Princess Fashion logo
0

Pay for quality, not branding!

Privacy policy

princessfashion.hu

1. Introduction

Welcome to our webshop!

Even ordering from a simple webshop has multiple data-management implications, and the wide flow of data cannot be understood without proper information.

We have prepared this privacy policy to make our data-management processes transparent. We update it continuously so that we can always provide our customers with up-to-date and accurate information about what happens to the personal data transmitted to us.

From this notice you will learn exactly who processes your data, why, and on what legal basis. We provide information about who has access to your data and why. You can find out what rights you have and how to exercise them.

When using our webshop, our customers provide us with personal data. This personal data is necessary for the provision of our services, so in most cases the future contract with you (and later, after your order is confirmed by our staff, the concluded contract) is what makes our processing lawful.

For our marketing activities we always ask for your prior consent, which you can withdraw at any time. Without your consent we will never send promotional messages by email, SMS, post, or any other channel.

We also process data to enforce our legitimate interests; for example, for security reasons the IP address of every webshop visitor is recorded and stored for 3 days. Also based on legitimate interest, after a purchase we may ask customers for feedback by phone or email to develop our webshop and product range.

When we process data based on legitimate interest, we always carry out a balancing test beforehand.

To successfully fulfil our services, in some cases we transfer data to third parties (e.g. courier services). Likewise, using data is unavoidable to comply with our legal obligations (for example, the law requires us to issue invoices to our customers, and these invoices can also be accessed by our accountant).

Additional data processors, and thus the transmission and accessibility of data, may also occur for other reasons; for example, the service provider used for the technical operation of the webshop stores your data as a data processor on our instructions.

As the operator of the webshop, we undertake to always carry out our data processing in accordance with this notice and applicable law.

In compiling our data-management operations and information materials we mainly rely on the following legislation:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR)

If you have any questions about our data management, you can reach us at:

  • Email: info@princessfashion.hu
  • Phone: 06-1-341-4955
  • Postal address: 1061 Budapest, Andrássy út 49.

The original language of this privacy policy is Hungarian.

The privacy policy consists of 11 numbered chapters: Introduction; Who is the controller; Data Protection Officer; Purpose and legal basis of processing; Security measures; Data transfers and processors; Transfers to third countries; Rights of data subjects; How to lodge a complaint; Cookie information; Annex: definitions.

Last modified: 1 June 2024.

2. Who is the controller?

When using the webshop, you provide us with personal data. We process your personal data as the controller in the legal sense, since we determine the purposes and means of the processing.

  • Company name: S.Princess Ltd.
  • Headquarters: 1061 Budapest, Andrássy út 49.
  • Tax number: 12775970-2-42
  • Company registration number: 01-09-731223
  • Court of registration: Metropolitan General Court
  • Webshop domain: princessfashion.hu
  • Email: info@princessfashion.hu
  • Phone: 06-1-341-4955

3. Data Protection Officer

Pursuant to Article 37 of the GDPR, we have considered whether to appoint a Data Protection Officer.

We have concluded that in our case there is no need to appoint a DPO; we are able to guarantee the lawfulness, transparency, and security of our data processing without one.

4. Purpose and legal basis of processing

We process personal data only lawfully, fairly, and in a manner transparent to our customers. We collect data only for clear, specified purposes, of which we also inform the data subjects. We never collect more data than is necessary to achieve the purpose.

We make every effort to ensure that the data we process is accurate and up to date; we correct or delete inaccurate data as soon as possible.

Data is only stored for a limited period; once it is no longer needed, we delete or anonymise it.

Our webshop only collects data from persons over the age of 18. If you are under 18, please do not use our webshop, or only use it with the consent of a person exercising parental authority.

5. Security measures

While carrying out our data-processing activities, we make every effort to keep your data safe. Our priorities are:

  • that only employees and partners with explicit authorisation can access your data,
  • preventing unauthorised access to, alteration, disclosure, or deletion of your personal data,
  • preserving your data accurately and being able to recover it in case of an incident,
  • notifying both authorities and data subjects as quickly as possible in the event of a breach.

Considering the state of the art, our webshop implements appropriate technical and organisational measures to guarantee data security, including:

  • data is received encrypted via the HTTPS protocol,
  • customer-account passwords are not stored, only their hashed form,
  • our staff use operating systems and software with the latest security updates,
  • our email server encrypts communication using Transport Layer Security (TLS),
  • our backups are encrypted,
  • personal data no longer needed is deleted or anonymised,
  • our hosting provider's servers are operated in a secure data centre,
  • our security measures are regularly reviewed and recorded in our internal security policy.

6. Data transfers and processors

To fulfil orders, operate the webshop technically, and for other purposes, we use external service providers.

NameActivityContact
Hetzner Online GmbHWeb hostinghttps://hetzner.com
Foxpost Zrt.Parcel deliveryhttps://foxpost.hu/
GLS General Logistics Systems Hungary Parcel Logistics Ltd.Parcel deliveryhttps://gls-group.eu/HU/en/home
Hungarian Post Ltd. (MPL)Parcel deliveryhttps://posta.hu/
Packeta Hungary Ltd.Parcel deliveryhttps://www.packeta.hu/
National Tax and Customs Administration (NAV)Electronic invoicinghttps://onlineszamla.nav.gov.hu/
OTP Mobil Service Ltd.Simple Pay online card paymenthttps://www.simplepay.hu/

7. Transfers to third countries

Our webshop does not transfer the personal data it collects to third countries.

8. Rights of data subjects (customers)

Personal data is called personal for a reason. You are the owner of your data, so we do everything we can to allow you to easily control it.

If you would like to exercise your rights or just have a question, we are happy to help at the contact details in section 8.1.

8.1 Contact details for exercising your rights

  • Postal address: 1061 Budapest, Andrássy út 49.
  • Phone: 06-1-341-4955
  • Email: info@princessfashion.hu

We respond to all requests within one month at the latest.

8.2 Access to personal data

You may request a copy of the personal data we hold about you. If you request access, we will also provide:

  • the purpose and legal basis of the processing,
  • the categories of personal data concerned,
  • the recipients or categories of recipients,
  • the envisaged storage period or the criteria for determining it,
  • information on your other rights (rectification, erasure, restriction, objection),
  • the possibility and means of lodging a complaint with a supervisory authority.

8.3 Rectification

If any data is incorrect in our database or your data has changed, we will update it upon your request.

8.4 Erasure

You may ask us to erase your personal data. Upon your request, we will delete or anonymise your data, but only if it is no longer needed for the purpose for which it was collected and we do not need it to comply with our legal obligations.

8.5 Restriction of processing

Restriction means that, except for storage, we may only process your personal data with your consent or for the establishment, exercise, or defence of legal claims.

You may request restriction in any of the following cases:

  • if you contest the accuracy of the data,
  • if processing is unlawful but you wish to restrict instead of erasing,
  • if we no longer need the data but you need it for legal claims,
  • if you have objected to the processing.

8.6 Objection

In some cases you have the right to object to the processing of your personal data, for example when our legal basis is legitimate interest. In such cases we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

8.7 Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller, provided that processing is based on consent or contract performance and is carried out by automated means.

9. How to lodge a complaint

If you feel you cannot or do not wish to resolve your data-processing concerns by communicating with us, you can submit a complaint to the competent authority:

  • National Authority for Data Protection and Freedom of Information (NAIH)
  • 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Phone: +36-1-3911400
  • Telefax: +36-1-3911410
  • Web: https://naih.hu
  • Email: ugyfelszolgalat@naih.hu
  • Online submission: https://naih.hu/online-uegyinditas.html

You may also submit consumer-rights complaints through the European Commission's Online Dispute Resolution platform: http://ec.europa.eu/consumers/odr/

10. Cookie information

For our webshop to work properly, we need to place cookies on your device, just like other websites.

Cookies are small text files stored on your computer or mobile device. The webshop uses them to remember your actions and personal settings (such as cart contents or login state) for a certain period, so you don't have to re-enter them every time you navigate within the webshop.

Third-party cookies for advertising and statistics:

  • Facebook: https://www.facebook.com/policies/cookies/
  • Google: https://policies.google.com/technologies/types
  • Behaviour-based advertising: http://www.youronlinechoices.com/en/
  • Opt out: http://www.youronlinechoices.com/en/ad-choices

Most browsers let you manage cookie settings:

  • Google Chrome: https://support.google.com/accounts/answer/61416
  • Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Internet Explorer: https://support.microsoft.com/en-us/help/17442
  • Opera: https://www.opera.com/help/tutorials/security/privacy/
  • Apple Safari: https://support.apple.com/kb/ph21411?locale=en_US

11. Annex: definitions

  1. Personal data: any information relating to an identified or identifiable natural person.
  2. Processing: any operation performed on personal data, such as collection, recording, structuring, storage, alteration, retrieval, use, disclosure, erasure, etc.
  3. Restriction of processing: marking stored personal data with the aim of limiting future processing.
  4. Profiling: any form of automated processing of personal data for evaluating personal aspects of a natural person.
  5. Pseudonymisation: processing personal data so that it can no longer be attributed to a specific data subject without additional information.
  6. Filing system: any structured set of personal data accessible according to specific criteria.
  7. Controller: the natural or legal person who determines the purposes and means of processing.
  8. Processor: the natural or legal person who processes personal data on behalf of the controller.
  9. Recipient: the natural or legal person to whom personal data is disclosed.
  10. Third party: a person other than the data subject, controller, or processor.
  11. Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes.
  12. Personal data breach: a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
  13. Genetic data: personal data relating to inherited or acquired genetic characteristics.
  14. Biometric data: personal data resulting from specific technical processing relating to physical, physiological, or behavioural characteristics (e.g. facial image, fingerprint).
  15. Data concerning health: personal data related to the physical or mental health of a natural person.
  16. Main establishment: the place of central administration in the Union of a controller or processor.
  17. Representative: a natural or legal person established in the Union, designated in writing by the controller or processor.
  18. Enterprise: a natural or legal person engaged in economic activity.
  19. Group of undertakings: a controlling undertaking and its controlled undertakings.
  20. Binding corporate rules: personal-data protection policies adhered to by a controller or processor for transfers within a group of undertakings.
  21. Supervisory authority: an independent public authority established by a Member State.
  22. Supervisory authority concerned: an authority concerned by processing in specific cases.
  23. Cross-border processing: processing carried out in the context of activities of establishments in more than one Member State.
  24. Relevant and reasoned objection: an objection to a draft decision regarding compliance with the Regulation.
  25. Information society service: a service within the meaning of Directive (EU) 2015/1535.
  26. International organisation: an organisation governed by public international law.