take the necessary steps to delete the data within the possible shortest period of time.

5. Duration of processing

In the case of compliance with the law, it is the storage time determined by the act on accounting

In case of a contract: until the deadline specified in the contract or 8 years after expiry of the contract at the latest

In case of consent: until the withdrawal of the consent by the Data Subject

In case of legitimate interest: until the objection of the Data Subject.

6. Information on the use of a processor

The controller transfers the data for the fulfilment of the contract to the contracted processor(s) during processing.

Categories of the recipients: courier services, forwarding companies, IT operators, 

The scope of those authorised to learn data

The controller shall not transfer the learned data for third parties, except for the processor(s) specified in section 6. The recorded data may only be known by the employees of the controller and the appointed employees of the processor(s).

The controller draws up a report about the fact of insight in each case, which is stored by the company for 1 year. 

7. The rights of the data subjects

The Data Subject may ask the Controller the following through the contact details given in section 1:

  • he/she may ask for information about the processing of their personal data
  • he/she may ask for the rectification of their data,
  • he/she may ask for information about the processing,
  • he/she may request the deletion of their personal data and the limitation of the processing,

The Data Subject may exercise the above rights at any time.

Furthermore, the Data Subject may transfer via one of the contact details given in section 1 to the Controller. 

  • he/she may ask for giving their data to another controller if the processing is based on a contract or consent and the Organisation processes it in the framework of an automated procedure.
  • he/she may withdraw their previous consent to the processing

The Controller settles or rejects (with reasons) the notification within 1 month from the submission of the applications - in exceptional cases in a longer term, as permitted by the legal rule. The results of the investigation will be given for the Data Subject in writing.

7.1. The cost of information

The Organisation provides measures and the required information free of charge for the first time. In case the Data Subject asks for the same data for the second time in the same month, and these data did not change during this time, then the Controller will charge an administrative fee.

  • The basis of the administrative cost is the cost of the current minimum wage per hour.
  • The number of the working hours used for the information is calculated on the basis of the above hourly rate.
  • In case of a demand for paper-based information, then it is the printing cost of the response at a cost price plus the mailing cost.

7.2. Refusal of information

In case the application of the data subject is clearly unfounded, he/she is not authorised for getting information or the Organisation as the controller can prove that the Data Subject has the requested information, then the controller refuses the request for information.

In case the request of the data subject is exaggerated – due to its repeated nature –, then the Organisation may reject taking measures on the basis of the application, if the Data Subject exercises his/her rights under Articles 15-22 in the same subject for the third time within a month.

7.3. The right for objection

The data subject is authorised to object to the processing of his/her personal data based on the legitimate interest or a power of attorney at any time. 

In this case, the Organisation shall not process the personal data anymore, unless it can be proved that the processing is justified by such enforcing and legitimate reasons, which take priority against the interests, rights and freedom of the data subject, or which are related to the submission, enforcement or protection of legal claims.

If the soundness of the legal ground for the objection is established, then the processing shall be terminated within the possible shortest period of time – including the data transfer and data collection. Everybody to whom the Organisation previously transferred the data of the Data Subject shall be informed about the objection.

The settlement of the application is free of charge, except for the unfounded and exaggerated requests, whose arrangement may be charged by the Controller with the appropriate and reasonable rate of the fee. In case the Data Subject does not agree with the decision of the Controller, then he/she may refer to the court.

8. Data transfer to a third country or international organisations

The Controller transfers the personal data and records of the Data Subject to third countries outside the states of the European Economic Area or international organisations only with the expressed, written consent of the data subject. Data transfers to a third country are not characteristic of the activity of the controller, however in case of using certain forwarders and shipping agents it may occur. The Controller will arrange for getting the expressed consent of the data subject in this case.

9. Information about the data security measures

The Controller processes the data according to the expectations of the Security Regulation of Information in a closed system.

The Controller takes care of the default and integrated data protection. For this purpose, the Controller applies appropriate technical and organisational measures in order to:

  • precisely regulate access to the data;
  • permit access only for persons who need it for fulfilling their tasks and only to data which are absolutely needed for the fulfilment of the task;
  • select the appointed processor carefully and provide for appropriate processing contracts for ensuring data security;
  • provide for the uniformity (data integrity), authenticity and protection of the processed data.

The Controller applies a reasonable number of physical, technical and organisational security measures to protect the data of the Data Subject, in particular, against accidental, incompetent or unlawful destruction, loss, change, transfer, use, access to or processing of them. In case of public or incompetent access or use of the personal data with great risk level, the Controller must immediately inform the Data Subject.

The Controller provides for appropriate protection, e.g. by encryption of the data file, in case the data of the Data Subject must be transferred. The Controller shall bear full responsibility for the processing performed by third persons.

The Controller ensures the protection of the data of the Data Subject against destruction or loss with appropriate and regular back-ups.

10. The applied legal rules

Normative legal rules referring to the processing activities performed by the Controller:

  • Regulation No. 2016/679/EU  on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”),
  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: the “Info Act”),
  • Act C of 2000 on Accounting (hereinafter referred to as “Accounting Act”)
  • Act V of 2013 on the Civil Code (hereinafter referred to as “Ptk”).
  • Act CLV of 1997 on Consumer Protection (hereinafter referred to as “Act on Consumer Protection”).

11. Legal remedy

In case of any alleged violation of rights in respect of the processing of the personal data, any Data Subject may refer to the Budapest-Capital Regional Court or initiate an investigation at the Hungarian National Authority for Data Protection and Freedom of Information

President: dr. Attila Péterfalvi,

Address:  1024 Budapest, Szilágyi Erzsébet fasor 22/C.,

Contact details: ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu

Budapest, 24th May, 2018