PRIVACY POLICY
**Privacy Policy**
**PURPOSE OF THE PRIVACY POLICY**
Mészáros Nándor, a sole proprietor (tax number: 90286984-1-25), hereinafter referred to as the Service Provider or Data Controller, acknowledges that the content of this legal notice is binding upon him. The Service Provider undertakes that all data processing related to his activities will comply with the provisions of this policy, applicable national laws, and the legal acts of the European Union.
The Service Provider's data protection guidelines related to data processing are continuously available at https://burzsuj.com/pages/adatvedelem.
The Service Provider reserves the right to amend this notice at any time. In case of any changes, the public will be duly informed.
If you have any questions related to this notice, please feel free to contact us, and we will answer your inquiry.
The Service Provider is committed to protecting the personal data of its clients and partners, and places great importance on respecting the right to informational self-determination of its clients.
The Service Provider handles personal data confidentially and takes all necessary security, technical, and organizational measures to ensure data security.
The Service Provider hereby presents its data processing practices.
**DATA CONTROLLER DETAILS**
Service provider name: Mészáros Nándor
Service provider headquarters: 3936 Háromhuta, Rákóczi Ut 19.
Service provider contact information and regular email address for communication with customers: burzsujshop@gmail.com
Tax number: 90286984-1-25
Language of the contract: Hungarian
Phone number: +36 30 728 0307
Website: burzsuj.com
Our hosting provider:
|
Shopify Inc |
150 Elgin St, Suite 800, Ottawa, ON, K2P 1L4, Kanada |
During data processing - to provide high-quality service to our clients - the following data processors are used:
|
Mészáros Nándor |
3936 Háromhuta, Rákóczi Ut 19 |
T**Hosting service, database maintenance and processing, report generation** |
**Data processors related to payments and shipping:**
|
Billingo Technologies Zrt. |
1133 Budapest, Árbóc utca 6. I. emelet |
Billing |
|
Stripe Payments Europe, Limited |
The One Building, 1 Grand Canal Street Lower, Dublin |
Bcard payments |
Purpose of data processing, legal basis, and duration
|
Activity Name and Purpose of Data Processing |
Legal basis |
PROCESSED DATA |
Time |
|
illing, Pro Forma Invoice, and Invoice Issuance |
Legitimate Interest of Our Company, Legal Obligation |
First Name, Last Name, Company Name, Phone Number, City, Postal Code, Street, House Number, Tax Number |
8years |
|
Delivery, Transportation of the Product to the Customer |
The Legitimate Interest of Our Company, Legal Obligation |
First Name, Last Name, Company Name, Phone Number, City, Postal Code, Street, House Number |
5years |
**If the scope of our data processors changes, the changes will be immediately reflected in this notice.**
**Data Managed by Us:**
|
**NAME OF ACTIVITY AND PURPOSE OF DATA PROCESSING** |
**Legal Basis** |
**Processed Data** |
**Duration** |
|
**Website Visit.** The purpose is to ensure the proper and high-quality operation of the website, to monitor and improve the quality of our services, to identify malicious visitors attacking our website, to measure traffic, and for statistical purposes. |
**The Legitimate Interest of Our Company** |
**IP address, the date and time of the visit, data of the visited subpages, the operating system, and the type of browser used by you.** |
1 month |
|
**Registration on the Website.** The purpose is to provide our visitors with a more comprehensive user experience. Identification required for access to different permission levels. |
**Consent** |
**First Name, Last Name, Company Name, Phone Number, City, Postal Code, Street, House Number, Tax Number, Username, Email** |
**Until the deletion of the registration or the withdrawal of consent** |
|
**Administration, Response to Complaints and Feedback.** The purpose is to handle complaints and feedback and provide appropriate responses. |
**Legal Obligation** |
**Full Name, Email Address, Phone Number, Mailing Address, Other Personal Message** |
5 years |
**Website Privacy Policy Summary**
We request personal data from our website visitors only when they wish to register, make a purchase, log in, or participate in a prize draw. The personal data provided during registration or when using our marketing services will not be linked, and identifying our visitors is not our primary goal. If you have any questions about data processing, you can contact us at burzsujshop@gmail.com, and we will respond within a month at the contact details provided.
**Technical Data**
The service provider selects and operates the IT tools used for personal data processing during the service delivery in such a way that the processed data:
- Is accessible to authorized persons (availability)
- Has its authenticity and verification ensured (data processing authenticity)
- Is verifiable for integrity (data integrity)
- Is protected against unauthorized access (data confidentiality).
The service provider takes appropriate measures to protect the data from unauthorized access, alteration, transmission, disclosure, deletion, destruction, and accidental loss.
The service provider ensures data security through technical, organizational, and procedural measures that provide a level of protection corresponding to the risks associated with data processing.
The service provider will protect:
- Confidentiality: ensuring that only authorized persons can access the information.
- Integrity: ensuring the accuracy and completeness of the information and processing methods.
- Availability: ensuring that authorized users can access the information when needed and have the necessary tools available.
**Purpose, Method, and Legal Basis for Data Processing**
General Data Processing Guidelines:
Data processing by the Data Controller is based on voluntary consent and legal authorization. For data processing based on voluntary consent, individuals may withdraw their consent at any stage of the process.
In some cases, processing, storage, and transmission of certain data may be mandatory under applicable laws, in which case we will inform our customers separately.
We would like to remind those providing data to the Data Controller that if they provide someone else’s personal data, they must obtain the consent of the affected individual.
Our data processing principles comply with applicable data protection laws, including:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
- The European Parliament and Council Regulation (EU) 2016/679 (GDPR)
- Act V of 2013 on the Civil Code (Ptk.)
- Act C of 2000 on Accounting
- Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorism Financing
- Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises
**Physical Storage of Data**
Your personal data may be collected in the following ways: through the internet connection you use (including your computer, browser, and IP address) and automatically generated technical data related to the visited pages, or you may provide your name, contact details, or other personal information if you wish to engage with us directly.
**Rights of Data Subjects and Enforcement Options**
Data subjects have the right to request information about the processing of their personal data, request corrections, and – except for mandatory processing – deletion, withdrawal of consent, exercise of the right to data portability, and object to data processing.
- **Right to Information**: The Data Controller provides clear, accessible information in accordance with GDPR Articles 13 and 14.
- **Right of Access**: The data subject has the right to access their personal data and information about the processing, including the purposes, recipients, storage duration, and data sources.
- **Right to Rectification**: The data subject may request the correction of inaccurate data or the completion of incomplete data.
- **Right to Deletion**: The data subject has the right to request the deletion of their personal data in certain circumstances (e.g., if data is no longer necessary for its purpose, or if consent is withdrawn).
- **Right to Restriction of Processing**: The data subject may request a restriction on the processing of their personal data.
- **Right to Data Portability**: The data subject may request the transfer of their personal data to another data controller in a commonly used format.
- **Right to Object**: The data subject may object to data processing based on public interest or legitimate interest, including profiling.
- **Right to Withdraw Consent**: The data subject can withdraw consent at any time.
- **Right to Approach a Court**: If the data subject's rights are violated, they may approach a court.
- **Right to Appeal to Supervisory Authorities**: Complaints can be filed with the National Authority for Data Protection and Freedom of Information.
**Data Protection Authority Procedure**
Complaints can be submitted to the National Authority for Data Protection and Freedom of Information:
- Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
- Postal address: 1530 Budapest, Pf.: 5.
- Email: ugyfelszolgalat@naih.hu
**Other Provisions**
We will notify you about any data processing not listed in this notice at the time of data collection. We reserve the right to modify this Privacy Policy, and any changes will be communicated appropriately to the concerned parties.
Effective date: July 22, 2024.