Privacy policy

1. Purpose of this document

During the operation of the online Store (judeandfriends.com), hereinafter: Online Store, Webshop) maintained by the Data Controller, the personal data of the interested parties (hereinafter: Data Subject, Customer, User) who make purchases through the Online Store, subscribe to the newsletter and visit the website are managed by the information self-determination CXII of 2011 on law and freedom of information. Act (hereinafter: Infotv ), as well as the European Parliament and Council (EU) 2016/By the provisions of Regulation 679 (April 27, 2016) (hereinafter: Regulation, GDPR).

The Data Controller hereby informs the Data Subjects regarding the purchases made through the Online Store, the sending of newsletters, the use of the website, as well as the data management that necessarily accompanies the provision of the service, about the personal data it manages, the purpose of the data management, the retention period of the data, the method of storage and transmission, about the principles and practices followed in the management of personal data, as well as the manner and possibilities of exercising the rights of the data subjects.

The Data Controller reserves the right to unilaterally modify this document at any time.

 

1. The data manager

 

JUDE AND FRIENDS Kft. is the controller of the data collected through the Online Store, as data controller:

Headquarters: 1064 Budapest, Podmaniczky street 57. 2nd floor. 14.

Tax number: 29251119-2-42

Company registration number: 01-09-384499

Data protection contact: info@judeandfriends.com

 

Based on its own internal decision, the company does not appoint a data protection officer, because its activities do not fall into the category where the appointment of this position is mandatory.

Regardless of this, the data protection contact person can be contacted in any matter related to data protection, and it is his responsibility to decide whether the help of an external consultant should be used or not.

 

1. the website
   
   

 

 

• Shopping in the Webstore

 

Purpose of data management: Taking the User's orders from the Online store, confirming, fulfilling, and delivering the order, issuing invoices and receipts for the purchase, and fulfilling the obligation of the Data Controller to comply with the order of receipts and receipts.

Legal basis for data management: Data management is necessary for the performance of a contract in which the data subject is one of the contracting parties. (GDPR Article 6 (1) point b) If the sales contract between the parties has been fulfilled (the person concerned, as the buyer, paid the purchase price, and the Data Controller, as the Seller, handed over the ordered product to the buyer, who accepted the product), The legal basis for data management is Accounting TV. Paragraph (2) of § 169.

Scope of processed data: billing name, e-mail address, phone number, billing address (postal code, town, address), delivery address (postal code, town, address)

Data retention period: Accounting TV. According to Section 169 (2), the last day of the 8th year following the last day of the year in which the invoice was issued.

Place of data management: IT devices located at the premises of the Data Controller, in the case of paper-based documents and invoices, to the files of the Data Controller.

Data transmission: In the case of delivery by courier service, personal data necessary for delivery (name, address, telephone number, e-mail address) will be transferred to the courier service.

 

Data processors:

1. hu Trading and Service Limited Liability Company / 1031 Budapest, Záhony street 7. / 01-09-303201

The data processing activity performed by him: Recording of invoices

1. NZTax Consulting Limited Liability Company / 1142 Budapest, Nezsider park 5. 2/7 / 01-09-296773
   The data processing activity performed by it: Accounting
   
   
2. Shopify Inc. _ / 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L 8, /

The data processing activity carried out by him: Webshop operation. Information on the details of data processing: https://www.shopify.com/legal/dpa

 

 

 

 

 

• Send a newsletter

 

XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. According to § 6 of the Act (hereinafter: Reklámtv .), the User can give prior and specific consent to the Data Controller as a service provider contacting him with his advertising offers, other mailings, and the contact information provided by the Data Subject. In addition, bearing in mind the provisions of this information, the data subject may consent to the Data Controller handling the data necessary for sending advertising offers.

 

The Data Controller does not send unsolicited advertising messages, and the User can unsubscribe from sending newsletters free of charge without limitation or justification. In this case, the Data Controller will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The user can unsubscribe from the newsletters by e-mail, or by sending a request to info@judeandfriends.com.

Purpose of data management: sending electronic e-mail messages containing advertising to the data subject, providing information about current information, products, and promotions.

The legal basis for data management is the voluntary, informed, and definite consent of the concerned person, which the User gives after subscribing to the newsletter by clicking on the hyperlink in the e-mail message sent to confirm the subscription, based on the information contained in this document. ( Infotv. § 5. (1) point a) and based on Article 6 (1) point a) of the GDPR).

Scope of processed data: surname, first name, e-mail address.

Data retention period: until the consent of the data subject is revoked

Place of data processing: IT equipment located at the premises of the Data Controller or the data processors used by the Data Controller.

Method of data storage: electronic.

Data transmission: does not occur

 

• Personal data processed during contact and general inquiries

The Company can be contacted via any communication channel, but primarily via the e-mail address, info@judeandfriends.com and the handling of certain personal data of interested customers is essential for responding.

Purpose of data management: Answering the questions of interested customers

Legal basis for data management: Data management is necessary for the performance of a contract in which the data subject is one of the contracting parties. (GDPR Article 6(1)(b)).

Scope of processed data: Name and contact information (phone number, e-mail address), as well as any other personal data provided by the customer

Data retention period: until the question is answered

Place of data processing: IT equipment located at the premises of the Data Controller or the data processors used by the Data Controller.

Method of data storage: electronic.

Data transfer: data related to the data management contained in this chapter will not be forwarded.

 

 

• Cookies _

When downloading certain parts of the website, the web server automatically saves small data files, so-called places cookies (" Cookie ", "Süti") on the User's Device, and then reads them back during the subsequent visit. In some cases, these data files are Info tv. respectively, according to the GDPR, they are considered personal data, since the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the User's current visit with the previous ones, but only concerning its content.

cookies on the user's device for various purposes during use.

One of these purposes is cookies essential for operation, which the webshop places to be able to identify the user's session. If you do not allow the acceptance of any cookies in your browser, including essential cookies, you will not be able to use the webshop application. This cookie, therefore, does not require the user's consent.

In addition, the Data Controller uses Google Analytics for statistical data collection, which places cookies in your browser and thus sends data to the Data Controller about what you visited on the site. These cookies do not store personal data, they serve to track what the person concerned did on the website.

The third category is the optional cookies that facilitate shopping in the webshop, which save e.g. the mailing address or the contents of the basket so that you do not have to enter them again later. These cookies are provided by the webshop provider, Shopify inc, and their use is optional, the placement of cookies is based on the user's consent, so they are only placed with this consent, which consent is given by the person concerned by clicking the Consent button in the pop-up window.

 

Cookies used by the Data Controller and their retention period

Type of Cookie	The purpose of using cookies	of cookie retention	Is the consent of the data subject required?
Google Analytics (_ ga , _ gat and _ gid named cookies )	The Webshop website uses the Google Analytics tool to collect information and analyze how the User accesses and uses the Webshop. This information is used for the preparation of reports and provides assistance for the further development of the Online store. The collection of data - including the number of users of the Webstore, where the User came to the website, and which pages were visited through the Webstore - is done anonymously. The collected data cannot be traced back to the User. You can find out more about Google's privacy policy here .	Google Analytics so-called first party cookies are created when the User visits the webshop because the Google Analytics tracking code has been installed on our portal. Cookies are stored on the User's Device for a maximum of 2 years from the date indicated above. For more information about this, click here is located.	Yes, by clicking the "I agree" button, the data subject gives his consent to the placement of the cookie .
Google AdWords (Google Remarketing )	Many third-party providers, including Google, store the data of the User's previous visits to the Online store and use this information to display the Data Controller's ads when the User visits the website of a Google partner. During your visit to the Website, one or more Google Inc. (1600 Amphitheater Parkway , Mountain View , CA 94043, USA) we send a Cookie to the User's computer, through which his browser can be uniquely identified . Google remarketing - Cookies are used through the Google AdWords advertising system. With the help of Cookies provided by Google, the fact and time of the visit to the Webstore are recorded, as well as which subpages of the Webstore the User viewed during the visit. The data recorded in this way is stored anonymously . The User can disable Google remarketing on the page for turning off cookies in Google's advertising settings. Cookies and Network Advertising You can also block cookies from third- party providers on the Initiative unsubscribe page .	AdWords cookies are stored for 90 days after the User's visit to the Webshop.	Yes, by clicking the "I agree" button, the data subject gives his consent to the placement of the cookie .
cookie named _s )	Session Cookies enable the Webshop to recognize the User	The information is stored until the end of the current session.	No, the placement of the cookie does not require the consent of the data subject.
Webshop cookies _	of data provided by the customer, such as postal address, name, address	These cookies are stored for a longer time in the cookie file of the browser . The duration of this depends on what setting the Data Subject uses in his internet browser.	Yes, by clicking the "I agree" button, the data subject gives his consent to the placement of the cookie .

 

 

 

The User can accept or reject the use of Cookies on a case-by-case basis, or reject the use of all Cookies by setting the browser accordingly. More information about how to do this and about Cookies can be found on the following website: https://www.youronlinechoices.eu/

If the User decides to disable Cookies, he will only have limited access to certain pages of the Website, and it is possible that certain functions or services of the Website will not work properly.

 

The purpose of data management is to: identify users, distinguish them from one another, identify the user's session, store the data provided during that session, prevent data loss, identify users, conduct web analytics measurements, properly operate the Website, enhance the user experience, display advertisements for Users.

 

Legal basis for data management: the consent of the data subject, which the User gives by clicking on the "I consent" button on the pop-up cookie warning, based on the relevant information contained in this information. ( Infotv. § 5. (1) point a) and based on Article 6 (1) point a) of the GDPR).

 

Scope of managed data: ID number, date, time, and previously visited page.

 

Method of data storage: electronic.

 

Data transmission: no data transmission takes place.

 

 

 

1. Data security

The Data Controller respects the regulations regarding the security of personal data, so both the Data Controller and the authorized data processor take all the technical and organizational measures and establish the procedural rules that Infotv . are necessary to enforce its applicable rules.

The Data Manager protects the data it handles with appropriate measures against unauthorized access, change, transmission, disclosure, deletion, or destruction, as well as against accidental destruction or damage.

 

During its data processing, the Data Controller keeps:

 

1. a) confidentiality: protect the information so that only those who are authorized to do so can access it;
2. b) integrity: protects the accuracy and completeness of the information and the method of processing;
3. c) availability: it ensures that when the authorized user needs it, he can access the desired information and that the related tools are available.

 

 

The Data Controller adequately protects its IT systems and networks against computer fraud, espionage, fire, and flood, as well as viruses and computer intrusions. The operator ensures security with server-level and application-level protection procedures. The Data Controller monitors its systems to record all security incidents and to provide evidence for each security incident. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used. The Data Controller requires and monitors compliance with the information protection measures, based on the provisions of the contracts concluded with the data processors it uses.

 

1. Data subject rights and enforcement

All personal information provided to the Data Controller by the Data Subject must be true, complete, and accurate in all respects.

 

The data subject may request information about the processing of his data, and may request the correction of his data, or - except mandatory data processing - deletion or withdrawal, he may exercise his right to data portability and protest as indicated when the data was collected, or at the above contact details of the data controller.

 

Right to information: The Data Controller takes appropriate measures to provide the data subjects with all the information mentioned in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible, and easily accessible form, clearly and comprehensibly worded.

 

The right to information can be exercised in writing via the contact details indicated in point 2 of this information. Information can also be given orally to the person concerned upon request - after proof of identity.

 

The data subject's right to access: The data subject has the right to receive information from the data controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive access to the personal data and the following information: purposes of data management; categories of personal data concerned; the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations; the planned period of storage of personal data; the right to rectification, deletion or limitation of data processing and the right to protest; the right to submit a complaint to the supervisory authority; information about data sources; the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject. In case of the transfer of personal data to a third country or an international organization, the data subject is entitled to receive information about the appropriate guarantees for the transfer.

 

The Data Controller makes a copy of the personal data subject to data management available to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee in line with the administrative costs. At the request of the data subject, the Data Controller provides the information in electronic form. The data controller shall provide the information within a maximum of one month from the date of submission of the request.

 

Right to rectification: The data subject may request the rectification of inaccurate personal data concerning him or her managed by the Data Controller and the addition of incomplete data.

 

Right to erasure: If one of the following reasons exists, the data subject has the right to have the Data Manager delete his/her data without undue delay upon request:

- personal data are no longer needed for the purpose for which they were collected or otherwise processed;

- the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;

- the data subject objects to the data processing and there is no overriding legal reason for the data processing;

- personal data were handled illegally;

- personal data must be deleted to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;

- the collection of personal data took place in connection with the offering of services related to the information society

 

Data deletion cannot be initiated if data management is necessary: to exercise the right to freedom of expression and information; to fulfill the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or statistical purposes, based on public interest; or to submit, assert or defend legal claims.

 

The right to limit data processing: At the request of the data subject, the Data Controller limits data processing if one of the following conditions is met:

- the data subject disputes the accuracy of the personal data, in this case, the limitation applies to the period that allows checking the accuracy of the personal data;

- the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;

- the data controller no longer needs the personal data for data management, but the data subject requires them to submit, enforce or defend legal claims; obsession

- the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

 

If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, except for storage, to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state. The Data Controller informs the data subject in advance of the lifting of restrictions on data management.

 

Right to data portability: The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.

 

Right to object: The data subject has the right to object at any time for reasons related to his situation against the processing of his data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of a public authority vested in the data controller, or for the enforcement of the legitimate interests of the data controller or a third party, including the aforementioned also profiling based on provisions. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights, and freedoms of the data subject, or that are related to the presentation, enforcement or defense of legal claims. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. In case of objection to processing personal data for direct business acquisition, the data cannot be processed for this purpose.

 

Automated decision-making in individual cases, including profiling: The data subject has the right not to be covered by the scope of a decision based solely on automated data management - including profiling - that would have legal effects on him or similarly significantly affect him.

 

The above authorization cannot be applied if the data management

- necessary to conclude or fulfill the contract between the data subject and the data controller;

- its implementation is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession

- is based on the express consent of the data subject.

 

Right of withdrawal: The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent before the withdrawal.

 

Procedural rules: The data controller informs the data subject without undue delay, but in any case within one month of receipt of the request, by Articles 15-22 of the GDPR. on measures taken following a request under Art. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months.

 

The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.

 

If the data controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress.

 

The Data Controller provides the requested information and information free of charge. If the data subject's request is unfounded or - especially due to its repeated nature - excessive, the data controller may, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure, charge a reasonable fee or refuse to take action based on the request.

 

The data manager informs all recipients of all corrections, deletions, or data management restrictions carried out by him, to whom or to whom the personal data was disclosed unless this proves to be impossible or requires a disproportionately large effort. At the data subject's request, the data controller informs about these recipients.

 

The data controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise.

 

Compensation and damages: All persons who have suffered material or non-material damage as a result of a violation of the Regulation are entitled to compensation from the data controller or data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specified in the law, which are specifically imposed on data processors, or if it has ignored or acted contrary to the legal instructions of the data controller.

 

If several data managers or data processors or both data managers and data processors are involved in the same data management and are liable for damages caused by data management, each data manager or data processor is jointly and severally liable for the entire damage.

 

The data controller or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.

 

Official data protection procedure: The data subject can file a complaint with the National Data Protection and Freedom of Information Authority regarding the handling of their personal data.

 

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1055 Budapest, Falk Miksa street 9-11

Mailing address: 1363 Budapest, Pf.: 9.

E-mail: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

 

 

Right to go to court: In case of a violation of their rights, the data subject may go to court against the data controller, regardless of the complaint filing. The court acts out of sequence in the case.