General Terms and Conditions - Princessfashion Web Store Princess Fashion.com Privacy policy 1. Introduction Welcome to our webshop! Ordering in a simple webshop also has multiple data management implications, it is impossible to see the wide flow of data without proper information. We have prepared this privacy policy in order to ensure the transparency of our data management processes. This is what we are constantly updating in order to always provide our customers with up-to-date and accurate information about what happens to the personal data transmitted to us. From this notice you will find out exactly who processes your data, why they process it and also under what law we may process this personal data. We provide information about who has access to your data and why. Find out what rights you have and how to exercise them. When using our webshop, our customers provide us with personal data. This personal data is necessary for the provision of our services, so in most cases the future contract with you and later (after confirming the order by our employee) the data processing carried out by us is lawful. We always ask for your prior consent to our data processing for our marketing activities, which you can withdraw at any time. Without your consent, we will never send advertising messages by e-mail, SMS, post or other interface. We also process data to enforce our legitimate interests, for example, for security reasons the IP address of each webshop visitor is recorded, which is stored for 3 days. Also due to our legitimate interest, we may ask customers for their opinion on our webshop and product range after purchase by phone and e-mail in order to develop our webshop and the products purchased. If we process data for the purpose of enforcing our legitimate interests, we will always carry out an interest balancing test prior to data processing. In order to perform our services successfully, in some cases, we also transfer the data to third parties, such as a courier service (if we did not provide the courier service with the addresses of the customers, it would not be possible to deliver the parcels to the correct address). Similarly, it is unavoidable to use the data to comply with our legal obligations (for example, we are required by law to issue invoices to our customers and these invoices can also be accessed by our accountant). The use of additional data processors, and thus the transmission and availability of data, may also take place for other reasons, for example, the service provider used for the technical operation of the webshop stores your data on our instructions as a data processor. As the operator of the webshop, we undertake that the data processing carried out by us is always carried out in accordance with the descriptions in this information document and in accordance with the applicable legislation. In compiling our data management operations and information materials, we mainly use the following legislation: Act of 2011 on the Right to Informational Self-Determination and Freedom of Information. CXII of year. The law (short for infotv) Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, in short GDPR) If you have any questions about the management of our webshop, we will be happy to answer you at one of the following contact details: Email:info@princessfashion.hu Phone: 06-1-341-4955 Postal address: 1061 Budapest, Andrássy út 49. The language of the privacy policy is Hungarian. The privacy policy consists of 11 numbered chapters: Introduction Who is the controller? Data Protection Officer Purpose and legal basis for the processing of personal data Security measures Data transfer and processors Data transfer to a third country Rights of data subjects (buyers) How to lodge a complaint Cookie information Annex: concepts This privacy policy was last modified on June 01, 2024. 2. Who is the controller? When using the webshop, you provide us with personal data. We process your personal data as a data controller in legal terms, as we determine the purposes and means of data processing. Company name: S.Princess Ltd. Headquarters: 1061 Budapest, Andrássy út 49. Tax number: 12775970-2-42 Company Registration Number: 01-09-731223 Court of Registration: Metropolitan General Court Domain of webshop:princessfashion.hu Email:info@princessfashion.hu Phone: 06-1-341-4955 3. Data Protection Officer We are based on GDPR 37. considered the possibility of appointing a Data Protection Officer on the basis of Article 3 of the GDPR. We have concluded that in our case there is no reason to appoint a Data Protection Officer, and we are able to guarantee the legality, transparency and security of our data processing without him. 4. Purpose and legal basis for the processing of personal data We process personal data only lawfully, fairly and in a transparent manner for our customers. We collect data only for a clear purpose, of which we also inform the data subjects. We never collect more data than is necessary to achieve the goal. We make every effort to ensure that the data we process is accurate and up to date, we correct or delete incorrect data as soon as possible. The data is only stored for a limited period of time, when it is no longer necessary to store it, it is deleted or anonymized. Our webshop is only 18. Collect data from persons over the age of one. If you are a person under the age of 18, please do not use our webshop or use it only if the person exercising parental authority has given their consent. 5. Security measures In carrying out our data processing activities, we make every effort to keep your data safe. Our priority goal, that your data can only be accessed by our employees and partners who have been granted the right to do so, to prevent unauthorized access, alteration, unauthorized disclosure or deletion of your personal data; to keep your data accurately, avoiding data loss, and in the event of a problem, to be able to recover the data, to notify both authorities and data subjects as soon as possible in the event of a data protection incident. Taking into account the state of science and technology, our webshop implements appropriate technical and organizational measures to guarantee data security, including: Our webshop receives the data encrypted via the HTTPS protocol, so it is not possible for unauthorized persons to access the personal data through any network device between the target server. Passwords are not stored in customer accounts, only the hashtag version of passwords, so there is no misuse. Our employees use operating systems and software with the latest security updates to perform their tasks. Our email server encrypts your communications with Transport Layer Security (TLS). Our backups are encrypted. Personal data that is no longer necessary will be deleted or anonymized for statistical purposes. The servers of our hosting provider are operated in a secure data center. Our security measures are regularly reviewed, the necessary tasks are recorded in our internal security policy and our employees always perform their tasks in accordance with the current policy. Our webshop stores personal data on its IT tools located at its headquarters, as well as on the servers of the hosting provider located in a secure data center. 6. Data transfer and processors We use external service providers for the fulfillment of orders, the technical operation of the webshop and other purposes. In the table below, you can see to whom we transfer the data, with whom we may carry out joint data processing, and which data processors we use. Name Activities: Availability by Hetzner Online GmbH Foxpost Zrt. Webhosting, hosting provider Parcel sending https://hetzner.com https://foxpost.hu/ GLS General Logistics Systems Hungary Parcel Logistics Ltd. Parcel sending https://gls-group.eu/HU/en/home Hungarian Post Ltd. (MPL) Package Hungary Ltd. National Tax and Customs Office (NAV) Parcel sending Parcel sending Electronic invoicing https://posta.hu/ https://www.packeta.hu/ https://onlineszamla.nav.gov.hu/ OTP Mobile Service Ltd. Simple Pay online credit card payment https://www.simplepay.hu/ 7. Data transfer to a third country Our webshop does not transfer the personal data collected by it to third countries. 8. Rights of data subjects (buyers) Personal data is not accidentally called personal data. You are the owner of your data, so we will do our best to ensure that you can easily control your own data. In this chapter, we explain the rights granted to you, the natural person concerned by data processing, by law. If you would like to exercise your rights or just have questions, we will be happy to help you with the contact details provided in section 8.1. 8.1 Our contact details for enforcement purposes Postal address: 1061 Budapest, Andrássy út 49. Phone: 06-1-341-4955 Email:info@princessfashion.hu We will respond to all requests within one month at the latest. 8.2 Access to personal data You have the right to request a copy of the personal data we hold about you, whether all or in relation to a specific transaction, provided that we process your personal data. We will also transfer the following information if you request access to your personal data processed by us: the purpose and legal basis of the processing the categories of personal data concerned the recipients or categories of recipients to whom the personal data have been or will be disclosed where applicable, the envisaged period for which personal data will be stored or, where that is not possible, the criteria for determining that period; a description of your additional rights (correction, deletion or restriction and objection) the possibility and manner of lodging a complaint with a supervisory authority With this information, you can find out how and why we use your data and make sure that we are legally processing it. If you would like to exercise your rights, please contact us using one of the contact details set out in section 8.1. 8.3 rectification of personal data If any data is included incorrectly in our database or there has been a change in your data, we will update the data upon your request. If you would like to exercise your rights, please contact us using one of the contact details set out in section 8.1. 8.4 Delete personal data You can ask us to delete your personal data stored by us. Upon your request, we will delete or anonymize your data, but only if it is no longer necessary for the purpose for which we originally collected it or if we do not need it to comply with our legal obligations. If you would like to exercise your rights, please contact us using one of the contact details set out in section 8.1. 8.5 Restriction of the processing of personal data Restriction means that your personal data, with the exception of storage, can only be used with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of public interest of the Union or of a Member State of the Union treated. You can ask us to restrict the processing of your data in any of the following cases: if you dispute the accuracy of the data, you may restrict the processing for as long as we verify the accuracy of the data if the processing is unlawful but you wish to restrict the processing instead of deleting it where we no longer need the data but you need them for the establishment, exercise or defence of legal claims if you have objected to the processing, the restriction will apply until it is determined whether our legitimate reasons outweigh your legitimate reasons. If you would like to exercise your rights, please contact us using one of the contact details set out in section 8.1. 8.6 Objections to the processing of personal data In some cases, you have the right to object to the processing of your personal data, for example if the legal basis for our processing is a legitimate interest. We shall no longer process your personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. related to defense. If you would like to exercise your rights, please contact us using one of the contact details set out in section 8.1. 8.7 Portability Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. happens in a way. If you would like to exercise your rights, please contact us using one of the contact details set out in section 8.1. 9. method of lodging a complaint If you feel that you are unable or unable to resolve your data processing problem by communicating with us, you can send your complaint to the competent authority: National Authority for Data Protection and Freedom of Information (NAIH) 1125 Budapest, Erzsébet Szilágyi fasor 22/C. Phone: +36-1-3911400 Telefax: +36-1-3911410 Web:https://naih.hu Email: ugyfelszolgalat@naih.hu Online business start:https://naih.hu/online-uegyinditas.html You can submit any complaints about consumer rights through the Online Dispute Resolution platform set up by the European Parliament and the Council: http://ec.europa.eu/consumers/odr/ 10. Cookie information In order for the webshop to function properly, we need to place cookies on your computer, as do other websites and webshops. Cookies are small text files that are stored on your computer and mobile device. Cookies are used by the webshop to remember your actions and personal settings (such as the contents of the cart or the status of your login) for a certain period of time, so you do not have to re-enter them every time you navigate from one page to another within the webshop. In connection with ads and statistics, possibly placed by third parties: Facebook: https://www.facebook.com/policies/cookies/ by Google: https://policies.google.com/technologies/types More information about behavior-based advertising: http://www.youronlinechoices.com/en/ Turn behavior-based ads on or off: http://www.youronlinechoices.com/en/ad-choices How can you manage your cookie settings? Most browsers provide you with the ability to manage your cookie settings. Help you set up the most popular browsers: by Google Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3Ddesktop&hl=en Microsoft Edge: https://privacy.microsoft.com/en-en/windows-10-microsoft-edge-and-privacy by Mozilla Firefox: https://support.mozilla.org/en/kb/sutik-licensory-es-tiltasa-amit-websites-use Microsoft's Internet Explorer: https://support.microsoft.com/en-en/help/17442/windows-internet-explorer-delete-management-cookies Opera: https://www.opera.com/help/tutorials/security/privacy/ The Apple Safari: https://support.apple.com/kb/ph21411?locale=en_HU Learn more about cookies If you would like to learn more about the operation of cookies, we recommend that you read the Wikipedia article related here: https://hu.wikipedia.org/wiki/HTTP cookie 11. Annex: concepts 1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); a natural person who, directly or indirectly, in particular by means of an identifier such as a name, number, location data, online identifier or natural person may be identified; can be identified by one or more factors relating to its physical, physiological, genetic, mental, economic, cultural or social identity; 2. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available or by making available by means of coordination or interconnection, restriction, deletion or destruction; 3. Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future. 4. ‘profiling’ means any form of automated processing of personal data in which personal data are processed for the purpose of evaluating certain personal characteristics of a natural person, in particular their performance at work, economic situation, health status, personal preferences; used to analyse or predict characteristics related to interest, reliability, behaviour, location or movement; 5. ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is technically and competitive. organisational measures are taken to ensure that such personal data cannot be linked to identified or identifiable natural persons; 6. ‘registration system’ means a set of personal data which is structured in any way, centralised, decentralised or functional or geographical, which is accessible on the basis of specific criteria; 7. Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may be determined by Union or Member State law; 8. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 9. Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, the processing of such data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing; 10. ‘third party’ means a natural or legal person, public authority, agency or other body which is not the same as the data subject, controller, processor or persons who, under the direct control of the controller or processor, process personal data; they have been authorised; 11. Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 12. ‘data protection incident’ means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed; 13. ‘genetic data’ means any personal data relating to the inherited or acquired genetic characteristics of a natural person which carries specific information about that person’s physiology or health and which is primarily a biological sample taken from that natural person; results from its analysis; 14. ‘biometric data’ means any personal data obtained through specific technical procedures relating to the physical, physiological or behavioural characteristics of a natural person which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data; 15. ‘health data’ means personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person, which carries information on the state of health of a natural person; 16. ‘business centre’ means, in the case of a controller established in more than one Member State, the place of its central administration within the Union, but where decisions on the purposes and means of processing personal data are taken at another place of business of the controller within the Union; (b) in the case of a processor established in more than one Member State, its central administration within the Union the place of business of the processor or, where the processor does not have a central administration in the Union, the place of business of the processor in the Union where the main processing activities carried out in connection with the activities carried out on the place of business of the processor, are carried out, provided that: the processor is subject to obligations imposed pursuant to this Regulation; 17. ‘representative’ means the person established or resident in the Union and by the controller or processor referred to in Article 27. a natural or legal person designated in writing pursuant to Article 5 representing the controller or processor in relation to the obligations of the controller or processor under this Regulation; 18. ‘undertaking’ means any natural or legal person engaged in an economic activity, whatever its legal form, including partnerships and associations engaged in a regular economic activity; 19. ‘group of undertakings’ means the controlling undertaking and the undertakings it controls; 20. ‘binding corporate rules’ means the rules on the protection of personal data adopted by a controller or processor established on the territory of a Member State of the Union in one or more third countries in the same group of undertakings or in a joint economic activity; follow-up or series of transfers by a controller or processor within the same group of undertakings carrying out activities; 21. ‘supervisory authority’ means a Member State in accordance with Article 51. an independent public authority established in accordance with Article 5; 22. ‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data on one of the following grounds: (a) the controller or processor is established on the territory of the Member State of that supervisory authority; affects or is likely to significantly affect data subjects resident in the Member State of the supervisory authority; or (c) a complaint has been lodged with that supervisory authority; 23. ‘border processing of personal data’ means the processing of personal data in the Union which is carried out in the context of activities carried out at establishments situated in more than one Member State by a controller or processor established in more than one Member State; (b) processing of personal data in the Union which is carried out in the context of activities carried out on a single establishment of a controller or processor in such a way that significantly affects or is likely to significantly affect more than one Member State; affects those concerned; 24. ‘relevant and reasoned objection’ means an objection to a draft decision as to whether there has been an infringement of this Regulation or whether the envisaged measure concerning the controller or processor is in conformity with this Regulation; the objection shall clearly state: the importance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where appropriate, to the free movement of personal data within the Union; 25. ‘informed society service’ means Directive (EU) 2015/1535 of the European Parliament and of the Council (19) 1. a service within the meaning of Article 1(1)(b); 26. ‘international organisation’ means an organisation governed by public international law or its subsidiary bodies, or any other body established or established on the basis of an agreement between two or more countries.