DATA PROCESSING INFORMATION
Regarding the processing of the personal data that are stored in the system, a Controller pays special attention during data processing to process, store and use personal data according to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (“Regulation”) about the protection of natural persons with regarding of the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Regarding data processing a Controller informs the users and costumers of the website (hereafter: User) about personal data processed by him/her, about the principles and practice used while processing personal data, and about the ways and possibilities of enforcing User’s rights.
User is entitled to withdraw his/her contribution partially or fully to data processing by sending a written notification for the Controller and he/she is entitled to ask for the deletion of his/her data as it is specified in the information.
1. THE CONTROLLER
Data processing is made by Max-Fashion Kft.
Website: www.javoli.hu, www.javoli.com, www.javoli.eu.
Seat: H-8000 Székesfehérvár, Széchenyi street 172.
Company registration number: 07-09-019451
Tax number: 23032880-2-07
The registration number of data protection files: NAIH-91263, 91264, 91265/2015.
Registering Court: Court of Registration in Székesfehérvár
Postal address: H-8000 Székesfehérvár, Széchenyi street 172.
E-mail address: info@javoli.com
Phone number: +36-70-674-80-01
2. THE LEGAL BASIS OF DATA MANAGEMENT
I connection with the services available on the Website, the legal grounds for data processing regarding personal data processing of natural persons, is the User’s voluntary contribution according to the Article 6. (1) paragraph a) part of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (“Regulation”) about the protection of natural persons with regarding of the processing of the personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
User can withdraw his/her contribution to data processing every time. In this case Controller deletes User’s personal data from the system.
If the User did not withdraw his/her contribution, the duration of the processing is the duration set in this information in cases in connection with data processing.
3. THE SCOPE, DURATION AND PURPOSE OF DATA
Registration
Registration data:
E-mail address
Contact data:
Surname
Lastname
Phone number
Mobile number
Invoicing and delivery data:
Country, postcode, city, street, housenumber, in case of a company tax number
Processing of personal data which were given during registration or during ordering, starts with the registration and lasts until their deletion for request. If User does not ask for the deletion of his/her registration, Controller deletes them from the system in no more than 30 days after the termination of the Website.
– ensuring the possibility for registered Users to buy goods in the webshop and allowing invoicing,
– delivering the order.
User’s voluntary contribution.
Contacting Controller via e-mail, phone or post.
Name
E-mail address and every data that are voluntary given by the User during the communication.
Contact via post and e-mail: Controller starts processing personal data, when User gives them voluntary at the time of the first communication and data processing lasts until the deletion of data for request. If the User does not ask for deletion of personal data given at the time of communication, personal data will be stored for 10 years by Controller, except in case of a letter of complaint. After 10 years personal data will be deleted from the Controller’s system. Controller deletes the personal data from the system in no more than 30 days if the Website stops operating earlier than ten years. Except the letters of complaint with storage period of five years.
The phone call is not recorded by Controller, therefore the data given while phoning will only be recorded, in case of a complaint, if minutes are being taken.
– Communication
– Keeping contact
– Complaint management
User’s voluntary contribution.
Contact form
Name
Address
Phone number
E-mail address
The name of the company is optional
The incoming e-mails with the name, e-mail address, and other voluntary given personal data of the sender will be deleted at least three months after they had been given, except of the letters of complaint with a storage period of five years.
– Communication
– Keeping contact
– Complaint management
User’s voluntary contribution.
3.1 Data processing for other purposes
3.1.1 Newsletter, DM activity
The scope of the processed data Name, e-mail address
The purpose of data processing User contributes by subscribing to be sent newsletter by Controller with a content of direct marketing. In case of subscribing, Controller – if there is no other declaration or objection – uses the personal data, e-mail address and name given by User for a purpose to send information material, special offers, offers and other information about his/her services.
The duration of data processing These data are processed by Controller as long as User unsubscribes the Newsletter by clicking the “unsubscribe” link found in the Newsletter or asks for being unsubscribed via e-mail or post. In case of being unsubscribed, Controller will not send any newsletters or offers for User. User can unsubscribe from newsletter anytime for free without any limitations and justification.
The legal basis of data management: User’s voluntary contribution.
3.1.2. Data collected in connection with the usage of the Website (Processing data for other purposes)
3.1.2.1. Technical data, data of Website visits
Controller does not match the data with any other information found while analyzing the log files, he or she does not try to identify the User.
The IP address is a series of numbers, the computers of the User accessing the Internet can be distinctly identified with the help of it. The visitor using the computer can even be geographically localized with the help of the IP address. The address, the date and the time alone are not enough to identify the User, but if they are matched with other data (given during registration) conclusions can be drawn about User.
The scope of the processed data: date, time, IP address of the User’s computer, the address of the visited site, and the data regarding the age or majority of the visitor.
The purpose of data processing: The system of Controller records the IP address of User’s computer, the time of visit automatically, or in other cases – depending on the setting of the computer – the type of the browser and operating system. The data recorded that way cannot be matched with other personal data. The data processing is only for statistic purposes. The purposes of the data processing are: to check the functioning of the service, the personalized service and to prevent misuse.
The duration of data processing: 30 days from visiting the Website.
The legal basis of data processing: User’s voluntary contribution.
3.1.2.2. Processing cookies
Controller puts small files, so called cookies on the User’s computer in order to provide customized service and reads them during a visit later on. If the browser sends a previously saved cookie back the cookie managing provider has the possibility to link the User’s actual visit to the previous ones, but just in the case of own content. The cookies that are typical for Webshops are cookies, that are used for sessions protected by password.
The purpose of data processing: These cookies are used to operate the Website more efficiently and safely, therefore they are indispensable to operate some functions or some apps of the website properly.
The scope of the processed data: does not record personal data
The time of data processing: data are processed only while User is visiting the website, they are deleted after it automatically.
The purpose of data processing: persistent cookies are used Controller as well for a better user experience, for example providing optimized navigation. These cookies are stored for a longer period in the cookie file of the browser. This period depends on the setting of User’s internet browser.
The scope of the processed data: does not record personal data
The duration of data processing: These cookies are stored for a longer period in the cookie file of the browser. This period depends on the setting of the User’s internet browser, it is mainly 30-60-90-120-180-365 days.
- Cookies used for shopping basket
The scope of the processed data: does not record personal data
The duration of data processing: 365 days
The purpose of data processing: Identifying Costumers, recording the “shopping basket”, managing shopping basket (virtuemart), ensuring adequate navigation.
The scope of the processed data: does not record personal data
The purpose of data processing: Identifying the actual session of the User, preventing unauthorized access.
The duration of data processing: during the session
- Cookies needed for session protected by password
The scope of the processed data: does not record personal data
The purpose of data processing: this cookie identifies the User after accessing a service in connection with information society
; identifying the User is necessarry so that the communication with the server on the communication network remains uninterrupted.
Deletion of cookies
The User has the right to delete cookies from his/her own computer, and User can ban the cookies in his/her browser. Cookies can be managed in the menu Tools/Settings under the menu Private Policy/History/Setting by naming the cookie or monitoring.
The Website can contain information, mainly advertisements, that are from a third person or advertising service, that are not in contact with the Controller. It might happen, that these third persons transfer cookies or web beacons on the computer of the User, or they use similar methods to collect data to send direct advertisements in connection with their own services for the User. In these cases the data processing is governed by a private policy determined by the third person, so Controller is not responsible for the data processing.
3.1.2.3. Data processing of external provider
The html code of the Website includes links from and links to external servers that are independent from Controller. The server of the external provider is directly connected to the computer of the User. We draw the attention of our visitors to the fact that the provider of these links are able to collect User’s data to their servers because of the direct communication with the User’s browser.
The personalized contents for the User are provided by the server of the external provider.
The following Controller can provide details about the processing of the data by the server of an external provider.
The external providers transfer and read small files, so called cookies on the User’s computer. If the browser sends back a previously saved cookie, the cookie managing provider has the possibility to link the User’s actual visit to the previous ones, but just in the case of own content.
The advertisements of the Controller are shown by the external providers on Internet websites (Google). These external providers (Google) store with the help of the cookies that the User had visited the Website of the Controller earlier, and they show – personalized – advertisements based on these. (so they are doing remarketing activity).
- Cookies transferred by Google Analytics
The purpose of data processing: The server of Google Analytics as an external provider helps the independent measurements and auditing of the visits to the Website and the other web analytics data. Google can provide you details about the processing of the measurement data on www.google-analytics.com.
Google Analytics is the analyzing service of Google Inc. („Google”). Google Analytics analyses the User’s interaction on the Website with the help of the Cookies stored on the computer of the User. The cookies for analytic purpose are anonymized and aggregated, it is difficult to identify the User based on them, but it cannot be excluded.
The analytic information collected by Google Analytics cookies are transferred to the servers of Google and stored there. These information are processed by Google on behalf of Controller to analyze the visiting habits of the Users, make reports on the Website about the frequency of the usage, and provide services for the Controller in connection with the usage.
The scope of the processed data The IP address, the cookies for analytic purpose are anonymized and aggregated, the computer and the User cannot be identified based on them.
The duration of data processing: 50 months
The legal basis of data processing: User’s voluntary contribution.
The information about the cookies used by Google can be seen here: http://www.google.com/policies/technologies/ads/
The Privacy Policy of Google can be seen here: http://www.google.com/intl/hu/policies/privacy/
The purpose of data processing: The Website uses the Google Ads remarketing following codes. The basis of this is, that Controller will send remarketing advertisements on the website belonging to the Google Display system. The remarketing code uses cookies to tag the visitors. The users of the Website can ban these cookies, if they go to the manager of Google advertisement and follow the instructions. After this Controller will not send personalized recommendations.
The scope of the processed data Controller collects not only the usual data of Google Analytics but the data of DoubleClick cookie as well. The marketing service can be used with the help of the DoubleClick cookie, that ensures that the visitors of the Website can see the advertisements of the Controller on the advertising space of Google. Controller uses the Google Remarketing program to his/her online advertisements. The advertisements of the Controller are shown by external providers – for example Google – on Internet websites as well. Controller and the external providers, for example Google, use own cookies (such as Google Analytics cookies) and cookies of a third person (such as DoubleClick cookie) together to get informed, based on the previous visits of the Users on the Website, and to optimize and visualize the advertisements.
The duration of data processing: 30 days
The legal basis of data processing: User’s voluntary contribution.
The purpose of data processing: Controller shows different campaigns and promotions for Users who had visited the Website earlier with the help of the Facebook remarketing codes.
The scope of the processed data Controller uses Facebook pixel to increase the efficiency of the Facebook advertisements, to create personalized audience. Facebook pixel is a part of a code put in the source code of the Website. Using it Facebook has the possibility to follow the activities of the Users by using cookies. It is possible with the help of it to show advertisements for Users, who can be interested in the services, so the visualization of the advertisements can be optimized. The remarketing lists that were created with the help of Facebook pixel are not appropriate for personal identification. They do not contain personal data of the visitors, they only identify the browsing software.
The legal basis of data processing: User’s voluntary contribution.
4. DATAPROCESSING
In accordance with the applicable rules Data Controller is entitled to use data processer for some technical operations and for the purpose of providing services. The data processer can only carry out the command and decision of the Controller.
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Seat: H-2351 Alsónémedi, GLS Európa street 2.
Web: http: https://gls-group.eu/HUpannpnszoftver.hu/
E-mail: info@gls-hungary.com
Services: currier and home delivery services
DPD Hungária Kft.
Seat: H-1158 Budapest, Késmárk street 14/B
Phone number: +36-1-501-6200
Web: www.dpd.hu
E-mail: dpd@dpd.hu
Services: currier and home delivery services
DHL Express Magyarország Kft.
Seat: H-1097 Budapest, Fehérakác street 3.
Phone number: +36-1-886-2855
Web: www.dhl.hu
E-mail: ugyfelszolgalat.hu@dhl.com
Services: currier and home delivery services
Liegl & Dachser Delivery and Logistic Kft.
Seat: H-2085 Pilisvörösvár Ipartelep street 1.
Phone number: +36-26-532-000
Web: https://www.packeta.hu
E-mail: customer.pilisvorosvar@dachser.com
Services: currier and home delivery services
Packeta Hungary Kft
Seat: H-1044 Budapest, Ezred utca 2.
Phone number: +36-1-400-8806
Web: https://www.packeta.hu
E-mail: info@packeta.hu
Services: currier and home delivery services
EVOLUT Bt. (accountant and tax advisor company)
Seat: H-8000, Székesfehérvár, Homonnai street 14.
Phone number: +36-20-915-4888
E-mail: evolut@vlt.hu
Web: www.vlt.hu
Services: Accounting, payroll preparation
UNAS Online Kft.
Seat: H-9400 Sopron, Major Alley 2. I/15.
Phone number: +36-99-200-200
E-mail: unas@unas.hu
Web: www.unas.hu
Services: hosting service provider
5. DATA SECURITY
Controller does all the necessary expectable measures to keep the data safe, especially in the cases of unauthorized access, alteration, transmission, disclosure, erasure or destruction, accidental loss or damage. Controller secures the data by technological and organizational security measures.
6. THE RIGHTS OF USERS
6.1. Information and access to personal data
User has the right to get to know the personal data stored by the Controller and the information in connection with the data processing; to check the data recorded by Controller, and to access to personal data. User has to send the written request to Controller to be able to access the data (via e-mail or post). Controller provides the information for the User in a commonly used electronic form, except if the User asks for them not in writing, in paper format. Controller does not give verbal information via phone in the case of accessing.
In case of exercising access rights information can be given about the following:
- Defining the scope of processed data, the purpose, time, legal basis of data processing in connection with the processed data,
- Data transmission: for whom were the data transferred or are going to be transferred,
- Naming the source of data.
Controller gives (personally at the costumer service) a copy of the personal data for the User at the first time for free. For further copies Controller can charge a reasonable prize based on administrative expenses. If User asks for a copy by electronic means, information will be given via e-mail, in a commonly used electronic format.
User can ask, as it is written in paragraph 6., for rectification or erasure of personal data concerning him/her or for restriction of processing or User can object to processing personal data after information was provided and User does not agree with the accuracy of the data, or User can initiate proceedings defined in paragraph 7.
6.2. The rights to correct or rectify the processed personal data
For User’s written request Controller corrects the incorrect personal data that were indicated by the User either in writing or personally in one of Controller’s shop without undue delay and rectifies the incomplete data with the content specified by the User. Controller informs every addressee about the correction or rectification with whom Controller shared the personal data, except if it proves to be impossible or it requires disproportionate effort. User gives information about this addressees for request in writing.
6.3. Rights to restriction of data processing
User can ask the Controller for restricting the data processing in a written request, if
- The accuracy of the personal data is contested by the User, for a period enabling Controller to verify the accuracy of the personal data,
- data processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead,
- Controller no longer needs the personal data for the purposes of data processing, but they are required by the User for the establishment, exercise or defence of legal claims
- User objects to the data processing: pending the verification whether the legitimate grounds of the Controller override those of the User.
If processing has been restricted, such personal data shall, with the exception of storage, only be processed with the User's contribution or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing is restricted, Controller shall inform the User (whose request was the restriction of data processing) before lifting the restriction of processing.
6.4. Right to erasure (right to be forgotten)
Controller erases for the request of the User the personal data concerning the User without undue delay, if one of the reasons below are present: i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Controller; ii) User withdraws contribution on which data processing is based and there is no other legal ground for the processing; iii) User objects to the processing pursuant to his/her own situation and there are no legitimate grounds for the data processing; iv) User objects to processing of personal data concerning him/her for the purpose of direct marketing including profiling to the extent that it is related to such direct marketing, v) Personal data are processed by the Controller unlawfully vi) Collection of personal data follows while using services in connection with Information Society offered directly to children;
User cannot claim the right to erasure, or the right to be forgotten if data processing is necessary: i) for exercising the right of freedom of expression and information; ii) or reasons of public interest in the area of public health; iii) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if the exercising the right to erasure would seriously impair data processing or make it impossible; iv) for the establishment, exercise or defence of legal claims.
6.5. Right to data portability
The data portability makes it possible for the User to get and use his/her data via different provider defined by him/her, stored in the system of the Controller for his her own purposes. The entitlement is only for the data that were given by the User. The portability of other data (such as statistics) is not possible.
The following activities can be done by the User with the personal data (when subscribing to newsletter) stored in the system of Controller:
- User receives the data in a structured, commonly used and machine-readable format
- User is entitled to transfer the data for other controller
- User can ask for the transmission of the data to other controller – if it is technically feasible in the system of the Controller.
Controller only complies the request about data portability sent via e-mail or post. For the execution of the request the Controller needs to make sure, that the authorized User is the one, who wishes to exercise his/her rights. Therefore it is necessary for the User to go to the seat of the Controller after it in order to be identified by the Controller according to the data stored in the system. User can require the portability of data that were given to Controller by him/her. Exercising the right does not mean that the data will automatically be deleted from the system of the Controller, therefore User can use the services of the Controller after exercising this right.
6.6 Objection to the processing of personal data
User can object to the processing of personal data concerning his/her own situation any time, including profiling as well, and User is entitled to object to the processing for the purpose of direct marketing including profiling. If User objects to personal data processing, personal data is going to be deleted by Controller from the system.
User can object to processing personal data in writing (via e-mail or post) or in case of a newsletter by clicking on the “subscription” link found in the newsletter.
6.7. The time limit for compliance with the request
Controller informs User about the arrangements without undue delay, but in any cases one month after the arrival of any request defined in paragraph 6.1.-6.6. That period may be extended by two further months if necessary, taking the complexity and number of the requests in consideration, but in this case User has to be informed by the Controller about the reasons of the delay within one month after the arrival of the request. If the request was submitted by electronic means by the User, Controller gives the information by electronic means as well, except if User asks for it in an other way.
7. LAW ENFORCEMENT POSSIBILITIES
User can exercise his/her rights in a written request sent via e-mail or post.
User cannot enforce his/her rights, if Controller proves, that Controller is not able to identify the User. If a request from a User is manifestly unfounded or excessive (in particular because of their repetitive character) Controller may charge a reasonable fee or refuse to act on the request. This has to be proven by Controller. Where Controller has reasonable doubts concerning the identity of the natural person making a request, Controller may request for additional information necessary to confirm the identity of the applicant.
Based on the Info.tv., the Regulation and on the Civil Code V. law 2013 User can
- Contact the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet avenue 22/c.; www.naih.hu)
- enforce his/her rights before court.
8. MANAGEMENT OF PERSONAL DATA BREACH
A personal data breach means a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that are transmitted, stored or otherwise processed. Controller keeps a record in order to control the measurements concerning personal data breach, to inform the supervisor authorities, and to inform the User. This record includes the scope and the number of the personal data, the date of the personal data breach, the scope and the number of those, who are involved, the time, the circumstances and the effects of the incident and the measures made to avoid it. In the case of an incident Controller – except the breach is unlikely to result in a risk for the rights and freedoms of natural persons – has to inform the User and the supervisor authorities about the breach without undue delay, but at least in 72 hours.
9. OTHER PROVISIONS
Controller reserves the right to modify unilaterally this Privacy Policy with a prior information through the website of the User. The modifications come into effect relating the User on the day written in the information, except if the User objects to the modifications. User accepts the modified regulations implicitly with the usage of the website.
If the User gives the data of a third person during the subscription to newsletter while using a service, or caused any damage during using the Website, Controller is entitled to enforce a compensation to the User.
Controller does not check the personal data that were given for him/her. Only the person, who transferred the data is responsible for the correctness of the data he/she had given. Any User takes the responsibility by giving the e-mail address that he/she is the only person, who uses the service with that e-mail address.
This Privacy Policy enters into force: 25.05.2018
It can be downloaded here: https://javoli.hu/shop_help.php?tab=privacy_policy