PRIVACY STATEMENT

Introduction

Grünkon Kft., 1047 Budapest, Attila u. 32-34. (hereinafter: Service Provider, Data Controller) shall submit to the following prospectus.

Registration number: a:NAIH-87586/2015.

CXII of 2011 on Information Self-Determination and Freedom of Information (20) of the Act (1) stipulates that the data subject (in this case the webshop user, hereinafter referred to as the user) shall be informed prior to the commencement of data management that the data management is based on consent or mandatory.

The data subject must be informed clearly and in detail before the data management begins, of all facts relating to the management of his / her data, in particular the purpose and legal basis of the data management, the person entitled to data processing and data processing, the duration of the data management.

The affected person should be informed about Info tv. Article 6 para. (1) also states that personal data may be processed even if obtaining the consent of the data subject would be impossible or disproportionate and the processing of personal data would be impossible.

  • necessary to fulfill the legal obligation to the controller, or

  • it is necessary to enforce the legitimate interests of the controller or a third party and the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data.

The information should also cover the data processing rights and remedies available to the data subject.

If the personal information of those concerned would be impossible or disproportionate (such as a webshop in this case), the information may also be disclosed by disclosing the following information:

a) fact of data collection,

b) range of stakeholders,

c) the purpose of the data collection,

d) the duration of the data processing,

e) the identity of potential data controllers authorized to access the data,

f) a description of the data subjects' rights and remedies in relation to data processing, and

g) where there is a place for data processing in a data protection record, the registration number of the data management.

Amendments to this Prospectus will become effective upon publication at the address above. We also show the legal reference behind each chapter title of the prospectus. 

Interpretative Concepts (3.§)

  1. affected / User: any natural person identified or identified directly or indirectly by personal data;

  2. personal data: data relating to the data subject, in particular the name of the data subject, his identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion drawn from the data of the data subject;

  3. special data:
    a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs, membership of an organization of interest, sexual life,
    b) personal data on health status, pathological passion and criminal personal data;

  4. consent: a voluntary and decisive declaration of the will of the data subject based on appropriate information and with unambiguous consent to the processing of personal data relating to him or her, wholly or in part;

  5. protest: a statement by the person concerned to object to the processing of his or her personal data and requests the termination of the data management and the deletion of the data processed;

  6. data controller: a natural or legal person or an entity without legal personality that either independently or with others determines the purpose of data management, makes and implements decisions relating to data management (including the equipment used), or executes it with a data processor entrusted to it;

  7. data processing: any set of operations or operations performed on the data, irrespective of the procedure used, including, in particular, collection, recording, recording, systematization, storage, alteration, use, querying, transmission, disclosure, coordination or interconnection, blocking, deletion and destruction; preventing the further use of the data, capturing photos, sound or images, and recording physical characteristics suitable for identifying the person (eg finger or palmprint, DNA sample, iris image);

  8. data transmission: making data available to a specific third party;

  9. disclosure: making data available to anyone;

  10. data deletion: making data unrecognizable in such a way that their recovery is no longer possible;

  11. data designation: providing the data with an identification mark to distinguish it;

  12. data blocking: for the purpose of limiting the further processing of the data with an identifier for a definitive or definite period of time;

  13. data destruction: complete physical destruction of data media containing data;

  14. data processing: performing technical tasks related to data management operations, irrespective of the method and means used to perform the operations and the location of the application, provided that the technical task is performed on the data;

  15. data processor: a natural or legal person or an entity without legal personality that processes data on the basis of a contract with the data controller, including the conclusion of a contract under a provision of the law;

  16. data responder: the body performing the public task that produced the data of public interest that must be published electronically, or in the course of which the data was generated;

  17. informant: the body performing the public task, which - if the data owner does not publish the data himself - publishes the data sent to him by the data controller on the website;

  18. data set: a set of data processed in a register;

  19. third party: any natural or legal person or entity without legal personality which is not the same as the data subject, the controller or the data processor;

The legal basis for data management (5.-6.§)  

  1. Personal data can be handled if
    - the person concerned agrees, or
    - it is ordered by law or, under the authority of the law, within the scope specified therein, by a local government regulation for public interest purposes.

  2. Personal data may be processed even if obtaining the consent of the data subject would be impossible or disproportionate and the processing of personal data would be impossible.
    a) necessary for the performance of a legal obligation to which the controller is subject; or
    b) necessary for the legitimate interests of the controller or of a third party, and the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data.

  3. If, because of the incapacity of the data subject or for other unavoidable reasons, he is unable to give his consent, the personal data of the data subject shall, during the existence of obstacles to consent, to the extent necessary to protect his or her own or other person's vital interests and to prevent or prevent a direct threat to his or her life, bodily integrity or property. they can be treated.

  4. The validity of your legal declaration containing the consent of the minor under the age of 16 is not subject to the consent or subsequent approval of your legal representative.

  5. If the purpose of the data management based on consent is to execute a written agreement with the data controller, the contract must contain all information that the data subject must know about the processing of personal data, in particular the definition of the data to be processed, the duration of the data management, the purpose of the use, the transmission of the data , recipients, fact of using a data processor. The contract must include unambiguously the consent of the data subject to the processing of his or her data as specified in the contract.

  6. If personal data has been recorded with the consent of the data subject, the controller will not store the recorded data unless otherwise provided by law

  • for the purpose of fulfilling his legal obligation, or

  • for the purpose of enforcing a legitimate interest of the controller or a third party, if the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data

The boundaries of data management to purpose (4.§ [1]-[2])

  1. Personal data may only be processed for a specific purpose, for the purpose of exercising rights and fulfilling an obligation. The data management must at all stages comply with the purpose of the data management, the recording and processing of the data must be fair and lawful.

  2. Only personal data that is essential for the purpose of data management can be handled to achieve the purpose. Personal data can only be managed to the extent and for the time necessary to achieve the goal.

Other principles of data management (4.§ [3]-[4])

Personal data in the course of data management retains this quality until its relationship with the affected person can be restored. The contact can be restored when the controller has the technical conditions needed to recover.

During data management, the accuracy, completeness of the data and, if necessary for the purpose of data management, its up-to-date information, and the identification of the data subject only for the time necessary for the purpose of the data management, shall be ensured.

Functional data management

  1. CXII of 2011 on Information Self-Determination and Freedom of Information pursuant to Section 20 § pursuant to (1) to determine the functionality of the webshop website functionality:
    a) fact of data collection,
    b) range of stakeholders,
    c) the purpose of the data collection,
    d) the duration of the data processing,
    e) the identity of potential data controllers authorized to access the data,
    f) a description of the data subjects' rights to data management.

  2. The fact of data collection, the range of data processed: User name, e-mail address, password, wire and last name, phone number, postal address, company name, tax number, billing name, billing address, date of registration, IP address at registration.

  3. Stakeholders: All stakeholders registered on the webshop.

  4. Purpose of data collection: Service provider to use the website in full, eg. create a contract for the provision of a service, define its content, modify it, monitor its performance, invoice its fees and enforce its related claims, and manage the personal information of the Users in order to provide newsletter sending.

  5. Duration of data management, deadline for data deletion: Deleting the registration immediately. Except in the case of accounting documents, under § 169 (2) of Act C of 2000 on Accounting these data have to be kept for 8 years.

  6. Identifiers of potential data controllers authorized to access the data: Personal data may be processed by data controllers, while respecting the above principles.

  7. Description of data subjects' rights to data management: The following information may be modified on the websites: E-mail address, password, wire and surname, telephone number, postal address, company name, tax number, billing name, billing address. You may initiate the deletion or modification of your personal information in the following ways:
    - by post in 1047 Budapest, Attila u. 32-34. address,
    - by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.

  8. Legal basis for data management: User consent, Info. Article 5 (1) of the Act, and CVIII of 2001 on certain aspects of electronic commerce services and information society services; (hereinafter: Elker TV.) 13 / A. (3).

Our principles of functional data management (Elker tv. 13/A.)

  1. The service provider may manage the natural identity, address and information on the date, duration and location of the use of the information society for the purpose of billing the information society service charges.

  2. The service provider may manage the personal data that are technically essential for the provision of the service in order to provide the service. In the case of identity of other terms, the service provider must choose and in any case operate the means used to provide the information society service so that personal data will only be processed if it is necessary for the provision of the service and the fulfillment of other purposes defined in the Elker Act. necessary, but in this case only to the extent and for the time necessary.

  3. The Service Provider may only process data for any other purpose, such as increasing the efficiency of its service, delivering an electronic advertisement addressed to the user, or other targeted content for market research, only with the prior determination of the purpose of the data management and the consent of the user.

  4. Before and during the use of the information society service, the user must be continuously prevented from banning data management.

  5. The data processed must be deleted after the contract has been terminated, the contract is terminated and the invoice is billed. Data must be deleted if the purpose of the data management has ceased to exist or the user has so provided. Unless otherwise provided by law, data erasure shall be performed immediately.

  6. The service provider must ensure that the user can know which data types are managed by the service provider for the purposes of the information society service and at any time during the use of the service, including the handling of data that cannot be directly in contact with the user

Manage cookies

  1. CXII of 2011 on Information Self-Determination and Freedom of Information Pursuant to Article 20. § (1) :
    a) fact of data collection,
    b) range of stakeholders,
    c) the purpose of the data collection,
    d) the duration of the data processing,
    e) the identity of potential data controllers authorized to access the data,
    f) a description of the data subjects' rights to data management.

  2. Webshop-specific cookies are so-called "password-protected session cookies", "shopping cart cookies", and "cookie cookies" that require no prior consent from stakeholders.

  3. The fact of data management, the range of data processed: unique identification number, dates, dates.

  4. Stakeholders: All visitors to the website are concerned.

  5. The purpose of data management is to identify users, to register the "shopping cart" and to track visitors.

  6. Duration of data management, deadline for deletion of data: The duration of data management for session cookies is limited to the end of the visit of the websites.

  7. Identifiers of potential data controllers authorized to access the data: Personal data may be processed by data controllers, while respecting the above principles.

  8. Description of data subjects' rights to data management: The data subject has the option to delete cookies in the Tools / Options menu of browsers, generally under the Privacy menu.

  9. Legal basis for data processing: The consent of the data subject is not required if the use of cookies is solely for the purpose of transmitting via the electronic communications network or for the provision of the information society service specifically requested by the subscriber or user.

  10. [optional] The Service Provider uses the GoogleAnalytics service to measure the attendance of the webshop. Data is transmitted when using the service. The data transmitted are not suitable for identifying the data subject. For more information about Goggle's privacy policies, see: http://www.google.hu/policies/privacy/ads/

Newsletter

  1. On the basic conditions and certain limitations of the economic advertising activity, XLVIII. Pursuant to Section 6 of the Act of 2006, the User may consent in advance and expressly to the provision by the Service Provider of his advertisements and other items at the contact details given at the time of registration (eg e-mail address or telephone number).

  2. In addition, the Customer may, subject to the provisions of this Prospectus, consent to the management of the personal data of the Service Provider required for sending the promotional offers.

  3. The Service Provider does not send unsolicited advertising messages and the User may unsubscribe from sending the offers free of charge, without limitation or justification. In this case, the Service Provider deletes all of its personal data, which is necessary for sending the advertisement messages, from its register and does not contact the User with further advertising offers. Users can opt out of advertising by clicking the link in the message.

  4. CXII of 2011 on Information Self-Determination and Freedom of Information Pursuant to Article 20. § (1) :
    a) fact of data collection,
    b) range of stakeholders,
    c) the purpose of the data collection,
    d) the duration of the data processing,
    e) the identity of potential data controllers authorized to access the data,
    f) a description of the data subjects' rights to data management.

  5. The fact of data management, the range of data processed: name, email address, (phone number) date, time.

  6. Stakeholders: All those who subscribe to the newsletter.

  7. The purpose of data management is to send the electronic message (e-mail, sms, push) containing the advertisement to the data subject, to provide information about current information, products, actions, new features, etc.

  8. Duration of data management, deadline for deletion of data: data management is pending until withdrawal of the consent statement, ie until the unsubscribe.

  9. Identifiers of potential data controllers authorized to access the data: Personal data may be processed by data controllers, while respecting the above principles.

  10. Disclosure of data subjects' rights to data management: You may opt out of the newsletter at any time, free of charge.

  11. The legal basis for data management is the voluntary consent of the data subject, Infotv. (5) (1) of the Act, and the Act XLVIII. Section 6 (5) of the Act.

Data transmission

  1. CXII of 2011 on Information Self-Determination and Freedom of Information Pursuant to Article 20. § (1) :
    a) fact of data collection,
    b) range of stakeholders,
    c) the purpose of the data collection,
    d) the duration of the data processing,
    e) the identity of potential data controllers authorized to access the data,
    f) a description of the data subjects' rights to data management.

  2. The fact of data management, the range of data processed. The scope of the data transmitted for the delivery of the delivery: Name, address, telephone number, product name, amount to be paid. The scope of the data transmitted for the execution of online payment: Name, address, transaction amount, transaction title.

  3. Stakeholders: All involved in home delivery.

  4. Purpose of data management: Delivery of the ordered product to the home.

  5. Duration of data management, deadline for data deletion: It lasts until the delivery of the home delivery.

  6. Identifiers of potential data controllers authorized to access the data: Personal data may be managed by following the above principles:

    Magyar Posta Zrt.
    Budapest, Dunavirág utca 2-6.
    Adress: Budapest 1540
    Phone: +36 1 767-8200
    e-mail adress: This email address is being protected from spambots. You need JavaScript enabled to view it.
    web: www.posta.hu
    Privacy statement: http://posta.hu/adatkezelesi_elveink

    Hosting-provider:
    C-Host Kft.
    Adress: 1115 Budapest, Halmi utca 29.
    Phone: +361 445-2040

  7. Disclosure of data subjects' rights to data management: The data subject may request the deletion of his / her personal data from the data controller providing the home provider.

  8. The legal basis for the data transfer is the User's consent, the Info. Article 5 (1) of the Act, and CVIII of 2001 on certain aspects of electronic commerce services and information society services; Act 13 / A. (3).

Data security (7.§)

  1. The controller is obliged to design and execute the data management operations to ensure the protection of the privacy of the data subjects.

  2. In the data controller or in the field of its activity, the data processor is obliged to ensure the security of the data, and also to take the technical and organizational measures and to establish the procedural rules necessary for the enforcement of the Info TV and other data and secret protection rules.

  3. The data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and unavailability due to accidental destruction or damage resulting from a change in the technique used.

  4. In order to protect the electronically managed data files of different registers, it must be ensured by means of an appropriate technical solution that the data stored in the registers, unless permitted by law, are not directly linked and assigned to the data subject.

  5. In the automated processing of personal data, the data controller and the data processor provide additional measures.

  6. to prevent unauthorized data entry;

  7. preventing the use of automatic data processing systems by unauthorized persons using data transmission equipment;

  8. the verifiability and verifiability of the bodies to which personal data have been transmitted or transmitted by means of data transmission equipment;

  9. the controllability and verifiability of what personal data you have, when and who you entered into the automatic data processing systems;

  10. recoverability of installed systems in case of malfunction and

  11. to report on errors that occur during automated processing.

  12. The controller and the data processor must take into account the state of the art in the definition and application of data security measures. More than one possible data management solution must be chosen that provides a higher level of protection for personal data, unless it would be a disproportionate difficulty for the controller.

Rights of stakeholders (14.-19.§)

  1. The data subject may apply to the Service Provider to provide information on the management of their personal data, to request rectification of their personal data, and to request the deletion or blocking of their personal data, except for mandatory data management.

  2. At the request of the data subject, the data controller shall provide information on the data processed by the data subject or the data processor it authorizes, their source, the purpose of the data processing, its legal basis, duration, the name of the processor, its address and its activities related to data management, and - the transfer of the personal data of the data subject. - the legal basis and the addressee of the transfer.

  3. The controller maintains a data transfer register for the purpose of verifying the legality of the data transmission and for informing the data subject, which includes the date of transmission of the personal data it manages, the legal basis and addressee of the data transmission, the definition of the scope of personal data transmitted, and other data specified in the legislation prescribing data management.

  4. The data controller shall provide the information in writing in the shortest possible time from the submission of the application, but not later than within 30 days, in a comprehensible form, at the request of the data subject. The information is free.

  5. Upon request of the User, the Service Provider shall provide information on the data it manages, their source, the purpose of the data management, its legal basis, duration, the name of the data processor, its address and its activity related to data management, and - on the transfer of the personal data of the data subject - the legal basis and addressee of the data transfer. The Service Provider shall provide the information in writing, in a comprehensible form, in the shortest possible time after the submission of the request, and in any case within 30 days. The information is free.

  6. The Service Provider, if personal data does not correspond to reality, and personal data corresponding to reality is available to the data controller, rectifies the personal data.

  7. The Service Provider, if personal data does not correspond to reality, and personal data corresponding to reality is available to the data controller, rectifies the personal data. Instead of deletion, the Service Provider locks the personal data if the User requests it, or if it can be assumed on the basis of the available information that the deletion would violate the User's legitimate interests. Locked personal data may be processed only for as long as there is a data management purpose that excludes the deletion of personal data.

  8. The Service Provider deletes the personal data if its management is unlawful, the User requests, the managed data is incomplete or incorrect - and this condition cannot be legally remedied - provided that the cancellation is not excluded by law, the purpose of data management has been terminated or the data storage law stipulated by law the deadline has expired, it has been ordered by the court or the National Data Protection and Freedom of Information Authority.

  9. The controller handles the personal data it manages if the data subject disputes its accuracy or accuracy, but the inaccuracy or inaccuracy of the personal data at issue cannot be clearly established.

  10. The person concerned, as well as all those to whom the data was previously transferred for data management purposes, shall be notified of the rectification, blocking, marking and deletion. The notification may be omitted if it does not violate the legitimate interest of the data subject with respect to the purpose of the data management.

  11. If the data controller does not comply with the request for rectification, blocking or cancellation of the data subject, it shall, within 30 days of receipt of the request, communicate in writing the reasons of fact and law rejecting the request for rectification, blocking or cancellation. In the event of a refusal of an application for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of a judicial remedy and of having recourse to the Authority.

Remedy

  1. User may object to the processing of their personal data if
    a)     the processing or transfer of personal data is required solely for the purpose of fulfilling the legal obligation of the Service Provider or for the legitimate interest of the Service Provider, the Data Acquirer or a third party, unless the data management is prescribed by law;
    b)     the use or transmission of personal data is for direct marketing, opinion polling or scientific research;
    c)      in other cases provided by law.

  2. The Service Provider examines the protest as soon as possible after the submission of the request, but within a maximum of 15 days, decides on its validity and informs the applicant in writing of its decision. If the Service Provider finds that the data subject's objection is justified, he / she will terminate the data management, including further data collection and data transfer, and block the data and notify any person to whom the personal data affected by the protest has previously been forwarded of the protest and any actions taken on its basis. and who are obliged to take action to enforce the right of protest.

  3. If the User does not agree with the decision of the Service Provider, he / she may appeal to the court within 30 days of its notification. The court is acting out of line.

  4. Complaint against a possible violation of data controller by the National Authority for Data Protection and Freedom of Information:

    Nemzeti Adatvédelmi és Információszabadság Hatóság
    1125 Budapest, Szilágyi Erzsébet fasor 22/C.
    Adress: 1530 Budapest, Postafiók: 5.
    Phone: +36 -1-391-1400
    Fax: +36-1-391-1410
    E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Judicial enforcement (22.§)

  1. The data controller is obliged to prove that the data management complies with the law. The data bearer must prove the legality of the data transmission.

  2. Judicial review is within the jurisdiction of the Tribunal. The lawsuit may, at the option of the data subject, be initiated before the court of the place of residence or stay of the data subject.

  3. There may also be a party to the lawsuit who otherwise has no legal capacity to sue. The Authority may intervene in the proceedings for the benefit of the party concerned.

  4. If the court approves the application, the data controller obliges the data controller to provide information, correct, block, delete, cancel the decision made by automated data processing, to take into account the right of protest of the data subject, and to issue the data requested by the data receiver.

  5. If the court rejects the data subject's request, the data controller must delete the personal data of the data subject within 3 days from the date of delivery of the judgment. The controller shall also delete the data if the data importer does not go to court within the specified time limit.

  6. The court may order the disclosure of its judgment by publishing the identity of the controller if it is required by the interests of data protection and the greater number of protected rights of the data subject.

Compensation and damages (23. §)

  1. If the data controller causes damage to others by unlawfully handling the data of the data subject or by violating the data security requirements, it is obliged to reimburse it.

  2. If the data controller violates the data subject's privacy right by unlawfully handling the data of the data subject or by violating the data security requirements, the data subject may claim damages from the data controller.

  3. Contrary to the data subject, the controller is responsible for the damage caused by the data processor and the data controller is also obliged to pay the person concerned a fee for the personal violation caused by the data processor. The Data Controller is exempted from liability for damages and payment of damages if he proves that the damage or the violation of the personality rights of the data subject was caused by an unavoidable cause beyond the scope of data management.

  4. There is no need to compensate for the damage and no claim for damages in so far as the damage caused by the victim or the violation of the right to the personality arose from the deliberate or gross negligence of the person concerned.

Contact

Wholesale
1047 Budapest, Attila u. 32-34. 
Telephone: +36-20/501-8488
Open: H-P: 8-16-ig

Leather and shoes accessories trading
6722 Szeged, Kálvária sgt. 3. 
Telephone: +36-62/675-835, +36-70/771-1706
Open: H-P: 8-17-ig, Szo:8-12-ig

4400 Nyíregyháza, Rákóczi u. 54.
Telephone: +36-70/425-8024
Open: H-P.: 8-16.30-ig

Logistics Center
6725 Szeged, Kálvária sgt. 87. 
Telephone:+36-30/533-2503
Open: Előzetes egyeztetés alapján

Facebook

Why us?

garancia png  Excellent quality!

 valasztek png

 

Large selection!

raktar2 png

Continuous stock!

 

terkep

 

National coverage!

fejlec png feher

Együttműködő partnerünk: e-iroda.hu   Komplex irodai megoldások online!