Barion Pixel

Data Privacy

DATA PROTECTION POLICY

www.webshop.muuska.hu

Date of publication: 2024.09.20.

INTRODUCTION

The purpose of this policy (hereinafter referred to as “Policy”) is to define the privacy and data policy of MÜÜSKA Kft. (company registration number: 13-09-187995; tax number: 14367995-2-13; e-mail: muuska@muuska.hu; registered office: 2141 Csömör, Bence u. 13.) (hereinafter referred to as “Company”) as the owner and operator of the www.webshop.muuska.hu website (hereinafter referred to as “Website”), which the Company, as the data controller, acknowledges as binding.

This Policy sets out the principles for the processing of personal data provided by users on the Website and provides information to data subjects about the processing of their personal data.

When creating the provisions of the Policy, the Company has taken into consideration the provisions of Regulation 2016/679 of the European Parliament and of the Council (“GDPR“), Act CXII of 2011 (“Infotv.“), Act V of 2013 on the Civil Code (“Civil Code”) and Act XLVIII of 2008 (“Grtv.”).

This Policy regulates the processing of data on the following Website: www.webshop.muuska.hu 

The Data Protection Policy is available at: www.webshop.muuska.hu 

Amendments to this Policy will enter into force upon publication at the above-mentioned Website. 

DETAILS OF DATA CONTROLLER

The Company is the controller of your personal data, which means that the Company is responsible for the lawful processing of your personal data.

You can contact them using the contact details below:

Company name: MÜÜSKA Kft. 

Company registration number: 13-09-187995

Tax number: 14367995-2-13

E-mail: muuska@muuska.hu

Registered office: 2141 Csömör, Bence u. 13. 

A DESCRIPTION OF DATA MANAGEMENT AT THE LEVEL OF EACH DATA MANAGEMENT PROCESS

  • Newsletter

To provide the newsletter service, the Company collects personal data from you. Personal data is collected electronically by filling in the relevant fields and clicking on the button to confirm the subscription.

  • Cookies

The Company places a small data packet (hereinafter referred to as “Cookie”) on the user’s computer to provide a personalized service. The purpose of the cookie is to ensure the highest possible quality of the operation of the site, to provide personalized services and to enhance the user experience. The Cookie can be deleted from the user’s computer, or the user can set his/her browser to refuse the use of cookies. By disabling the use of Cookies, the user acknowledges that the functionality of the site is incomplete without Cookies.

Cookies may be used according to their function as follows:

  • Essential (functional) cookies help you to use our website by enabling basic functions such as site navigation, displaying the site in a language that suits you, and protecting our website from external attacks. Our website cannot function properly without these cookies;

  • Cookies that are used for statistical purposes help us understand how our users use our Website. These Cookies allow us to measure e.g., the number of visitors to the Website, the time spent on it, and to select the most popular content. The data collected by statistical cookies is usually anonymous and does not identify you; 

 

  • We also use Cookies for marketing purposes to track the activities of visitors to our Website. The purpose is to provide relevant advertisements and promotions to individual users on Meta Platform Inc. sites and Google services and to encourage them to act, which makes our Website even more valuable for content publishers and third-party advertisers.

WHAT PERSONAL DATA DO WE COLLECT?

  • Newsletter

The Company collects the following data when you subscribe to its newsletter:

  • name (for your identification);
  • e-mail address (for the purpose of receiving the newsletter).

The above data are considered personal data under both the GDPR and the Infotv.

  • Cookies

The Website runs software that analyses visitor data and receives automatically generated information about visitors; these are:

  • the Internet Protocol (IP) address of the visitor;
  • the date of the visit;
  • details of the pages viewed;
  • the name of the browser program you are using;
  • the preferences of the visitor.

The Website records this information about your visits. Under the provisions of the GDPR, the visitor’s IP address is considered personal data.

FOR WHAT PURPOSES DO WE COLLECT PERSONAL DATA?

  • Newsletter

In connection with the provision of the newsletter service, the purpose of processing personal data is to periodically inform you about promotions currently available at the Company and about information of relevance to the Company for customers.

  • Cookies

The purpose of using cookies:

  • to facilitate the customization of the services and advertisements used by the users of the Website, and to make use of the convenience features;
  • to prepare of statistics and analyzes on Website visits and visitor preferences.

Google Analytics will use this information for the purpose of evaluating and analysing your use of the Website, and that of other data subjects, compiling reports on Website activity and providing other services relating to that and also internet usage.

LEGAL BASIS FOR PROCESSING

The legal basis for processing the personal data specified above is your consent as the data subject, as defined in Article 6 (1) (a) of the GDPR, both for the newsletter service and for the use of cookies. In all cases, the processing is voluntary. You may withdraw your consent at any time.

Consent to the processing of personal data is given by checking the checkbox (consent as described in the Policy) when subscribing electronically to the newsletter, as well as by visiting the Website and using the content there in the case of cookies. You can withdraw your consent to this implicit behavior at any time by deleting the cookies from your computer or by setting your browser to disable the use of cookies.

DURATION OF THE PROCESSING

  • Newsletter

Our Company processes your personal data for the purpose of sending advertising newsletters until you unsubscribe from the advertising newsletter, or otherwise request the deletion or restriction of your personal data or are prohibited from doing so.

  • Cookies

Session cookies are automatically deleted when you close your browser. In all other cases, the Company will process your personal data until the purpose of the cookie is achieved.

For different browsers, see the following links for instructions on how to change your settings:

Google Chrome
https://support.google.com/chrome/answer/95647?hl=hu&co=GENIE.Platform%3D Desktop
Microsoft Internet Explorer and Edge
https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete- manage-cookies
Mozilla Firefox
https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito 

DATA SECURITY MEASURES

Within the Company’s organization, your personal data may only be accessed by Company employees who are involved in the Company’s promotional and marketing activities. The Company treats personal data as confidential data, does not make it public, does not give access to third parties – this does not include the data transmission described in the “Data Transmission” section in this Policy – or to employees of the Company who do not deal with the Company’s promotional and marketing activities.

In both above cases, the recorded personal data is stored on a server accessible only to certain persons, in a password-protected database protected by the most modern firewalls and antivirus software. The database can only be accessed by authorized employees, and the access password is personalized and individual.

DATA PROCESSOR

  • Shipping

Your personal data will be shared within the Company when necessary to achieve the intended purpose. For the same reason, we also share your personal data with our suppliers who perform certain tasks on our behalf, such as fulfilling orders. The Company is always fully responsible for its suppliers.

  • Activity performed by the data processor: delivery of products, transport.
  • The fact of the data management, the scope of the managed data: Delivery name, delivery address, telephone number, e-mail address.
  • Data subjects: anyone who request a home delivery.
  • Purpose of data processing: delivery of the ordered product to your home.
  • Duration of processing, deadline for deletion of data: until the delivery is completed.
  • Legal basis for processing: Article 6 (1) (b) of the GDPR.
  • Hosting provider 
  • Activity performed by the data processor: web hosting service.
  • Name and contact details of the data processor: Websupport Magyarország Kft. (registered office: 1119 Budapest, Fehérvári út 97-99; tax number: 25138205-2-43.).
  • The fact of the data management, the scope of the managed data: all personal data provided by the data subject.
  • Data subjects: anyone who’s using the Website.
  • Purpose of data processing: to make the Website available and to ensure its proper operation.
  • Duration of processing, deadline for deletion of data: until the termination of the agreement between the data controller and the hosting provider or until the data subject’s request for deletion to the hosting provider.
  • Legal basis for processing: Article 6 (1) (c) and (f) of the GDPR and Article 13/A (3) (b) of Act CVIII of 2001.

 

  • Cookie

The Company analyses website traffic data through Google Analytics, a service provided by Google LLC (Google Privacy Center: 1600 Amphitheatre Pkwy, Mountain View, California 94043). The information generated by the Cookies about the use of the Website (the IP address of the Website visitor) is transmitted to and stored by the Website on servers of Google LLC in the USA. Accordingly, the Company expressly draws your attention to the fact that, when using the Google Analytics service, your personal data will be transferred to a third country (USA) within the meaning of the GDPR. Since Google LLC does not process any data for its own benefit, it is considered a data processor.

Google LLC participates in the Privacy Shield, the framework that regulates the transatlantic exchange of personal data for commercial purposes and has completed its compliance with the Privacy Shield (certification date: 25 September 2017). Accordingly, the Company declares that Google LLC, as a data processor, has adequate and appropriate safeguards in place to process your personal data.

DATA TRANSMISSION 

  • Online payment 
  • Activity performed by the recipient: online payment.
  • Name and contact details of the addressee: Barion Payment Zrt. (registered office: H-1117, Budapest, Irinyi József utca 4-20. 2nd floor; company registration number: 01-10-048552).
  • The fact of the data management, the scope of the managed data: billing data, name, e-mail address.
  • Data subjects: all data subjects who choose to pay on the Website.
  • Purpose of processing: to process online payments, confirm transactions and carry out fraud-monitoring to protect users.

 

  • Invoicing
  • Activity performed by the addressee: invoicing.
  • Name and contact details of the addressee: KBOSS.hu Kft. (company registration number: 01-09-303201; tax number: 13421739-2-4)
  • The fact of the data management, the scope of the managed data: billing data, name, e-mail address.
  • Data subjects: all data subjects who choose to pay on the Website.
  • Purpose of the processing: to issue the invoice in accordance with the rules and to invoice the fees resulting from the contract.

YOUR RIGHTS AND REMEDIES

  • What rights do you have as a Data Subject in relation to your data?
  • Right to information and access

You have the right to receive feedback from the Company on request as to whether your personal data is being processed and, if such processing is ongoing, you have the right to access your personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients to whom the personal data are or will be disclosed (including in particular data processors);
  • the intended duration of the storage of the personal data;
  • your rights in the processing of your personal data;
  • the source of the data, if not collected from you;
  • information on automated decision-making.

We will provide you with information about your personal data free of charge in accordance with applicable law. We will respond to your request in writing within one month. At the same time, if the request is obviously unfounded or – especially due to its repetitive nature – excessive, the Company (considering the requested information, the administrative costs associated with providing the information and taking the requested action) can:

  • charge you a reasonable fee, or
  • may refuse to act on the request.

If you have already paid a fee but the processing of your data was unlawful or we need to correct your data because of your request, we will refund this fee to you.

If, despite our efforts to protect your personal data through our advanced data security measures, any unauthorized access, alteration, disclosure, deletion or destruction, accidental destruction or damage, or other unauthorized processing of your data occurs, we will, upon your request, inform you of the circumstances of such an incident, including when it occurred, what the effects may be, and what we have done to prevent or mitigate the consequences.

  • The right to rectification

If the personal data we process is inaccurate, we will correct it at your request without undue delay. You also have the right to ask us to complete your incomplete personal data by means of a declaration to that effect.

  • Right to erasure

The Company will delete your personal data without delay if:

  • personal data are no longer required for the purpose of sending marketing newsletters;
  • the processing of personal data is unlawful;
  • the deletion is necessary to comply with a legal obligation to which the Company is subject;
  • where the consent to the processing of the data of a child under the age of 16 has not been given or authorized by the person having parental authority over the child;
  • where the Company has disclosed the personal data.

You can also ask us to delete your personal data by withdrawing the consent you have previously given to us. In this case, however, we may refuse to continue to provide our services to you or certain services may no longer be available to you.

We will block personal data instead of deleting it if you request it or if it is likely to affect your legitimate interests. We do not process blocked data for the above purposes. We will only process such data for the purpose that precluded deletion.

  • Right to restriction

Restrictions on processing may be imposed if:

  • you dispute the accuracy of your data; in this case, the Company will restrict the processing of your personal data for a period of time until the accuracy of the data is verified;
  • the processing is unlawful you request restriction of use instead of erasure;
  • the Company no longer needs the data, but you need it to bring a legal claim;
  • you have objected to the processing of your personal data, pending the outcome of the consideration of your objection.

The Company will suspend the processing of your personal data for the duration of its objection to the processing of your personal data, but for a maximum of 5 days, and will examine the validity of the objection and take a decision, which will be communicated to you without delay.

If the objection is justified, the data will be restricted by the Company, i.e. only storage as data management can take place as long as

  • you consent to the processing of your data;
  • the processing of your personal data is necessary for bringing a legal claim;
  • the processing of personal data becomes necessary to protect the rights of another natural or legal person; or
  • the processing is required by law in the public interest.

If you have requested the restriction of processing, the Company will inform you in advance of the lifting of the restriction.

  • What happens and what can you do if your request is rejected?

If the Company refuses your request for rectification, restriction, or erasure, we will inform you in writing within one month of receipt of the request why we have been unable to comply with your request and inform you of your legal remedies and that you can report your request to the National Authority for Data Protection and Freedom of Information. Our response will be sent by e-mail if you agree to this.

  • What are your rights if you consider that the processing is unlawful?

If you have concerns about the lawfulness of the processing, you have the right to object to the processing. The objection must include a request that we stop processing your data and delete your data.

If you object to the processing of your personal data, the Company will within one month examine the grounds for the objection, take a decision on the merits and notify you in writing of its decision.

If we find that your objection is justified, we will terminate all processing operations, block the data concerned and notify the objection and subsequent actions to all those to whom we have previously disclosed the personal data concerned by the objection. These recipients are also required to take action to give effect to your objection. If you do not agree with our decision or if the Company does not comply with the one-month time limit above, you may take legal action within 30 days of the date of the decision or the last day of the time limit.

  • What remedies are available to you

If you believe that our Company is processing your personal data in breach of the GDPR, you as the data subject have the right to lodge a complaint with a supervisory authority (i.e. a public authority established by any EU Member State under Article 51 of the GDPR) – in particular in the Member State where you are habitually resident, employed or where the alleged breach occurred. 

In Hungary, the supervisory body established in accordance with the criteria set out in Article 51 of the GDPR is the National Authority for Data Protection and Freedom of Information (hereinafter referred to as “NAIH” or “the Authority”).

According to the GDPR, the relevant supervisory authority is the supervisory authority that is affected by the processing of personal data for one of the following reasons:

  1. the controller or processor is established in the Member State of that supervisory authority;
  2. the processing significantly affects or is likely to significantly affect data subjects residing in the Member State of the supervisory authority; or
  3. have lodged a complaint with that supervisory authority.

Regarding the data processing carried out by the Company, the supervisory authority concerned is the NAIH, given that the Company have their place of business in Hungary and the data processing concerns data subjects who are predominantly resident in Hungary. Accordingly, details of the possibility to lodge a complaint with the NAIH are set out in the following section. Please note, however, that you are nevertheless entitled to lodge a complaint not only with the Authority, but also with any supervisory authority established in an EU Member State, as set out above.

  • Report to the Authority 

Compliance with data protection legislation is monitored by the National Authority for Data Protection and Freedom of Information (“NAIH”). If you consider that our data processing does not comply with the relevant legislation, or if you consider that there is an imminent risk of non-compliance, you can notify the Authority using the following contact details.

Authority name: National Authority for Data Protection and Freedom of Information (“NAIH”)

Postal address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.

E-mail: ugyfelszolgalat@naih.hu

Phone number: +36 1 391 1400

Fax number: +36 1 391 1410

More information on data protection issues can be found on the Authority’s website: http://naih.hu/

Please also note that our Company is obliged to notify the Authority of any data breach (i.e. accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data) relating to the Website without undue delay and, if possible, no later than 72 hours after the data breach comes to its attention. If the personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, our Company will inform you as a data subject of the personal data breach without undue delay.

  • Judicial enforcement

If you believe that we have violated your right to privacy or that our decision to object or not to respond to your objection was wrong, you can take us to court. You can also choose to bring your case in the courts in the place where you live or where you are resident.

In addition, under the conditions set out in the law, if we cause you damage because of unlawful processing or a breach of data security requirements, you may bring a claim for damages against the Company in court. If your privacy rights have been violated, you may be entitled to damages, which you may also claim in court. We are responsible for our data processors in this area.