Privacy policy:

Name: Kerezsi-Kiss Anna Rita E.V.

Registered seat: 4225, Debrecen, Sillye Gábor utca 21.

Mailing address, complaint management: 4225, Debrecen, Sillye Gábor utca 21.

E-mail: redhatgirlmail@gmail.com

Phone number:

Website: http://redhatgirlco.com

Hosting service provider

Name: RackForest

Mailing address: Budapest, Victor Hugo u. 11-5. emelet, 1132

E-mail: info@rackforest.com

Phone number: (06 1) 211 0044

Description of the data processing activities carried out in the course of the

operation of the webshop

This document contains all relevant data processing information regarding the operation of the webshop in

accordance with General Data Protection Regulation (2016/679) of the European Union (hereinafter: Regulation or

GDPR) and Act CXII of 2011 (hereinafter: Privacy Act).

Information on the use of cookies

What is a cookie?

Upon visiting the website, the Data Controller uses cookies. A cookie is an information package consisting of letters

and numbers sent to your browser by our website with the purpose of saving certain settings, facilitate the use of

our website and help us collect relevant, statistical information of our visitors.

Some cookies do not contain personal information and are not suitable for identifying individual users, but some

cookies contain a unique identifier, that is, a secret number sequence generated randomly, which will be stored by

your device and therefore will ensure your identification. The operational duration of each cookie is included in the

relevant description.

Legal background and legal grounds of cookies:

The legal basis of processing is your consent pursuant to Article 6(1)(a) of the Regulation.

Main characteristics of the cookies used by the website:

Strictly necessary cookies:

If you do not accept the use of cookies, certain functions will not be available to you.

Cookies strictly necessary for operation: These cookies are essential for the use of the website and enable the use

of the basic functions of the site. In the lack of these cookies several functions of the website will not be available to

you. The lifetime of these cookies is limited exclusively to the duration of the session.

 

Session cookies: These cookies store the location of the user, the language of the browser, and the currency of the

payment. Their lifetime lasts until the browser is closed or 2 hours at maximum.

Statistic cookies:

Cookies for improving user experience: These cookies collect information of the way the user uses the website, for

example which pages does the user visit most frequently or what error messages do they receive from the website.

These cookies do not collect information identifying the visitor, that is, they work with completely general,

anonymous information. They use the data extracted from such information to improve the performance of the

website. The lifetime of these cookies is limited exclusively to the duration of the session.

You can find further information about deleting cookies at the following links:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito

Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Chrome: https://support.google.com/chrome/answer/95647

Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Data processed for the purpose of concluding and performing the contract

In order to conclude and performing the contract, several cases of data processing may occur. We hereby inform

you that data processing related to complaint management and administration related to guarantee rights will only

be carried if you exercise one of the said rights.

If you do not purchase via the webshop but arrive only as a visitor, then the provisions on data processing for

marketing purposes may apply to you if you give consent to us for marketing purposes.

Data processing activities for the purpose of concluding and performing the contract in detail are:

Contact

If, for example, you contact us via email, contact form or by phone for inquiry on a product. Prior contact is not

necessary, you can order from the webshop at any time in the lack of it.

Data processed

The data provided by you upon contacting us.

Period of the data processing

We only process the data until the end of the contact.

Legal basis for the data processing

Your voluntary consent given to the Data Controller by contacting us. [Data processing pursuant to Article 6(1)(a) of

the Regulation]

Processing the order

Data processing activities in the course of order management required for the purpose of performing the contract.

Data processed

During the data processing, the Data Controller processes your name, address, email address, the properties of the

products purchased, the order number and the date of the purchase.

If you place an order in the webshop, the data processing and the provision of the data is inevitable for the

performance of the contract.

Period of the data processing

We process the data for 5 years in accordance with the civil-law limitation period.

Legal basis for the data processing

The performance of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]

Issuing the invoice

The data processing is carried out for the purpose of issuing an invoice in compliance with the law and fulfilling the

obligation of retaining the accounting document. Pursuant to paragraphs (1)-(2) of section 169 of the Accounting

Act, economic organisations must retain accounting documents directly and indirectly supporting the accounting

records.

Data processed

Name, address, e-mail address, phone number.

Period of the data processing

Pursuant to paragraph (2) of section 169 of the Accounting Act, the issued invoices must be retained for 8 years of

the issuing.

Legal basis for the data processing

Pursuant to paragraph (1) of section 159 of Act CXXVII of 2007 on value added tax, issuing an invoice is mandatory

and, pursuant to paragraph (2) of section 169 of the Accounting Act, the issued invoices must be retained for 8

years. [Data processing pursuant to Article 6(1)(c) of the Regulation].

Data processing related to product delivery

The data processing is carried out for the purpose of delivering the ordered product.

Data processed

Name, address, e-mail address, phone number.

Period of the data processing

The data processing is carried out for the purpose of delivering the ordered product.

Legal basis for the data processing

The performance of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]

Recipients and data processors for delivery of goods

Name of recipient: Magyar Posta Zártkörűen Működő Részvénytársaság

Registered seat of recipient: 1138 Budapest, Dunavirág utca 2-6.

Phone number of recipient: +36-1/767-8200

E-mail address of recipient: ugyfelszolgalat@posta.hu

Website of recipient: posta.hu

The courier service participates in delivering the ordered product based on its contract concluded with the Data

Controller. The courier service processes the data provided to it in accordance with the privacy policy available on its

website.

Name of recipient: FoxPost Zártkörűen Működő Részvénytársaság

Registered seat of recipient: 3300 Eger, Pacsirta utca 35/A.

Phone number of recipient: +36 1/999-0-369

E-mail address of recipient: info@foxpost.hu

Website of recipient: foxpost.hu

The courier service participates in delivering the ordered product based on its contract concluded with the Data

Controller. The courier service processes the data provided to it in accordance with the privacy policy available on its

website.

Data processing with marketing purposes

Data processing related to sending newsletters

Data processing is carried out for the purpose of sending newsletters.

Data procesed

Name, address, e-mail address, phone number.

Period of the data processing

Until the withdrawal of the data subjects consent.

Legal basis for the data processing

Your voluntary consent given to the Data Controller by subscribing to the newsletter. [Data processing pursuant to

Article 6(1)(a) of the Regulation]

Data processing related to sending and displaying personalized ads

The data processing is carried out for the purpose of sending ad content in accordance with the data subjects range

of interest.

Data processed

Name, address, e-mail address, phone number.

Period of the data processing

Until the withdrawal of your consent.

Legal basis for the data processing

Your voluntary, separate consent given to the Data Controller upon data collection. [Data processing pursuant to

Article 6(1)(a) of the Regulation]

Additional data processing activities

If the Data Controller intents to carry out any further data processing activities, it will provide prior information on the

actual circumstances of the data processing (legal background and legal basis of the data processing, the scope of

the processed data, the period of the data processing).

Recipients of personal data

Activities of data processors for storing personal data

Name of the data processor: RackForest

Contact details of the data processor:

Phone number of the data processor: (06 1) 211 0044

E-mail of the data processor: info@rackforest.com

Registered seat of the data processor: Budapest, Victor Hugo u. 11-5. emelet, 1132

Website of the data processor: rackforest.com

The Data Processor carries out personal data storage on the basis of a contract concluded with the Data Controller.

The Data Processor is not entitled to access the personal data.

Activities of data processors related to sending newsletters

Name of the company operating the newsletter system: MailerLite

Registered seat of the company operating the newsletter system: 548 Market St, PMB 98174, San Francisco, CA

94104-5401, United States

Phone number of the company operating the newsletter system:

E-mail address of the company operating the newsletter system:

Website of the company operating the newsletter system: https://www.mailerlite.com/

The Data Processor participates in sending the newsletters under a contract concluded with the Data Controller. In

the course of that participation, the Data Processor processes the data subjects name and address, to the extent

necessary for sending newsletters.

Activities of data processors related to invoicing

Name of the data processor: Billingo Technologies Zrt.

Registered seat of the data processor: Budapest, Árbóc utca 6, 1133

Phone number of the data processor: (06 1) 500 9491

E-mail of the data processor: hello@billingo.hu

Website of the data processor: https://www.billingo.hu/

The Data Processor participates in recording accounting documents under a contract concluded in writing with the

Data Controller. In the course of that participation, the Data Processor processes the data subjects name and

address, to the extent necessary for accounting records, for the period in compliance with paragraph (2) of section

169 of the Accounting Act, and will erase them immediately thereafter.

Data processing related to online payment

Name of the data controller: Stripe, Inc.

Registered seat of the data controller: Dublin, Ireland

Phone number of the data controller:

E-mail of the data controller: sales@stripe.com

Website of the data controller: https://stripe.com/

The online payment service provider participates in implementing online payments under a contract concluded in

writing with the Data Controller, for the purpose of which data transfer is carried out towards the online payment

service provider in the course of the purchase process. In the course of that participation, the online payment service

provider processes the data subjects invoicing name and address, as well as the number and date of order, under

its own privacy policy.

The purpose of data transfer: to provide the online payment service provider with the transaction data necessary for

the payment operation initiated at the online payment service provider and related to the purchase.

Legal basis: performance of the contract concluded between you and the Data Controller pursuant to Article 6(1)(b)

of the Regulation, which includes payment on the buyers part, and for which, in the case of online payment, data

transfer under this section is required.

Your rights in the course of the data processing

Within the period of data processing, you are entitled to the following rights pursuant to the provisions of the

Regulation:

right to withdraw consent

access to personal data and information related to data processing

right to rectification

restriction of data processing,

right to erasure

right to object

right to data portability.

If you wish to exercise your rights, it will involve your identification, and the Data Controller must necessarily

communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but

only your data already processed by the Data Controller can serve as the basis of identification), and your

complaints as regards data processing will be available in your email account within the period specified in this

Privacy Notice regarding complaints. If you have been our customer and you wish to identify yourself for the purpose

of complaint handling or guarantee management process, please enter your order ID as well for identification. That

way we can identify you as our customer.

The Data Controller will respond to complaints as regards data processing within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the data provided will be

erased from our system. However, please note that in the case of an order that has not yet been fulfilled, the

withdrawal of consent may result in us not being able to complete the delivery of your order. In addition, if the

purchase has already been completed, based on the accounting regulations, we cannot erase the date related to

invoicing from our systems, and if there is any remainder amount unpaid by you to us, we can process your data

even in the event of the withdrawal of your consent based on the legitimate interest in debt collection.

Access to personal data

You have the right to obtain from the Data Controller confirmation as to whether your personal data are being

processed, and where that is the case, you have the right to:

a gain access to the processed personal data, and

a receive information from the Data Controller on the following:

the purposes of data processing;

the categories of your personal data processed;

information on the recipients or categories of recipients to whom the personal data have been or will

be disclosed;

the envisaged period of the processing of personal data or, if that is not possible, the criteria used to

determine that period;

the existence of your right to request from the Data Controller rectification or erasure of personal

data or restriction of processing of personal data concerning you or to object to such processing;

the right to lodge a complaint with a supervisory authority;

where the personal data are not collected from the data subject, any available information as to their

source;

the existence of automated decision-making, including profiling, and, at least in those cases,

meaningful information about the logic involved, as well as the significance and the envisaged

consequences of such processing for you.

The purpose of exercising these rights may be aimed at establishing and verifying the lawfulness of data

processing, therefore, in case of multiple requests for information, the Data Controller may charge a fair fee in

exchange for providing the information.

Access to personal data is ensured by the Data Controller by sending you the processed personal data and

information by email after your identification. If you have registered, we provide access so that you can view and

check your personal data by logging into your user account.

Please indicate in your request that you ask for access to personal data or information on data processing.

Right to rectification

You have the right to obtain from the Data Controller without delay the rectification of inaccurate personal data

concerning you.

Right to the restriction of data processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by you, for a period enabling the Data Controller to verify the

accuracy of the personal data, and if the accurate data can be immediately established, then no restriction

will take place;

the data processing is unlawful and you oppose the erasure of the personal data for any reason (for example

because the data are necessary for the possible assertion of a claim) and requests the restriction of their

use instead;

the controller no longer needs the personal data for the purposes of the processing, but they are required by

the data subject for the establishment, exercise or defence of legal claims, or

if you have objected to the data processing but the legitimate interest of the Data Controller may also serve

as grounds for it, the data processing must be restricted until it can be established whether the legitimate

grounds of the Data Controller override the legitimate grounds referred to by you.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed

with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of

another natural or legal person or for reasons of important public interest of the Union or of a Member State.

You will be informed by the Data Controller before the restriction of processing is lifted (at least 3 business days

before the restriction is lifted).

Right to erasure right to be forgotten

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue

delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or

otherwise processed by the Data Controller;

you withdraw your consent on which the processing is based and there is no other legal ground for the

processing;

you object to the processing based on legitimate interest and there are no overriding legitimate grounds (that

is, legitimate interest) for the processing,

the personal data have been unlawfully processed by the Data Controller where that was established on the

basis of the complaint,

the personal data have to be erased for compliance with a legal obligation in Union or Member State law to

which the Data Controller is subject.

Where the Data Controller, based on any lawful ground, has made the personal data public and is obliged to erase

the personal data due to any of the above grounds, the controller, taking account of available technology and the

cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers

which are processing the personal data that you have requested the erasure by such controllers of any links to, or

copy or replication of, those personal data.

The erasure shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;

or compliance with a legal obligation which requires processing by Union or Member State law to which the

Data Controller is subject (data processing in the framework of invoicing is one of those cases, as the

retaining of the invoice is prescribed by law), or for the performance of a task carried out in the public

interest or in the exercise of official authority vested in the Data Controller;

for the establishment, exercise or defence of legal claims (e.g., if the Data Controller has any claims against

you which has been not fulfilled yet, or there is undergoing complaint management process).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal

data concerning you which is based on legitimate interests. In such case, the Data Controller shall no longer process

the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which

override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal

claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to

processing of personal data concerning you for such marketing, which includes profiling to the extent that it is

related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data

shall no longer be processed for such purposes.

Right to data portability

If the data processing is carried out in an automated way or if the data management is based on your voluntary

consent, you have the right to ask the Data Controller for the data you provided to the Data Controller, which the Data

Controller will send in xml, JSON or csv format at your disposal, and, if this is technically feasible, you can request

that the Data Controller forward the data in this form to another data controller.

Automated decision-making

You have the right not to be subject to a decision which is based solely on automated processing (including profilin)

and which produces legal effects concerning you or similarly significantly affects you. In these cases, the Data

Controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate

interests, at least the right to obtain human intervention on the part of the controller, to express their point of view

and to contest the decision.

The above shall not apply if the decision:

is necessary for the conclusion and performance of the contract between you and the Data Controller;

is authorised by Union or Member State law to which the controller is subject and which also lays down

suitable measures to safeguard your rights and freedoms and legitimate interests; or

is based on your explicit consent.

Reporting to the Data Protection Registration System

Pursuant to the Privacy Act, the Data Controller must report its certain data processing activities to the data

protection registration system. This reporting obligation was terminated on 25 May 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures in order to protect personal data

against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against

accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology

used.

The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data

Processors also take appropriate data security measures when working with your personal data.

Remedies

If, in your opinion, the Data Controller has violated a legal provision relating to data processing or has not fulfilled

any of your requests, then in order to terminate alleged unlawful data processing, you can initiate the investigative

procedure of the Hungarian National Authority for Data Protection and Freedom of Information (mailing address:

H-1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838;

+36 (1) 391 1400).

We would also like to inform you that in the event of a violation of the legal provisions on data processing, or if the

Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.

Amendment of the Privacy Policy

The Data Controller reserves the right to modify this data management information in a way that does not affect the

purpose and legal basis of data processing. By using the website after the amendment enters into force, you accept

the amended Privacy Notice.

If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other

than that of their collection, it will inform you, before commencing any further data processing, of the purpose of the

data processing and the information on the following:

the envisaged period of the processing of personal data or, if that is not possible, the criteria used to

determine that period;

the existence of your right to request from the Data Controller access to, rectification or erasure of personal

data or restriction of processing of personal data concerning you, or to object to such processing in the case

of data processing on the grounds of legitimate interest, or to request ensuring data portability in the case of

data processing on the grounds of consent or contractual relationship;

in the case of data processing on the grounds of consent, that you may withdraw your consent at any time,

the right to lodge a complaint with a supervisory authority;

whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite

for concluding a contract, as well as whether you are obliged to provide personal data, and what possible

consequences the failure to provide data may have;

the existence of automated decision-making, including profiling, and, at least in those cases, meaningful

information about the logic involved, as well as the significance and the envisaged consequences of such

processing for you.

The data processing may only be commenced thereafter, and, in the case of data processing on the grounds of

consent, your consent will also be required to the data processing in addition to the provision of the above

information.

Powered by