Name of Data Controller: Stella Zrt. (henceforth referred to as “Controller”)
Address of Data Controller: 1142 Budapest, Szőnyi út 41.
Contact, Customer Service: (06 1) 470 5080, firstname.lastname@example.org
Data Processing and Protection: The data are recorded into the data management system operated and protected by the controller, following the voluntary, informed and definite consent of the users.
The Legal Title of Data Processing: Based on the preliminary, voluntary consent of the data subject.
Data Collection Aspects, the Aim of Data Collection:
Our visitors are required to provide their personal data for registration and login (name, address, phone number, e-mail etc.). The data are utilised by Stella Zrt. solely for the following purposes of data management and collection:
- data processing for the faster, simpler identification and serving of buyers at order execution
- sending adequate information/publicity materials, concrete offers, promotional publications electronically (newsletters, DM letters , short messages)
- notification about prize winning games and related data processing
- data processing related to the sending of personalised offers
- data processing related to the elaboration of delivery agreements and other contract types
- Notifications related to regular customer programmes or other membership based activities
- Processing of data related to product assessments or collected by questionnaires
- Data processing directed to improving the efficiency of marketing and advertising.
Set of Processed Data
E-mail addresses and/ or user names, passwords, personal identification numbers, delivery addresses, phone numbers, depending on the access level selected by the User. Data provided by the User, visible or invisible to others, depending on the decision of the User. When the system is used, the IP address of the User’s computer, the time when the visit to the site started and ended, and in certain cases — depending on the settings of the User’s computer — the type of the browser and of operation system are recorded. These data are automatically logged by the system. The server also records anonymous data, among others the address of the referring webpage, the page to which the user navigated when leaving the page, as well as the IP address of unregistered visitors. Meanwhile, no personal data are recorded.
Within the services, all data processing related to the person in question is carried out based on the voluntary assent of the User. We draw the attention of data providers to the fact that if they do not give their own personal data, it is the obligation of the data provider to obtain the consent of the data subject. In order to make use of the services, cookies must be enabled. In case you would not like to enable cookies on your computer, you can disable them in the settings of your browser. In case cookies are forbidden, certain elements of the service can only be used partially or cannot be used at all. No personal data are stored in cookies. The data recorded when the order is submitted, are stored by the Controller as long as the User does not request their deletion. The data given at the time of the subscription to the newsletter are processed confidentially by the Controller. The possibility to unsubscribe is ensured at the end of every newsletter sent out, and in addition, it can be requested at every contact address or number of the Customer service department.
The Processing of Personal Data:
The above mentioned data will under no circumstances be transferred to third parties by Stella Zrt., with the exception of data transfers required by law. At the request of the authorities, the Controller will only submit personal data to the extent that is absolutely indispensible for the attainment of the purpose of the request – and solely if the authorities have clearly defined the exact aim and scope of the data transfer.
When processing data, Stella Zrt. will ensure the protection of the privacy of the data subjects, the accuracy and completeness of the data, and shall ensure that all such data is updated if that is necessary with regard to the purpose of data processing. Stella Zrt. will also ensure that the data subjects can only be identified to the extent necessary for the purpose of data processing.
For the validity of the legal declaration of consent, given by minors over 16 years of age, the agreement or subsequent approval of the legal representative is not necessary.
Possible data controllers entitled to process data at Stella Zrt. are the following: Katalin Szigligeti, Zsolt Dajka, Edina Czene.
The data processing of Stella Zrt. falls within the scope of registration in the data protection register, an obligation that Stella Zrt. has fulfilled on 16 December 2011, and the issuing of the number assigned in the data protection register is under way.
Stella Zrt. provides for the security of the data and shall take all the necessary measures that can be expected to protect the personal data submitted at registration/ login from unauthorised and illegitimate access, change, transfer, publicity, deletion or destruction.
In the event of the incidental damage or destruction of the database Stella Zrt. does not assume any responsibility for the resulting losses. Furthermore, Stella Zrt. cannot be held responsible for any real or false data submitted by others.
The data necessary for the execution of a given order can be transferred by Stella Zrt. exclusively to its contractual supplier and shipping partners, which are recorded in a data transfer register. The register includes the date when the processed personal data were transferred, the legal ground for and the recipient of the data transfer, the definition of the transferred personal data, as well as the other data defined by the data processing legislation. Stella Zrt. does not transfer data abroad.
Voluntary Assent – Withdrawal:
Those registering/ logging into the webpage or web store of Stella Zrt., by introducing their data, voluntarily agree that the given data be processed by Stella Zrt., in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, for the above mentioned purposes.
They also agree, on grounds of Section 6 of the Act XLVIII of 2008 on Commercial Advertising Activities, to receive newsletters and direct offers by way of direct marketing, respectively consent that their data be processed exclusively in accordance with the above mentioned purposes.
In each of its newsletters and offers, Stella Zrt. ensures the right to immediate unsubscribing and informs the data subject about the possibility to unsubscribe.
The Interval of Data Processing
In the case of data compulsorily given by the User, personal data may be processed by the Controller until the User, in accordance with the present Terms, does not request the anonymisation of the data and the deletion of identification data. The Controller will erase the data based on the voluntary decision of the User, within 8 working days after receiving its deletion demand.
In the case of data provided based on the decision of the User, the interval of data processing lasts until the User decides to keep them in his/her profile, respectively in the case of customised advertisements/ contents until the User does not make use of the unsubscribing possibility ensured by the service provider. The system stores logged data for a period of three years subsequent to the visit to the webpage.
Correction and Deletion of Personal Data
Data subjects can request from Stella Zrt.:
a) information about the processing of their personal data,
b) the correction of their personal data, and
c) the deletion or locking of their personal data – with the exception of compulsory data processing.
Deletion requests must be submitted by e-mail to the following address: email@example.com. Stella Zrt. will update the data tagged as deleted or changed in the Terms of Utilisation as soon as possible, but not later than within 30 days subsequent to the reception of the deletion, correction or locking requests.
Personal data are locked instead of deletion if the data subject requests that, or if based on the available information one could deduct that deletion would harm the rightful interests of the data subject. Such locked personal data can be exclusively processed as long as the data processing aim that excluded the deletion continues to hold.
In case the personal data does not correspond to the facts, and the true data is available, the personal data will be replaced. Stella Zrt. will tag the processed personal data in case the data subject disputes its rightness or accuracy or, but the rightness or accuracy of the disputed personal data cannot be clearly determined.
Stella Zrt. always informs data subjects, and all those to whom the data had previously been transferred for processing, about any correction, locking, or deletion.
The Possibility to Modify Data Processing Regulations
The Controller, with the preliminary advice of the Users, maintains the right to unilaterally modify the present Data Processing Regulations. Users, if choose to utilise the service even if only on a sole occasion following the entry into force of the modification, automatically accept the modified Data Processing Regulations, with all possible changes and modifications.
Definition of Terms
Based on Section 3 of Act CXII of 2011:
1. data subject: any natural person directly or indirectly identifiable by reference to specific personal data;
2. personal data: data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;
7. the data subject’s consent: any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;
8. the data subject’s objection: a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed;;
9. controller: the natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or contracts a data processor to execute it;
10. data processing: any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
11. data transfer: ensuring access to the data for a third party;
12. disclosure: ensuring open access to the data;
13. data deletion: making data unrecognisable in a way that it can never again be restored;
14. tagging data: marking data with a special ID tag to differentiate it;
15. blocking of data: marking data with a special ID tag to indefinitely or definitely restrict its further processing;
16. data destruction: complete physical destruction of the data carrier recording the data;
17. data process: performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
18. data processor: any natural or legal person or organisation without legal personality processing the data on the grounds of a contract concluded with the data controller, including contracts concluded pursuant to legislative provisions;
21. data set: all data processed in a single file;
22. third party: any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor;
23. EEA Member State: any Member State of the European Union and any State which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area, based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area;
24. third country: any State that is not an EEA State.
The Data Subject declares he/she received adequate information related to the above and acknowledges that he/she can unsubscribe from the newsletter service at any time, electronically or by regular mail.
Right Enforcement Opportunities
At the request of the Data Subject, Stella Zrt. shall provide information concerning the data relating to him, including those processed by a data processor on its behalf, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, and – if the personal data of the data subject is made available to others – the legal basis and the recipients.
The Data Subject can exercise right enforcement based on Act CXII of 2011 and the Civil Code in front of a court of justice, respectively can also request the assistance of Stella Zrt. (1142 Budapest, Szőnyi út 41.) in any matter related to personal data.
Should you have any further questions or observations please contact Stella Zrt. at the following e-mail address: firstname.lastname@example.org.
The present Data Protection Regulations entered into force on 12 June 2012, and are valid until cancelled.