PROCESSING POLICY
1. Controllers
Name: Basic Collection Korlátolt Felelősségű Társaság
Address: 1051. Budapest, József Attila str. 12.
Representative of the Controller: Yehuda Bar-Shaked, managing director
Contact of the Controller in respect of data protection: yehuda@basiccollection.com
Name: StyleHub.com Kft.
Address: 1027 Budapest, Medve str. 24. I/1.,
Representative of the Controller: András Attila Pfaff, managing director
The present policy is the unilateral obligation of the controller as per the Regulation No. 2016/679 of the European Parliament and of the Council (EU) (27th April, 2016) and the relevant legal rules of the Member States.
The Present Policy may be unilaterally amended and/or withdrawn by the Controller, with the simultaneous notification of the Data Subjects. The provision of information is implemented by publishing it on the website or by direct notification of the Data Subjects, depending on the nature of the change.
2. The purpose of processing
2.1. Advertising of products and service(s), provision of information for the Users
Legal ground for the processing: Legitimate interest – The legitimate interest of the controller is the direct sales
The data subject provided the following data for the controller at the time of purchasing a product. The controller informs the data subject in the present policy that it reclassifies the purpose of processing of the data managed during the activities laid down in sections 2.1 -2.7 referring to a legitimate interest and uses them for direct sales.
Planned deadline of processing: Until objection
2.2. The issue of the invoice and the mandatory documentation related to the fulfilment of the service
Legal ground for processing: Legal obligation (compliance with the Act on Accounting)
Provision of the data is the condition of the conclusion of the contract. Failing to give the data the Controller cannot fulfil the ordered services.
The scope of the processed data:
The possible consequence for failing to provide the data: failure of the contract
The planned deadline of processing: 8 years
2.3. Guarantee
Related to the replacement, repair, and fulfilment of guarantee for possible faulty products supplied by the controller.
Legal ground for processing: Legal obligation
The possible consequence for failing to provide the data: the failure of the contract
The planned deadline of processing: 5 years
2.4. Complaint handling
Processing related to the complaint-book or book of the customers at the site of the controller.
2.5. Contacting partners, customers and suppliers
The processing of the contact details, the conclusion of the contract, management of e-mail addresses and phone numbers, personal contact, orders and searching for new suppliers.
Legal ground for processing: Legitimate interest – The legitimate interest of the controller is to process the contacts details for the fulfilment of the contract.
2.6. Management of registrations coming from the website
Keeping contact with the partners and clients via e-mail and phone, issuing of offers, further contact for providing business offers and information.
Legal ground for processing: With consent
The planned deadline of processing: Until objection
2.7. Management of the public data collected from the Internet
The controller regularly collects and includes in databases the e-mail addresses, names and phone numbers publicly accessible on the Internet and belonging to the target group of the controller.
Legal ground for processing: Legitimate interest – The legitimate interest of the controller is the direct sales
2.8. Processing related to the GDPR
Processing of data, keeping records of data transfers, data protection breaches, demands and questions of the Data Subjects
The planned deadline of processing: It must not be sorted out
3. The scope of the data subjects
The employees and clients in contractual relationship with the Controller, who give personal data for contacting purposes.
4. Children
Our services are not offered for persons below 16 years. We process the personal data of children below 16 years – due to the legal stipulations - solely with the consent of the –concerned parent. If we become aware that we have collected personal data from children below 16 years with different purposes from the above, then we will take the necessary steps to delete the data within the possible shortest period of time.
5. Duration of processing
In the case of compliance with the law, it is the storage time determined by the act on accounting
In case of a contract: until the deadline specified in the contract or 8 years after expiry of the contract at the latest
In case of consent: until the withdrawal of the consent by the Data Subject
In case of legitimate interest: until the objection of the Data Subject.
6. Information on the use of a processor
The controller transfers the data for the fulfilment of the contract to the contracted processor(s) during processing.
Categories of the recipients: courier services, forwarding companies, IT operators,
The scope of those authorised to learn data
The controller shall not transfer the learned data for third parties, except for the processor(s) specified in section 6. The recorded data may only be known by the employees of the controller and the appointed employees of the processor(s).
The controller draws up a report about the fact of insight in each case, which is stored by the company for 1 year.
7. The rights of the data subjects
The Data Subject may ask the Controller the following through the contact details given in section 1:
The Data Subject may exercise the above rights at any time.
Furthermore, the Data Subject may transfer via one of the contact details given in section 1 to the Controller.
The Controller settles or rejects (with reasons) the notification within 1 month from the submission of the applications - in exceptional cases in a longer term, as permitted by the legal rule. The results of the investigation will be given for the Data Subject in writing.
7.1. The cost of information
The Organisation provides measures and the required information free of charge for the first time. In case the Data Subject asks for the same data for the second time in the same month, and these data did not change during this time, then the Controller will charge an administrative fee.
7.2. Refusal of information
In case the application of the data subject is clearly unfounded, he/she is not authorised for getting information or the Organisation as the controller can prove that the Data Subject has the requested information, then the controller refuses the request for information.
In case the request of the data subject is exaggerated – due to its repeated nature –, then the Organisation may reject taking measures on the basis of the application, if the Data Subject exercises his/her rights under Articles 15-22 in the same subject for the third time within a month.
7.3. The right for objection
The data subject is authorised to object to the processing of his/her personal data based on the legitimate interest or a power of attorney at any time.
In this case, the Organisation shall not process the personal data anymore, unless it can be proved that the processing is justified by such enforcing and legitimate reasons, which take priority against the interests, rights and freedom of the data subject, or which are related to the submission, enforcement or protection of legal claims.
If the soundness of the legal ground for the objection is established, then the processing shall be terminated within the possible shortest period of time – including the data transfer and data collection. Everybody to whom the Organisation previously transferred the data of the Data Subject shall be informed about the objection.
The settlement of the application is free of charge, except for the unfounded and exaggerated requests, whose arrangement may be charged by the Controller with the appropriate and reasonable rate of the fee. In case the Data Subject does not agree with the decision of the Controller, then he/she may refer to the court.
8. Data transfer to a third country or international organisations
The Controller transfers the personal data and records of the Data Subject to third countries outside the states of the European Economic Area or international organisations only with the expressed, written consent of the data subject. Data transfers to a third country are not characteristic of the activity of the controller, however in case of using certain forwarders and shipping agents it may occur. The Controller will arrange for getting the expressed consent of the data subject in this case.
9. Information about the data security measures
The Controller processes the data according to the expectations of the Security Regulation of Information in a closed system.
The Controller takes care of the default and integrated data protection. For this purpose, the Controller applies appropriate technical and organisational measures in order to:
The Controller applies a reasonable number of physical, technical and organisational security measures to protect the data of the Data Subject, in particular, against accidental, incompetent or unlawful destruction, loss, change, transfer, use, access to or processing of them. In case of public or incompetent access or use of the personal data with great risk level, the Controller must immediately inform the Data Subject.
The Controller provides for appropriate protection, e.g. by encryption of the data file, in case the data of the Data Subject must be transferred. The Controller shall bear full responsibility for the processing performed by third persons.
The Controller ensures the protection of the data of the Data Subject against destruction or loss with appropriate and regular back-ups.
10. The applied legal rules
Normative legal rules referring to the processing activities performed by the Controller:
11. Legal remedy
In case of any alleged violation of rights in respect of the processing of the personal data, any Data Subject may refer to the Budapest-Capital Regional Court or initiate an investigation at the Hungarian National Authority for Data Protection and Freedom of Information
President: dr. Attila Péterfalvi,
Address: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.,
Contact details: ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu
Budapest, 24th May, 2018