Privacy policy:
Name: Kerezsi-Kiss Anna Rita E.V.
Registered seat: 4225, Debrecen, Sillye Gábor utca 21.
Mailing address, complaint management: 4225, Debrecen, Sillye Gábor utca 21.
E-mail: redhatgirlmail@gmail.com
Phone number:
Website: http://redhatgirlco.com
Hosting service provider
Name: RackForest
Mailing address: Budapest, Victor Hugo u. 11-5. emelet, 1132
E-mail: info@rackforest.com
Phone number: (06 1) 211 0044
Description of the data processing activities carried out in the course of the
operation of the webshop
This document contains all relevant data processing information regarding the operation of the webshop in
accordance with General Data Protection Regulation (2016/679) of the European Union (hereinafter: Regulation or
GDPR) and Act CXII of 2011 (hereinafter: Privacy Act).
Information on the use of cookies
What is a cookie?
Upon visiting the website, the Data Controller uses cookies. A cookie is an information package consisting of letters
and numbers sent to your browser by our website with the purpose of saving certain settings, facilitate the use of
our website and help us collect relevant, statistical information of our visitors.
Some cookies do not contain personal information and are not suitable for identifying individual users, but some
cookies contain a unique identifier, that is, a secret number sequence generated randomly, which will be stored by
your device and therefore will ensure your identification. The operational duration of each cookie is included in the
relevant description.
Legal background and legal grounds of cookies:
The legal basis of processing is your consent pursuant to Article 6(1)(a) of the Regulation.
Main characteristics of the cookies used by the website:
Strictly necessary cookies:
If you do not accept the use of cookies, certain functions will not be available to you.
Cookies strictly necessary for operation: These cookies are essential for the use of the website and enable the use
of the basic functions of the site. In the lack of these cookies several functions of the website will not be available to
you. The lifetime of these cookies is limited exclusively to the duration of the session.
Session cookies: These cookies store the location of the user, the language of the browser, and the currency of the
payment. Their lifetime lasts until the browser is closed or 2 hours at maximum.
Statistic cookies:
Cookies for improving user experience: These cookies collect information of the way the user uses the website, for
example which pages does the user visit most frequently or what error messages do they receive from the website.
These cookies do not collect information identifying the visitor, that is, they work with completely general,
anonymous information. They use the data extracted from such information to improve the performance of the
website. The lifetime of these cookies is limited exclusively to the duration of the session.
You can find further information about deleting cookies at the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
Data processed for the purpose of concluding and performing the contract
In order to conclude and performing the contract, several cases of data processing may occur. We hereby inform
you that data processing related to complaint management and administration related to guarantee rights will only
be carried if you exercise one of the said rights.
If you do not purchase via the webshop but arrive only as a visitor, then the provisions on data processing for
marketing purposes may apply to you if you give consent to us for marketing purposes.
Data processing activities for the purpose of concluding and performing the contract in detail are:
Contact
If, for example, you contact us via email, contact form or by phone for inquiry on a product. Prior contact is not
necessary, you can order from the webshop at any time in the lack of it.
Data processed
The data provided by you upon contacting us.
Period of the data processing
We only process the data until the end of the contact.
Legal basis for the data processing
Your voluntary consent given to the Data Controller by contacting us. [Data processing pursuant to Article 6(1)(a) of
the Regulation]
Processing the order
Data processing activities in the course of order management required for the purpose of performing the contract.
Data processed
During the data processing, the Data Controller processes your name, address, email address, the properties of the
products purchased, the order number and the date of the purchase.
If you place an order in the webshop, the data processing and the provision of the data is inevitable for the
performance of the contract.
Period of the data processing
We process the data for 5 years in accordance with the civil-law limitation period.
Legal basis for the data processing
The performance of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]
Issuing the invoice
The data processing is carried out for the purpose of issuing an invoice in compliance with the law and fulfilling the
obligation of retaining the accounting document. Pursuant to paragraphs (1)-(2) of section 169 of the Accounting
Act, economic organisations must retain accounting documents directly and indirectly supporting the accounting
records.
Data processed
Name, address, e-mail address, phone number.
Period of the data processing
Pursuant to paragraph (2) of section 169 of the Accounting Act, the issued invoices must be retained for 8 years of
the issuing.
Legal basis for the data processing
Pursuant to paragraph (1) of section 159 of Act CXXVII of 2007 on value added tax, issuing an invoice is mandatory
and, pursuant to paragraph (2) of section 169 of the Accounting Act, the issued invoices must be retained for 8
years. [Data processing pursuant to Article 6(1)(c) of the Regulation].
Data processing related to product delivery
The data processing is carried out for the purpose of delivering the ordered product.
Data processed
Name, address, e-mail address, phone number.
Period of the data processing
The data processing is carried out for the purpose of delivering the ordered product.
Legal basis for the data processing
The performance of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]
Recipients and data processors for delivery of goods
Name of recipient: Magyar Posta Zártkörűen Működő Részvénytársaság
Registered seat of recipient: 1138 Budapest, Dunavirág utca 2-6.
Phone number of recipient: +36-1/767-8200
E-mail address of recipient: ugyfelszolgalat@posta.hu
Website of recipient: posta.hu
The courier service participates in delivering the ordered product based on its contract concluded with the Data
Controller. The courier service processes the data provided to it in accordance with the privacy policy available on its
website.
Name of recipient: FoxPost Zártkörűen Működő Részvénytársaság
Registered seat of recipient: 3300 Eger, Pacsirta utca 35/A.
Phone number of recipient: +36 1/999-0-369
E-mail address of recipient: info@foxpost.hu
Website of recipient: foxpost.hu
The courier service participates in delivering the ordered product based on its contract concluded with the Data
Controller. The courier service processes the data provided to it in accordance with the privacy policy available on its
website.
Data processing with marketing purposes
Data processing related to sending newsletters
Data processing is carried out for the purpose of sending newsletters.
Data procesed
Name, address, e-mail address, phone number.
Period of the data processing
Until the withdrawal of the data subject’s consent.
Legal basis for the data processing
Your voluntary consent given to the Data Controller by subscribing to the newsletter. [Data processing pursuant to
Article 6(1)(a) of the Regulation]
Data processing related to sending and displaying personalized ads
The data processing is carried out for the purpose of sending ad content in accordance with the data subject’s range
of interest.
Data processed
Name, address, e-mail address, phone number.
Period of the data processing
Until the withdrawal of your consent.
Legal basis for the data processing
Your voluntary, separate consent given to the Data Controller upon data collection. [Data processing pursuant to
Article 6(1)(a) of the Regulation]
Additional data processing activities
If the Data Controller intents to carry out any further data processing activities, it will provide prior information on the
actual circumstances of the data processing (legal background and legal basis of the data processing, the scope of
the processed data, the period of the data processing).
Recipients of personal data
Activities of data processors for storing personal data
Name of the data processor: RackForest
Contact details of the data processor:
Phone number of the data processor: (06 1) 211 0044
E-mail of the data processor: info@rackforest.com
Registered seat of the data processor: Budapest, Victor Hugo u. 11-5. emelet, 1132
Website of the data processor: rackforest.com
The Data Processor carries out personal data storage on the basis of a contract concluded with the Data Controller.
The Data Processor is not entitled to access the personal data.
Activities of data processors related to sending newsletters
Name of the company operating the newsletter system: MailerLite
Registered seat of the company operating the newsletter system: 548 Market St, PMB 98174, San Francisco, CA
94104-5401, United States
Phone number of the company operating the newsletter system:
E-mail address of the company operating the newsletter system:
Website of the company operating the newsletter system: https://www.mailerlite.com/
The Data Processor participates in sending the newsletters under a contract concluded with the Data Controller. In
the course of that participation, the Data Processor processes the data subject’s name and address, to the extent
necessary for sending newsletters.
Activities of data processors related to invoicing
Name of the data processor: Billingo Technologies Zrt.
Registered seat of the data processor: Budapest, Árbóc utca 6, 1133
Phone number of the data processor: (06 1) 500 9491
E-mail of the data processor: hello@billingo.hu
Website of the data processor: https://www.billingo.hu/
The Data Processor participates in recording accounting documents under a contract concluded in writing with the
Data Controller. In the course of that participation, the Data Processor processes the data subject’s name and
address, to the extent necessary for accounting records, for the period in compliance with paragraph (2) of section
169 of the Accounting Act, and will erase them immediately thereafter.
Data processing related to online payment
Name of the data controller: Stripe, Inc.
Registered seat of the data controller: Dublin, Ireland
Phone number of the data controller:
E-mail of the data controller: sales@stripe.com
Website of the data controller: https://stripe.com/
The online payment service provider participates in implementing online payments under a contract concluded in
writing with the Data Controller, for the purpose of which data transfer is carried out towards the online payment
service provider in the course of the purchase process. In the course of that participation, the online payment service
provider processes the data subject’s invoicing name and address, as well as the number and date of order, under
its own privacy policy.
The purpose of data transfer: to provide the online payment service provider with the transaction data necessary for
the payment operation initiated at the online payment service provider and related to the purchase.
Legal basis: performance of the contract concluded between you and the Data Controller pursuant to Article 6(1)(b)
of the Regulation, which includes payment on the buyer’s part, and for which, in the case of online payment, data
transfer under this section is required.
Your rights in the course of the data processing
Within the period of data processing, you are entitled to the following rights pursuant to the provisions of the
Regulation:
right to withdraw consent
access to personal data and information related to data processing
right to rectification
restriction of data processing,
right to erasure
right to object
right to data portability.
If you wish to exercise your rights, it will involve your identification, and the Data Controller must necessarily
communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but
only your data already processed by the Data Controller can serve as the basis of identification), and your
complaints as regards data processing will be available in your email account within the period specified in this
Privacy Notice regarding complaints. If you have been our customer and you wish to identify yourself for the purpose
of complaint handling or guarantee management process, please enter your order ID as well for identification. That
way we can identify you as our customer.
The Data Controller will respond to complaints as regards data processing within 30 days at the latest.
Right to withdraw consent
You have the right to withdraw your consent to data processing at any time, in which case the data provided will be
erased from our system. However, please note that in the case of an order that has not yet been fulfilled, the
withdrawal of consent may result in us not being able to complete the delivery of your order. In addition, if the
purchase has already been completed, based on the accounting regulations, we cannot erase the date related to
invoicing from our systems, and if there is any remainder amount unpaid by you to us, we can process your data
even in the event of the withdrawal of your consent based on the legitimate interest in debt collection.
Access to personal data
You have the right to obtain from the Data Controller confirmation as to whether your personal data are being
processed, and where that is the case, you have the right to:
a gain access to the processed personal data, and
a receive information from the Data Controller on the following:
the purposes of data processing;
the categories of your personal data processed;
information on the recipients or categories of recipients to whom the personal data have been or will
be disclosed;
the envisaged period of the processing of personal data or, if that is not possible, the criteria used to
determine that period;
the existence of your right to request from the Data Controller rectification or erasure of personal
data or restriction of processing of personal data concerning you or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their
source;
the existence of automated decision-making, including profiling, and, at least in those cases,
meaningful information about the logic involved, as well as the significance and the envisaged
consequences of such processing for you.
The purpose of exercising these rights may be aimed at establishing and verifying the lawfulness of data
processing, therefore, in case of multiple requests for information, the Data Controller may charge a fair fee in
exchange for providing the information.
Access to personal data is ensured by the Data Controller by sending you the processed personal data and
information by email after your identification. If you have registered, we provide access so that you can view and
check your personal data by logging into your user account.
Please indicate in your request that you ask for access to personal data or information on data processing.
Right to rectification
You have the right to obtain from the Data Controller without delay the rectification of inaccurate personal data
concerning you.
Right to the restriction of data processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you, for a period enabling the Data Controller to verify the
accuracy of the personal data, and if the accurate data can be immediately established, then no restriction
will take place;
the data processing is unlawful and you oppose the erasure of the personal data for any reason (for example
because the data are necessary for the possible assertion of a claim) and requests the restriction of their
use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by
the data subject for the establishment, exercise or defence of legal claims, or
if you have objected to the data processing but the legitimate interest of the Data Controller may also serve
as grounds for it, the data processing must be restricted until it can be established whether the legitimate
grounds of the Data Controller override the legitimate grounds referred to by you.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed
with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of
another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You will be informed by the Data Controller before the restriction of processing is lifted (at least 3 business days
before the restriction is lifted).
Right to erasure – right to be forgotten
You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue
delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or
otherwise processed by the Data Controller;
you withdraw your consent on which the processing is based and there is no other legal ground for the
processing;
you object to the processing based on legitimate interest and there are no overriding legitimate grounds (that
is, legitimate interest) for the processing,
the personal data have been unlawfully processed by the Data Controller where that was established on the
basis of the complaint,
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to
which the Data Controller is subject.
Where the Data Controller, based on any lawful ground, has made the personal data public and is obliged to erase
the personal data due to any of the above grounds, the controller, taking account of available technology and the
cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers
which are processing the personal data that you have requested the erasure by such controllers of any links to, or
copy or replication of, those personal data.
The erasure shall not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
or compliance with a legal obligation which requires processing by Union or Member State law to which the
Data Controller is subject (data processing in the framework of invoicing is one of those cases, as the
retaining of the invoice is prescribed by law), or for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the Data Controller;
for the establishment, exercise or defence of legal claims (e.g., if the Data Controller has any claims against
you which has been not fulfilled yet, or there is undergoing complaint management process).
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal
data concerning you which is based on legitimate interests. In such case, the Data Controller shall no longer process
the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which
override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal
claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to
processing of personal data concerning you for such marketing, which includes profiling to the extent that it is
related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data
shall no longer be processed for such purposes.
Right to data portability
If the data processing is carried out in an automated way or if the data management is based on your voluntary
consent, you have the right to ask the Data Controller for the data you provided to the Data Controller, which the Data
Controller will send in xml, JSON or csv format at your disposal, and, if this is technically feasible, you can request
that the Data Controller forward the data in this form to another data controller.
Automated decision-making
You have the right not to be subject to a decision which is based solely on automated processing (including profilin)
and which produces legal effects concerning you or similarly significantly affects you. In these cases, the Data
Controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate
interests, at least the right to obtain human intervention on the part of the controller, to express their point of view
and to contest the decision.
The above shall not apply if the decision:
is necessary for the conclusion and performance of the contract between you and the Data Controller;
is authorised by Union or Member State law to which the controller is subject and which also lays down
suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
Reporting to the Data Protection Registration System
Pursuant to the Privacy Act, the Data Controller must report its certain data processing activities to the data
protection registration system. This reporting obligation was terminated on 25 May 2018.
Data security measures
The Data Controller declares that it has taken appropriate security measures in order to protect personal data
against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against
accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology
used.
The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data
Processors also take appropriate data security measures when working with your personal data.
Remedies
If, in your opinion, the Data Controller has violated a legal provision relating to data processing or has not fulfilled
any of your requests, then in order to terminate alleged unlawful data processing, you can initiate the investigative
procedure of the Hungarian National Authority for Data Protection and Freedom of Information (mailing address:
H-1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838;
+36 (1) 391 1400).
We would also like to inform you that in the event of a violation of the legal provisions on data processing, or if the
Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.
Amendment of the Privacy Policy
The Data Controller reserves the right to modify this data management information in a way that does not affect the
purpose and legal basis of data processing. By using the website after the amendment enters into force, you accept
the amended Privacy Notice.
If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other
than that of their collection, it will inform you, before commencing any further data processing, of the purpose of the
data processing and the information on the following:
the envisaged period of the processing of personal data or, if that is not possible, the criteria used to
determine that period;
the existence of your right to request from the Data Controller access to, rectification or erasure of personal
data or restriction of processing of personal data concerning you, or to object to such processing in the case
of data processing on the grounds of legitimate interest, or to request ensuring data portability in the case of
data processing on the grounds of consent or contractual relationship;
in the case of data processing on the grounds of consent, that you may withdraw your consent at any time,
the right to lodge a complaint with a supervisory authority;
whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite
for concluding a contract, as well as whether you are obliged to provide personal data, and what possible
consequences the failure to provide data may have;
the existence of automated decision-making, including profiling, and, at least in those cases, meaningful
information about the logic involved, as well as the significance and the envisaged consequences of such
processing for you.
The data processing may only be commenced thereafter, and, in the case of data processing on the grounds of
consent, your consent will also be required to the data processing in addition to the provision of the above
information.
Powered by