Dear Sir / Madam,
SIMPLEPAY Data transmission Statement
I acknowledge the following personal data stored in the user account of Schmaler Petra sole trader (9422 Harka, Örs utca 4., Tax No.:69392973-1-28, Reg.No.:53117461, “Small Tax payer”) in the user database of https://lapetra.hu will be handed over to OTP Mobil Ltd.
and is trusted as data processor. The data transferred by the data controller are the following:
- Email address
- Telephone number
- Delivery data
- Invoice data
The nature and purpose of the data processing activity performed by the data processor in the
Schmaler Petra sole trader (9422 Harka, Örs utca 4., Tax No.:69392973-1-28, Reg.No.:53117461, “Small Tax payer”), as data controller, acknowledges the content of this legal notice as binding. The Data Controller deals with the sale of products, jewelry, performing a significant part of the activity by providing a more flexible purchasing opportunity for the customers (stakeholders), via the Internet and a webshop. It is essential for this activity to obtain certain personal information from the customers.
The Data Controller is committed to protecting the privacy, rights and fundamental freedoms of its clients, and it is of utmost importance to respect their clients’ right to self-determination. The Data Controller shall keep the personal data of the clients confidential and shall take all security, technical and organizational measures that guarantee the security of the data.
This notice is also intended to set forth the data protection and data management principles and data protection and data management policies applied by the Data Controller in connection with the sales activities of the Data Controller. Please be advised that the one acting as an agent for the sales activities of this webshop is Petra Schmaler.
The Data Controller undertakes to ensure that all data management related to its activities comply with the requirements set forth in this Policy and applicable legislation.
Data management reserves the right to alter this information at any time unilaterally. Data Controller will inform the customers in due time of any changes.
If you have any questions regarding this notice, please write to us:
Any natural person identified or directly or indirectly identifiable on the basis of personal data affected by the application of these Rules.
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); identifiable by a natural person who, directly or indirectly, in particular by virtue of one or more factors such as name, number, position, online identification or physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person identified;
“Data management” means any operation or combination of operations carried out on an automated or non-automated basis in personal data or files, including the collection, recording, filing, sorting, storing, altering or altering, retrieving, accessing, using, communicating, transmitting, distributing or by making available by any means, coordination or interconnection, restriction, deletion or destruction;
“Restriction of data management” means the marking of stored personal data with the aim of limiting their processing in future;
“Data Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of data processing are determined by Union or Member State law, the controller or the specific criteria for designating the controller may be defined by Union or Member State law;
“Data Processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
“Restriction of data management” means the marking of stored personal data with the aim of limiting their processing in future;
“Profiling” shall mean any form of automated processing of personal data for the purpose of assessing personal data relating to an individual, in particular with regard to work performance, economic situation, health, personal preference, interest, reliability, behavior, location or movement, used to analyze or predict related characteristics;
“Pseudonymisation” means the processing of personal data in such a way that it is no longer possible to ascertain, without further information, which specific individual is the individual, provided that such additional information is stored separately and by technical and organizational measures; it is ensured that such personal data cannot be linked to identified or identifiable natural persons;
“Filing system” means a collection of personal data, in whatever form centralized, decentralized or functional or geographical, accessible according to specified criteria;
“Recipient” shall mean any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities which have access to personal data in the framework of a specific inquiry in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
“Third Party” means any natural or legal person, public authority, agency or any other entity that is different from the data subject, the data controller, the processor and the persons who are under the direct control of the data controller or processor got authorization to manage the processing of personal data they got;
“Consent of the data subject” means the voluntary, explicit and unambiguous expression of the will of the data subject, by which the data subject signifies his or her consent to the processing of personal data concerning him or her by means of a statement or an unequivocal act of confirmation;
“Data incident” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed.
“Data security” means the set of organizational, technical and procedural rules against the unauthorized processing of personal data, in particular the acquisition, processing, alteration and destruction of personal data: the state of data management in which organizational, technical, and measures are reduced to a minimum.
“Hardware device” means any device intended to ensure the continuous operation of an information system, or which is intended to provide backup or backup copies of data and which is intended to protect the computer against external influences, electronically or otherwise.
“Communication device” means any technical device, technological process, which is capable of transmitting or receiving signals, data or information to one or more recipients.
“Right to self-determination of information” means the right to the protection of personal data as guaranteed by the VI. Article of the Fundamental Law that everyone has the right to disclose and use their personal data.
1. Name of data controller: Schmaler Petra sole trader.
2. Address of data controller: 9422 Harka, Örs utca 4.
3. contact: firstname.lastname@example.org
4. Legal basis for data processing: Voluntary consent of the data subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46 / EC (General Data Protection Regulation, GDPR) pursuant to Article 6 (1) (a).
Stakeholders give their consent by means of the following legal acts:
by accepting a privacy notice through a checkbox when you visit this page
by checking the required checkbox when registering for the website
during the purchase, by starting the purchase process
like social networking sites, posting opinions, comments
The provision of data is voluntary but failure to do so may hinder the provision of the service.
5. The range of processed data:
The Data Controller shall conduct data management in the following cases:
by registering on lapetra.hu and lapetra.eu
View facebook, instagram’s profile
during commercial sales
to fulfill its statutory accounting and tax obligations.
The purpose of the Data Controller is to seek the consent of the data subject in order to handle only the most necessary personal data in all data processing.
Mandatory information provided by stakeholders during online registration and purchase (contracting):
The purchase is not mandatory, only voluntarily provided data:
Data Required for Commercial Sales:
the name of the sole trader / company in the case of a company and the name of its representative or contact person
phone number: in case of consent
email: subject to consent
6. Purpose of data management:
The purpose of the Data Controller’s activities and thus of the data management is to fulfill the contracts and orders with the data subjects, therefore data controller operates 1 webshop in Hungarian, English and German language and a Facebook site. The instagram social networking site is only an advertising space for the business only, without sales activity. The purpose of the webshop provided by the Data Controller is to fulfill the contracts and orders of the registered and contracting clients. The data provided will not be passed on to anyone other than the Data Controller, and will only be handled by the Data Controller’s sales representative, and will only be passed on to those designated as data processors. The Controller will not use personal information for any purpose other than those stated. Personal data will not be passed on to third parties. This does not apply to any transfer of data required by law or to mail delivery. Stakeholders may request information about the management of their personal data at any time in writing, by registered mail or by registered letter with acknowledgment of receipt, or by email to email@example.com. A request for information sent by e-mail will only be considered authentic by the Data Controller if it is sent from the recipient’s registered e-mail address. In data processing by the Data Controller, the data are stored on servers in Hungary and are not transmitted to a data controller or processor in a third country.
7. Technical data
The Data Controller and the server provider protect the data by appropriate measures (eg encrypted password sending) against unauthorized access, alteration, transmission, disclosure, deletion or destruction and accidental destruction.
The Data Controller shall ensure that the security of data processing is protected by technical, organizational and organizational measures that provide a level of protection appropriate to the risks presented by the data processing.
The Data Controller shall maintain confidentiality during the data management process: protect the information so that only authorized persons have access to it;
integrity: protects the accuracy and completeness of the information and the method of processing;
Availability: Ensures that when an authorized user needs it, they can truly access the information they need and have the tools to do so.
8. Duration of data management:
The Data Controller is entitled to handle the data provided by the data subject during the registration until the data subject has withdrawn his or her consent. The Data Controller will allow the data subject to disable such data processing for the entire duration of the data processing by declaring such content to firstname.lastname@example.org
The Data Controller deletes the data provided during the registration at the discretion of the Data Controller, within 5 working days of receipt of its request for deletion, unless it is enforced by the Data Controller himself or herself (for 1 year from the date of performance of the contract),
Az érintett önkéntes döntése alapján, törlési igényének beérkezésétől számított legkésőbb 5 munkanapon belül az Adatkezelő törli a regisztráció során megadott adatokat, kivéve, ha azokat az Adatkezelő saját vagy az érintett jogainak érvényesítése (szerződés teljesítésétől számított 1 évig), or in order to fulfill its legal obligations (in order to fulfill its tax payment and related accounting obligations on the invoice issued for a period of 8 years from the date of issue), or is obliged to manage it. The Data Controller is required by the Taxation Act CL of 2017 to keep the data of the data subject for eight years.
In the case of a commercial sale, the data of the data subject will be deleted after 1 year from the fulfillment or failure of the last order if no further order is received by the Data Controller. In addition, the Data Controller shall delete the data provided by the Data Controller voluntarily, within 5 working days of receiving his or her request for deletion, unless they are enforceable by the Data Controller or by the Data Controller (for 1 year from performance of the contract), or in order to fulfill its legal obligations (in order to fulfill its tax payment and related accounting obligations on the invoice issued for a period of 8 years from the date of issue), or is obliged to manage it. The Data Controller is required by the Taxation Act CL of 2017 to keep the data of the data subject for eight years.
9. Cancellation of Personal Data:
You must send a request for deletion of your personal information to email@example.com. Upon receipt of a request for deletion, the Data Controller shall promptly review the relevant data in accordance with paragraph 8 and then delete the data required for deletion within 5 working days of receipt of the request. Once deleted, the deleted data cannot be recovered.
10.Name and contact details of Data Processors:
Place of business: 9422 Harka, Borostyán körút 55/B.
3in1 Hosting Számítástechnikai és Szolgáltató Bt.
Place of business: 2310 Szigetszentmiklós, Brassó utca 4/A.
Accountant: Invoices issued will be sent to her
Reisner Csabáné e.v.
9422 Harka, Szeder u. 6.
Postal delivery service:
Magyar Posta Zrt.
Headquarter: 1138 Budapest, Dunavirág utca 2-6.
Company registration number: Cg. 01-10-042463
11. Purpose of data processing:
Perform technical tasks related to data management operations. Perform deletion requests to firstname.lastname@example.org.
The processing of data by the accountant shall take place in order to meet the obligations under the tax legislation.
Mail delivery is used to fulfill orders.
12. Provisions for data security:
The Data Controller stores personal data in the territory of the Republic of Hungary on a server owned by 3in1 Hosting Bt. All data provided by the customer during the conclusion of the contract shall be stored by the Data Controller on a secure, locked server. The data provided by the customer shall be accessible only to Petra Schmaler, the Data Controller, who shall protect the IT equipment used by the password with a password which shall be changed periodically in accordance with its internal regulations.
Paper-based data stored in a lockable room, lockable cabinet.
13.Data management related to the appearance of the website
1) It is possible to view content published on lapetra.hu and lapetra.eu without anyone entering personal information. The privacy notice is also available on the link next to the checkbox for accepting it for unregistered visitors to the website, and the visit requires its acceptance as the website stores certain personal data without registration. (IP address) using the tracking code, conversion tracking, or analytics software it uses (Google Analytics and remarketing code).
Purchase of products advertised on the web sites is subject to registration with the information in section 5.
2) The Data Controller uses and stores the questions, ideas, suggestions, comments submitted in the e-mail initiated through the Website for purposes of efficiency improvement, process, product and service development and market research. The provision of such data is voluntary and your consent to the processing of data for these purposes will be deemed by the Data Controller by sending an email. E-mails containing ideas, opinions or comments will be retained by the Controller for a maximum of 1 year, if the purpose of data management ceases to exist, then the E-mail will be deleted.
In the case of payment of the purchase price by “advance payment” or “credit card payment”, the informant shall ensure that the consent necessary for the data processing is obtained, if he / she does not communicate his / her personal data to the Data Controller.
4) Data management in case of children
The Data Controller pays special attention to the protection of the interests of children in order to comply with data protection regulations.
Please note that on lapetra.hu and lapetra.eu a
registration is possible from the age of 16, which must be declared using the relevant checkbox.
However, the Data Controller has no physical or legal opportunity to verify the age of the data subject who initiated the registration.
Webshop shopping is possible from the age of 18, for this purpose it is necessary to make a statement about the age of the person initiating the purchase using the relevant checkbox. However, the Data Controller has no physical or legal opportunity to verify the age of the data subject who initiated the registration.
The Data Controller will directly contact the parties ordering on its website by e-mail or sms, and the Controller considers its consent to this by providing the e-mail address or telephone number, which consent may be withdrawn at any time. The Data Controller may send a message to the data subject, which contains information related to the use of the service in order to use the service. In the event that the data subject protests against this form of communication, the Data Controller shall contact the data subject by post at the delivery address given by the data subject.
5) Applying a cookie
A “cookie” is file with variable content made of letters and numbers sent by a web server and stored on a user’s computer for a predetermined period of time. A cookie allows our web server to recognize your browsing device, your browsing history on a web page. Their purpose is, among other things, to help identify the visitor, personalize the content,
Cookies allow us to get a picture of a user’s website visit, internet usage and history. Cookies do not contain any information that identifies the visitors to the website, they are only used to identify the user’s computer.
If you need more information about these “cookies” and how they work, you can find detailed information at www.allaboutcookies.org or www.aboutcookies.org.
Acceptance of your visit to this website
When you visit our site, the site collects data using the cookies described above.
If you disable or delete cookies on your computer in your browser, limiting the use of the website (or portions thereof) may result in the loss of the settings you previously made on that website. The websites mentioned under point 1 contain more information on this subject as well.
6) Cookies used on our website
6.1. Essential cookies
These cookies are required to enable the user to navigate through the pages / subpages and, where appropriate, to access protected content (eg only accessible to registered users).
6.2. Functional cookies
These cookies are needed to collect information about the user’s website usage (eg language used).
6.3 Google Analytics cookies
The information we use in this way is mainly used to improve and optimize the operation of our website, making it as user-friendly as possible.
14. Social network presence and marketing (Facebook and Instagram)
Legal basis for data management: Data management related to the Data Controller’s profile on social networking sites is based on voluntary consent. When ordering through the facebook page store, the shop will be shifted to the website by the shop or give you the opportunity to contact privately via Facebook Messenger.
2)Purpose of data management: Sharing the content of the Data Controller’s website through social networking sites, raising awareness, marketing.
Data processed and their purpose:
Data – Purpose
used photo identification
comment comment – express a comment
rating – expressing opinion, mood
question / request content – response input data
3) Stakeholders: Any natural person who visits, follows, likes / dislike the content of the Controller’s social networking sites, shares them in whole or in part with his friends.
4) Duration of data management: Until unsubscribe.
15. Business correspondence
15.2 The company uses the mail system provided by 3 in 1 Hosting Bt. For its correspondence (email@example.com).
16. Amendment of the privacy rules:
The Data Controller reserves the right to unilaterally change its data management rules and thereby this notice without notice to the client. By using the service after the change comes into effect, you agree to the modified privacy notice.
17. Users’ rights regarding the management of their personal data:
The data subject may request information on the processing of his or her personal data, and may request the rectification, deletion, cancellation of his or her personal data, except for mandatory data processing, exercise his or her right to data storage and protest as indicated at data collection.
Right of information
The Data Controller shall take appropriate measures to ensure that all data relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR and each information under Articles 15 to 22 and 34 of the GDPR are concise, transparent, provide it in a clear and easily accessible form, in clear and unambiguous terms.
The data subject ‘s right of access
The data subject shall have the right to receive feedback from the controller that his or her personal data is being processed and, if so, to have access to the personal data and the following information: purposes of the data processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third-country recipients or international organizations; the envisaged period for which the personal data will be stored; the right to rectification, erasure or restriction of data management and the right to object; the right to lodge a complaint to the supervisory authority; information on data sources; the fact of automated decision-making, including profiling, and understandable logic and the importance of such data management and the expected consequences for the data subject. The controller shall provide the information within a maximum of one (1) month from the submission of the request.
Right of rectification
The data subject may request the correction of inaccurate personal data processed by the Data Controller and the completion of incomplete data.
Right to erasure (“the right make it to forget”)
The data subject shall have the right to delete the personal data relating to him or her without undue delay upon his or her request for any of the following reasons:
personal data are no longer needed for the purpose for which they were collected or otherwise processed;
the data subject withdraws his consent as the basis for the processing and there is no other legal basis for the processing;
the data subject protests against the data processing and there is no overriding legitimate reason for the data processing;
unlawful processing of personal data;
personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the controller;
personal data was collected in connection with the provision of information society services.
Deletion of data cannot be initiated if data management is required:
for the exercise of the right to freedom of expression and information;
to fulfill an obligation under the Union or national law applicable to the controller for the processing of personal data or to perform a task in the public interest or in the exercise of official authority vested in the controller;
public health, or for archival, scientific and historical research or statistical purposes in the public interest; or
for the filing, enforcement or defense of legal claims.
Any request to delete a user’s personal or special information must be sent to firstname.lastname@example.org by email. The Service Provider deletes the data within 5 working days of receiving the request for deletion. Once deleted, the displayed data cannot be recovered.
Right to restrict data management
At the request of the data subject, the Data Controller shall restrict data processing if any of the following conditions are met:
the data subject disputes the accuracy of the personal data, in which case the limitation relates to the period during which the accuracy of the personal data can be verified;
the data processing is unlawful and the data subject opposes their erasure and requests the restriction of their use instead;
the data controller no longer needs personal data for the purpose of processing, but the data subject requires them to make, assert or defend a legal claim; or
the data subject objected to the processing; in this case, the restriction shall apply for a period until it is established whether the legitimate grounds of the controller prevail over those of the data subject.
Where data processing is restricted, personal data, other than storage, will be obtained only with the consent of the data subject, or for the purpose of submitting, enforcing or defending legal claims, or to protect the rights of any other natural or legal person, or for reasons of overriding public interest in the Union or a Member State.
Right to Carry Data
The data subject shall have the right to receive the personal data relating to him which he has made available to the controller in a structured, widely used, machine-readable format and to forward such data to another controller.
Right to protest
The data subject shall have the right to object at any time to the processing of his or her personal data in the public interest or in the exercise of official authority vested in the controller, or any treatment necessary to assert the legitimate interests of the controller or of a third party, including profiling based on those provisions. In the event of a protest, the controller may not further process the personal data unless it is justified by overriding legitimate reasons, which are overriding the interests, rights and freedoms of the data subject or related to the filing, enforcement or defense of legal claims.
Automated decision-making on individual issues, including profiling
The data subject shall have the right not to be subject to any decision based solely on automated data management, including profiling, which would have legal effects or be substantially affected by him.
Right of withdrawal
The data subject shall have the right to withdraw his or her consent at any time without giving any reason. You can exercise these rights at email@example.com.
18. Enforcement options:
If the User discovers a violation of his / her rights during data processing, he / she has the following options:
you can contact the Data Controller directly by mail or email at the following contact: firstname.lastname@example.org
you can go to court in case of unlawful processing of your data and violation of data security requirements. You may be entitled to compensation and damages as provided by law. Information on the jurisdiction and contact details of the court can be found at the following website: www.birosagok.hu
you may lodge a complaint with the relevant supervisory authority, the National Data Protection and Freedom of Information Authority [NAIH]. Contact details of NAIH: Headquarters:: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c. Tel.: 06-1-391-1400 Email: email@example.com, Website: www.naih.hu