Privacy policy

Last updated: August 19, 2024

This Privacy Policy describes how Cleaning Stuff EU (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from cleaningstuff.eu (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please read this Privacy Policy carefully.

1. Identification and contact details of the Data Controller 

OLDB EUROPE Ltd. (Kft.) 
Registered office. 3., Budapest 1078 
Tax number: 32008681-2-42  / HU32008681
Registration number: 32008681-4791-113-01 
Contact: info@cleaningstuff.eu / info@oldb.cz / info@scrubdaddy.cz
Phone number: +36 (30) 649-8022  
Registering authority: Fővárosi Törvényszék Cégbírósága 
Data on the hosting company: Shopify Inc.  
Company name of the data controller: OLDB EUROPE Kft. (hereinafter referred to as: "Data Controller") 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide or improve or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

  • Contact details including your name, address, phone number, and email.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account information including your username, password, security questions and other information used for account security purposes.
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect about Your Usage

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Companies who support our Site and Services, such as Shopify.
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.
  • When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. Also see the section below, Third Party Websites and Links.

How We Use Your Personal Information

  • Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, to send notifications to you related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and other features and functionalities related to your account.
  • Marketing and Advertising. We may use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in selling our products, according to Art. 6 (1) (f) GDPR.
  • Security and Fraud Prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in keeping our website secure for you and other customers, according to Art. 6 (1) (f) GDPR.
  • Communicating with You and Service Improvement. We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you according to Art. 6 (1) (f) GDPR.

Cookies

Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for contract fulfillment purposes, legitimate purposes and other reasons subject to this Privacy Policy. Such circumstances may include:

  • With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.
  • With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

We disclose the following categories of personal information and sensitive personal information about users for the purposes set out above in "How we Collect and Use your Personal Information" and "How we Disclose Personal Information":

Category Categories of Recipients
  • Identifiers such as basic contact details and certain order and account information
  • Commercial information such as order information, shopping information and customer support information
  • Internet or other similar network activity, such as Usage Data
  • Geolocation data such as locations determined by an IP address or other technical measures
  • Vendors and third parties who perform services on our behalf (such as Internet service providers, payment processors, fulfillment partners, customer support partners and data analytics providers)
  • Business and marketing partners
  • Affiliates

We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

With your consent we share personal information for the purpose of engaging in advertising and marketing activities, as follows.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your Rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know: You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.
  • Right to Delete: You may have a right to request that we delete personal information we maintain about you.
  • Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
  • Right of Portability: You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to Opt out of Sale or Sharing or Targeted Advertising: You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser that you use to visit the Site.
  • Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.
  • Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent.
  • Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.
  • Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

International Users

Please note that we may transfer, store and process your personal information outside the country you live in. Your personal information is also processed by staff and third party service providers and partners in these countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at info@cleaningstuff.eu or contact us at Nefelejcs utca 7, OLDB EUROPE KFT. HU32008681, Budapest, 1184, HU.

For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal information.

 

General information

The following information is provided by OLDB EUROPE Kft. (head office: 1078 Budapest, Nefelejcs utca 7. 2. floor. 3. door; Company Registration No.: 01-09-402368; "Data Controller"), operates the website www.scrubdaddy.hu/www.cleaningstuff.hu/oldb.hu and is intended to inform the data subjects (i.e. you as an individual visiting our website).

It also contains information about the IP addresses recorded when you visit the website.

We aim to provide accurate and fully compliant information about why and how we process the personal data of individuals who interact with the Data Controller through our website.

This notice has been prepared primarily in accordance with the following legislation:

Regulation 2016/679 of the European Parliament and of the Council ("GDPR");
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("the Information Act");
Act C of 2003 on Electronic Communications.

Information about the controller:

The name of the data controller is OLDB EUROPE Kft.

Contact details of the data controller: info@cleaningstuff.eu

Other contact details of the controller: +36 (30) 649-8022

 

Capturing IP addresses

An IP ("Internet Protocol") address is a unique set of numbers assigned to each device connected to the Internet. The IP address identifies the device you use to browse the Internet and allows it to communicate with other devices. To the extent that the IP address can identify the user (i.e. you) (either by the IP address alone or in combination with other information), the IP address may also be considered personal data.

Some cookies used on the Data Controller's website, if you have enabled them in the cookie settings, record the IP address of the device from which you have visited the website because this is necessary for their functioning. The IP address is recorded by cookies used on the website by Facebook, Google, YouTube and others.

However, the Data Controller is not able to identify you from the IP addresses collected on the website alone, it does not have a record of IP addresses and cannot target specific IP addresses. Consequently, you cannot be identified by the IP address of the Data Controller.

 

Data management in relation to cookies

A cookie is a small text file that the website you visit stores on your computer or other device used to browse the internet. Your device stores the cookie for a set period of time. This allows the website you visit to "remember" certain information and settings (e.g. language, font size and other display settings) for that period.

 

Types of cookies used

The cookies used on this website fall into the following categories:

cookies that are essential for the functioning of the website. They are strictly necessary for the technical functioning of the website (e.g. for the correct display of graphical content, navigation) and cannot be disabled, but they do not collect any information that could be considered as personal data;
performance and statistical cookies. They are used for the statistical, anonymous measurement of the number of visits to the website and the activity of users on the website, in order to continuously improve the effectiveness of the website. They can be disabled in the cookie settings;
cookies related to personal preferences - they are used to enhance the website experience by remembering certain information about the appearance and functioning of the website that you prefer. They can be disabled in the cookie settings;
marketing cookies - they track the activity of users visiting the website through profiling, helping to ensure that the most relevant, personalised content is displayed for that user.
The exact names and characteristics of all cookies used on our website can be found in the cookie authorisation area of our website.

 

Legal basis for cookie-related processing

With the exception of cookies that are essential for the functioning of the website (which are based on our legitimate interest in the functioning of the website), the legal basis for the use of cookies is your explicit and duly informed consent.

Cookies based on consent will only be used if you have given your consent to their use in the relevant interface. You can change your settings - and withdraw your consent in this context - at any time.

 

Managing cookies in your browser

In addition to a website's cookie settings, most browsers also provide the ability to view, manage, delete and disable cookies from a particular website. Remember, if you delete all cookies, you will lose the settings stored in them.

 

Sharing cookies with other data controllers

We share information about your website usage with our social media, advertising and analytics partners, and our partners may combine it with other information that you have provided to them or that has been collected in connection with other services you have used.

If this information constitutes personal data, the operations described in the preceding paragraph constitute separate processing by our partners.

 

Rights concerned

Based on the legislation in force, taking into account the specificities and legal basis of cookie processing, you have the following rights in relation to the processing of your personal data. This section summarises your rights in general terms, and the following sections describe the conditions under which you may exercise each right.

You have the right to ask the Data Controller to access, rectify, erase or restrict the processing of personal data concerning you, and to make them available in machine-readable form, provided that this does not interfere with the legal limits on the exercise of these rights.
You have the right at any time to lodge a complaint with a supervisory authority and to seek judicial redress.
Please note that the exercise of the rights detailed here may be affected by the technical specificities of cookie processing.

 

The right of access

You may at any time request information on whether and how your personal data are processed by the Controller, including the purposes of the processing, the recipients to whom your data have been or will be disclosed, the source from which the Controller obtained your data, the retention period of the data, your rights in relation to the processing and, in the case of transfers to third countries or international organisations, information on the safeguards relating to the transfer.

In exercising your right of access, you also have the right to request a copy of your personal data processed. In the event of a request made by electronic means, the Data Controller will provide the requested information electronically (in the form of an email or pdf file), unless you request otherwise. Where your right of access adversely affects the rights and freedoms of others, the Controller shall be entitled to refuse to comply with your request to the extent necessary and proportionate.

 

The right to rectification

The Data Controller will correct or complete personal data concerning you upon your request (e.g. in case of a change of data), if this is possible taking into account the technical specificities of the processing. If there is doubt about the corrected data, the Controller may request you to provide the Controller with evidence of the corrected data in an appropriate manner, in particular by means of a document. Where the personal data concerned by this right have been communicated by the Controller to another person, the Controller shall inform such recipients without undue delay after the rectification of the data, provided that this is not impossible or involves a disproportionate effort.

Upon request, the Controller shall provide information on the recipients.

 

Right to erasure ("right to be forgotten")

If you request the erasure of any or all of your personal data, the Controller will erase it without undue delay if:

the Controller no longer needs the personal data for the purposes for which it was collected or otherwise processed;
the processing was based on a legitimate interest of the Controller or a third party, but you have objected to the processing and there is no overriding legitimate ground for the processing;
the personal data were unlawfully processed by the Controller; or
the erasure of the personal data is necessary to comply with a legal obligation.
Where the personal data concerned by this right have been disclosed by the Controller to another person, the Controller shall inform such persons without undue delay after erasure, provided that this is not impossible or involves a disproportionate effort.

Upon request, the Data Controller shall provide information on the recipients.

Please note that the Data Controller is not always obliged to delete personal data, in particular where the processing is necessary to comply with a legal obligation.

 

Right to restriction of processing

You may request the restriction of the processing of your personal data in the following cases.

if you contest the accuracy of the personal data - in this case, the restriction applies for a period of time that allows the Controller to verify the accuracy of the personal data;

where the processing is unlawful but you oppose the erasure of the data and instead request the restriction of their use;
where the controller no longer needs the personal data for the purposes of processing but you require them for the establishment, exercise or defence of legal claims; or
where you have objected to the processing, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller override your legitimate grounds.
Restriction of processing means that the personal data subject to the restriction are not processed by the Controller, except for storage. Where the personal data concerned by this right have been communicated by the Controller to another person, the Controller shall inform those recipients of the restriction of processing without undue delay, provided that this is not impossible or involves a disproportionate effort.

Upon request, the Controller shall provide information about the recipients.

 

Right to data portability

In relation to cookies for which the processing is based on your consent, you have the right to receive the personal data processed about you in a structured, commonly used, machine-readable format.

Right to complain, right to redress

If you consider that the processing of your personal data by the Data Controller infringes the provisions of the applicable data protection legislation, in particular the GDPR or the Infotv.

 

Contact details of the NAIH:
Website: http://naih.hu/
1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest Pf.9.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
You also have the right to lodge a complaint with a supervisory authority established in another EU Member State, in particular the one where you have your habitual residence, place of work or place of the alleged infringement.
Irrespective of your right to lodge a complaint, you may also take legal action in the event of such a violation. The competent court for the Data Controller is the Metropolitan Court of Budapest, but you may also bring the action before the court of your place of residence. The courts can be contacted at the following link: http://birosag.hu/torvenyszekek. You may also bring the action before the competent court of the Member State of your habitual residence, if your habitual residence is in another Member State of the European Union.

You also have the right to take legal action against a legally binding decision of the NAIH that applies to you. You also have the right to a judicial remedy if the NAIH does not deal with your complaint or does not inform you within three months of the procedural developments or the outcome of the complaint you have lodged. You have the right to lodge a complaint on your behalf, to have the decision of the NAIH reviewed by the courts, to bring an action and to assert your right to compensation on your behalf with a non-profit organisation or association established in accordance with the law of one of the Member States of the European Union and whose statutory objectives are to serve the public interest and to protect the rights and freedoms of data subjects with regard to personal data.

Supporting Policies

2. The scope of the data processed, the purpose of the processing, the legal basis and the retention period 

Scope of data processed

Purpose of data processing

Legal basis for processing

Retention period

Personal data (name and e-mail address of the Data Subject) provided by the user ("Data Subject") when requesting personalised access to the electronic interfaces operated by OLDB EUROPE Kft.

Create a user account

Preparation and performance of the contract resulting from the acceptance by the Data Subject of the related General Terms and Conditions

 

As long as the Data Subject has a user account.

(Note: see also the penultimate row of the table for continued data retention)

 

 

Contacting the contact

Data required for the delivery of products purchased through the Webshop to the customer (including the delivery of products by post, courier or at pick-up points)

Delivery of products purchased through the Webshop to the customer

Performance of the sales contract resulting from an order placed on the Webshop

Until the completion of the resulting contract (Note: see also the penultimate row of the table for continued data retention)

Data necessary for the billing of purchases through the Webshop (including the email address of the Data Subject)

Issue an invoice for the purchase price and send it to the Data Subject and fulfil certain tax and accounting legal obligations of the Data Controller related to invoicingFulfilment of tax and accounting legal obligations related to invoicing

Meeting tax and accounting obligations related to invoicing

8 years from the date of data collection

Name, postal address and e-mail address of the data subject

To send paper and digital newsletters for direct marketing purposes, to request feedback on the quality of the services of the Data Controller and its partners in the form of questionnaires and surveys.Express and voluntary consent of the data subject.

Express and voluntary consent of the data subject

Until the withdrawal of the data subject's consent

Your e-mail address and the details of the product you wish to purchase but which is not in stock in the Webshop.

Send a digital message about the availability of the product you want to buy in the Webshop.

Express and voluntary consent of the data subject

Until the withdrawal of the data subject's consent, but at the latest until the purpose of the processing has been fulfilled.

www.scrubdaddy.cz/cleaningstuff.eu/oldb.cz  data collected by cookies used on the website), such as the IP address of the device used by the user, as well as certain characteristics of the activity on the website (which interfaces the visitor clicked on, how long he stayed there, which interface he clicked on, how long he spent on the website)

Market research to optimise the Data Controller's activities, analysis of user activity

Express and voluntary consent of the data subject

 

The cookies used store the data collected for a specified period of time when you visit the cookie settings interface on the website.

If the user withdraws his consent to the use of the cookie, the data will be deleted.

Data relating to contractual relations between OLDB EUROPE Ltd. and the Data Subject, necessary for the performance of the contract in question.

In the context of the Contract, the assertion of legal claims, the defence of legal claims, the defence of possible administrative and judicial proceedings, the provision of data required by law in the event of a request by an authority or court, and the continued storage of data in order to verify and prove all relevant circumstances of the Contract as a legal relationship in connection with the foregoing. The legitimate interest of OLDB EUROPE Ltd. to be in possession of adequate evidence in the event of asserting or defending claims (including claims under labour law or tax law that may be asserted by or against the Data Controller), and its legitimate interest to be able to comply with a request for data provision by a court or public authority in the course of proceedings.

The legitimate interest of OLDB EUROPE Ltd. to be in possession of adequate evidence in the event of asserting or defending claims (including claims under labour law or tax law that may be asserted by or against the Data Controller), and its legitimate interest to be able to comply with a request for data provision by a court or public authority in the course of proceedings.

End of the limitation period for a claim / End of the time limit for initiating proceedings

Backups of the completeness of the data processed under this point 1.3.

Ensuring uninterrupted business operations related to the use of the webshop

The Data Controller's legitimate interest in the uninterrupted operation of the business related to the use of the WebshopIn the case of enquiries that fall within the scope of Act CLV of 1997 on Consumer Protection, the Data Controller's legitimate interest in complying with the statutory obligation to handle complaints.If the answer to the question or comment is necessary for the performance of a contract between the Data Controller and the Data Subject, the performance of this contract.In all other cases, the Data Controller's legitimate interest in handling complaints, comments and answering questions.

1 month from the date of the backups

If the Data Subject contacts the Data Controller with a question, complaint or comment, the Data Subject's name, email address, social media profile or telephone number, depending on the method of contact, and the content of the complaint

Handling of complaints, comments, answering questions and contacting the Data Subject in this contextIn the case of inquiries that fall within the scope of Act CLV of 1997 on Consumer Protection, the Data Controller's legitimate interest in complying with the statutory obligation to handle complaints.If the answering of the question or comment is necessary for the performance of a contract between the Data Controller and the Data Subject, the performance of this contract.In all other cases, the Data Controller's legitimate interest in handling complaints, comments and answering questions. In the case of enquiries that fall within the scope of Act CLV of 1997 on Consumer Protection, the legitimate interest of the Data Controller to comply with the statutory obligation to handle complaints.If the answer to the question or comment is necessary for the performance of a contract between the Data Controller and the Data Subject, the performance of this contract. In all other cases, the legitimate interest of the Data Controller in the handling of the complaint, comment or question.From the end of the communication relating to the complaint, comment or question until the end of the limitation period under civil law (5 years)

Until the end of the civil limitation period (5 years) from the end of the communication related to the complaint, remark or question

 

By providing the registration data to the Data Controller and by the Data Subject's acceptance of the General Terms and Conditions (GTC) provided by the Data Controller to the Data Subject, the Data Subject and the Data Controller enter into a contract, which is governed by the provisions of the Regulation on electronic commerce services and certain aspects of information society services 2011. CVIII of 2011, under which the Data Controller is obliged to provide the use of the Website and to transfer the ownership and possession of the products purchased through the Webshop to the Data Subject, while the Data Subject is obliged to pay the purchase price of the products purchased.

In connection with the above processing, the Data Controller draws your attention to the fact that the provision of the Data Subject's data, which it processes on the basis of a legal obligation or on the basis of the preparation or performance of a contract with the Data Controller, is mandatory for the establishment of a contractual relationship or the performance of certain obligations arising therefrom, without the provision of the necessary data the Data Controller would not be able to fulfil its obligations undertaken in connection with the contract or required by law.

The retention periods set out above have been determined by the Data Controller in view of the fact that for certain data, in accordance with the penultimate row of the table above, personal data may also be processed for legal claims, so that if the retention period for legal claims is longer than the retention period for other processing purposes, the latter is indicated everywhere.

The Data Controller shall make a backup of all the data processed in accordance with this Section 1.3, the purpose of which is to ensure the uninterrupted operation of the processes related to the use of the Webshop, as regulated in this Privacy Policy and the related GTC, even in the event of possible malfunctions in the IT systems. The legal basis for the backup is the legitimate interest of the Data Controller in the continuous operation of the processes related to the use of the Webshop. The Data Controller shall keep the backups for a period of one month.

The retention period may be affected by the data subject's right to object, where the legal basis for the processing to which the objection relates is the legitimate interest of the Data Controller. In such cases, the Data Controller shall determine on a case-by-case basis whether a legitimate interest can be demonstrated on the part of the Data Subject which overrides the Data Subject's right to object.

 

3.       Recipients of personal data, categories of recipients

Standalone controller

Name of addressee

Recipient status

Reason for the data transfer/transmission/access/activity involving the recipient

Barion Payment Zrt.

Head office: H-1117, Budapest, Irinyi József utca 4-20. 2. floor
Helpdesk: +36 1 464 70 99

Company registration number: 01-10-048552

Barion Payment Zrt. operates under the licence of the Magyar Nemzeti Bank in accordance with Act CCXXXV of 2013 and the EU Electronic Money Directive (EMD) of 2011.

Licence ID: H-EN-I-1064/2013 | Institution ID: 25353192

Data Management Registration Number: NAIH-73794/2014

OR

STRIPE 

independent controller

 

It provides online payment for purchases made through the Webshop. Online credit card payments are made through the Barion system.

Credit card details are not passed to the merchant. The service provider Barion Payment Zrt. is an institution supervised by the National Bank of Hungary, its licence number is H-EN-I-1064/2013.

 

 

GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. (head office: 2351 Alsónémedi GLS Európa u. 2.)

OR 

DPD

independent controller

Provide home delivery of products purchased through the Webshop.

Packeta Hungary Kft. (székhely 1044 Budapest, Ezred utca 1-3. B2/11)

independent controller

Provide home delivery of products purchased through the Webshop.

Our legal advisers

independent controller

If we are required to provide information to our advisors in connection with a legal claim, it cannot be excluded that this information may include personal data.

Courts, authorities

independent controller

If we are requested to do so by a court or a public authority, we may be under an obligation to transfer files containing personal data to the court or authority.

 

By transferring the personal data to the above recipients, OLDB EUROPE Ltd. will not transfer the Data Subjects' data to third countries outside the European Union. OLDB EUROPE Ltd. will not transfer the personal data to any person other than the above recipients, unless the transfer is required by law.

4. Special data management

In exceptional cases, in connection with the sale of products that can be purchased through the Webshop, the delivery of the purchased products to the ordering customer and the issuing of an invoice for the purchase price, the Data Controller may process special data within the scope of Article 9 (1) of EU Regulation 2016/679/EC on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (GDPR), in particular personal data in the form of conclusions about the health of the Data Subject (health data). The Data Controller is entitled to process these special categories of personal data pursuant to Article 9(2)(g) GDPR, given that the processing based on the fulfilment of a legal obligation is necessary for reasons of substantial public interest (substantial public interest in billing or contract performance), which are proportionate to the aim pursued. The Data Controller shall respect the essential content of the right to the protection of personal data in the processing and shall provide for adequate and specific measures to safeguard the fundamental rights and interests of the Data Subject.

5.        Contact data obtained from other sources

Scope of data processed

Source of data processed

Order ID, name, e-mail address, gross amount and time of purchase

The financial service provider providing online payment for purchases made through the Webshop.

 

6.        Rights concerned

The Data Subject may request from the Data Controller access to, rectification, erasure of, and in certain cases restriction of the processing of personal data relating to him or her, and may object to the processing of personal data. The Data Subject shall also have the right to data portability and the right to lodge a complaint with a supervisory authority and the right to a judicial remedy and, in the case of automated decision-making in individual cases, the right to choose the scope of the decision and to request human intervention. In addition, where processing is based on consent, the Data Subject shall have the right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.

  1. A)    The right of access

At any time, the Data Subject has the right to request information on whether and how his or her personal data are processed by the Controller, including the purposes of the processing, the recipients to whom the data have been disclosed or the source from which the data were obtained by the Controller, the retention period, any rights concerning the processing, as well as information on automated decision-making, profiling and, in case of transfers to third countries or international organisations, information on the safeguards relating thereto. In exercising the right of access, the Data Subject shall also have the right to request a copy of the data and, in the event of an electronic request, the Data Controller shall provide the requested information in electronic form (pdf format), unless the Data Subject requests otherwise. Where the Data Subject's right of access adversely affects the rights and freedoms of others, in particular the trade secrets or intellectual property of others, the Data Controller shall be entitled to refuse to comply with the Data Subject's request to the extent necessary and proportionate. In the event that the Data Subject requests more than one copy of the above information, the Data Controller shall charge a reasonable fee proportionate to the administrative costs of producing the additional copies.

  1. B)    The right to rectification

The Data Controller shall correct or supplement personal data concerning the Data Subject at the Data Subject's request. If there is doubt about the corrected data, the Controller may request the Data Subject to provide the Controller with evidence of the corrected data in an appropriate manner, in particular by means of a document. Once the corrected data has been verified, the Controller shall not keep the document used for that purpose, nor shall it store it in any form. Where the personal data concerned by this right have been communicated by the Controller to other persons (such as the addressee as data processor), the Controller shall inform those persons without undue delay after the rectification of the data, provided that this is not impossible or involves a disproportionate effort on the part of the Controller. The Data Subject shall be informed of these recipients by the Controller upon request.

  1. C)     Right to erasure ("right to be forgotten")
  1. If the Data Subject requests the erasure of some or all of his or her personal data, the Controller shall erase the data without undue delay if:

    the Controller no longer needs the personal data for the purposes for which it was collected or otherwise processed;
    the processing was based on the data subject's consent but the consent has been withdrawn by the data subject and there is no other legal basis for the processing;
    processing which was based on a legitimate interest of the Controller or a third party, but the Data Subject has objected to the processing and there is no overriding legitimate ground for the processing, other than an objection to processing for direct marketing purposes;
    the personal data were unlawfully processed by the Controller; or
    the erasure of the personal data is necessary to comply with a legal obligation.
    Where the personal data concerned by this right have been communicated by the Controller to another person (such as the addressee as data processor), the Controller shall inform such persons without undue delay after erasure, provided that this is not impossible or involves a disproportionate effort on the part of the Controller. The Data Subject shall be informed of these recipients by the Controller upon request. The Controller is not always obliged to erase personal data, in particular where the processing is necessary for the establishment, exercise or defence of legal claims.

     

    D)    Right to restriction of processing

The Data Subject may request the restriction of the processing of his or her personal data in the following cases:

the Data Subject contests the accuracy of the personal data - in this case, the restriction applies for a period of time that allows the Controller to verify the accuracy of the personal data;
The data subject opposes the erasure of the data and instead requests the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
the Data Subject has objected to the processing - in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

Restriction of processing means that the Data Controller does not process the personal data subject to the restriction, except for storage, or only to the extent to which the Data Subject has consented, or, in the absence of such consent, the Data Controller may process data necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State of the European Union. The Controller shall inform the Data Subject in advance of the lifting of the restriction on processing. Where the Controller has communicated the personal data of the Data Subject to whom this right applies to another person (such as the addressee as data processor), the Controller shall inform such persons of the restriction of processing without undue delay, provided that this is not impossible or involves a disproportionate effort on the part of the Controller. The Controller shall inform the Data Subject of these recipients upon request.

 

  1. E)    The right to object

If the legal basis for the processing of the Data Subject is the legitimate interest of the Controller or a third party, the Data Subject has the right to object to the processing. The Controller shall not be obliged to uphold the objection if the Controller proves that

  • the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Data Subject; or
    the processing relates to the establishment, exercise or defence of legal claims by the Controller.
  1. F)     The right to data portability

The Data Subject shall have the right to request that the Controller provide the Data Subject with personal data which he or she has provided to the Controller on the basis of consent or on a contractual legal basis and which are processed by the Controller by automated means (e.g. in a computer system), in a structured format, either for the purpose of transfer to another controller or, where technically feasible, directly to another controller designated by the Data Subject upon his or her request. The Data Controller shall provide the requested data as a pdf file in case of such requests. In the event that the exercise of the Data Subject's right to data portability would adversely affect the rights and freedoms of others, the Controller shall be entitled to refuse to comply with the Data Subject's request to the extent necessary. The action taken in the scope of data portability does not imply the erasure of the data only if the Data Subject simultaneously applies for erasure, failing which the Data Controller shall keep the data for as long as it has a purpose or a proper legal basis for processing them.

  1. G) Right to complain, right to redress

If the Data Subject considers that the processing of his or her personal data by the Data Controller violates the provisions of the data protection legislation in force, in particular the General Data Protection Regulation, he or she has the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information ("NAIH"). Contact details of the NAIH:

Website:http://naih.hu/ 

Address.

Postal address: 1363 Budapest, PO Box 9.

Phone: +36-1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu 

The Data Subject also has the right to lodge a complaint with a supervisory authority established in another EU Member State, in particular the one where he or she has his or her habitual residence, place of work or place of the alleged infringement.

Irrespective of his or her right to lodge a complaint, the Data Subject may also take legal action in the event of a breach of the above rights. In the case of the data controller, the competent court is the Budapest District Court, but the Data Subject may also bring the action before the court of his/her place of residence. The contact details of the courts in Hungary can be found at the following link:http://birosag.hu/torvenyszekek. The Data Subject may also bring the action before the competent court of the Member State of his/her habitual residence, if the Data Subject has his/her habitual residence in another Member State of the European Union. The Data Subject also has the right to take legal action against a legally binding decision of the supervisory authority which is addressed to him or her. The Data Subject also has the right to judicial remedy if the supervisory authority does not deal with the complaint or does not inform the Data Subject within three months of the procedural developments or the outcome of the complaint lodged. The Data Subject may entrust the lodging of a complaint on his/her behalf, the judicial review of the decision of the supervisory authority, the bringing of an action and the exercise of his/her right to compensation on his/her behalf to a non-profit organisation or association established in accordance with the law of a Member State of the European Union and whose statutory objectives are to serve the public interest and to protect the rights and freedoms of Data Subjects with regard to personal data.

7.        Objection

In view of the fact that the Data Controller processes certain data on the basis of legitimate interest, we expressly and separately draw the attention of the Data Subjects to their right to object to the processing of their personal data, which they may exercise at any time by means of a written statement to that effect. In such a case, the Data Subjects' objection will be deleted by the Controller without undue delay, unless the data are necessary for the protection or enforcement of legal claims or the objection is based on a compelling interest of the Controller to the processing, which overrides the interests and rights of the Data Subject. This will be considered on an individual basis for each objection.

 

8.        Time limit for replying to the data subject's request

The Data Controller shall ensure that, in the event that the Data Subjects exercise any of their rights in relation to this processing and contact the Data Controller in this regard, the Data Controller shall respond to such requests without undue delay and at the latest within one month, not including in the case of withdrawal of consent, when it shall promptly arrange for the erasure of the data processed on the basis of consent.

Where necessary, taking into account the complexity of the request and the number of requests, the time limit set out in the previous paragraph may be extended by a further two months. In such a case, the Data Controller shall inform the Data Subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay. If the Data Subject has submitted the request by electronic means, the information shall be provided by electronic means where possible.

* * *

Date of entry into force: 2 March 2021