1. WHY THIS POLICY EXISTS
The purpose of this policy is to put on record the data protection and data handling policies used by Carneol Ltd. (registered office: Repülőtéri st. 1. 2021 Dunakeszi, trade registry number: 13-09-077105, registry: Hungarian Judiciary, as company registration court, tax registration number: 12309454-2-13.)
Carneol Ltd. (henceforth referred to as: The Service Provider) while operating the www.carneoldesign.com website (henceforth referred to as: The Website) handles the data of the visitors and registrated users and customers of the Website (hereinafter collectively referred to as the Data Subject).
Per the decision of the Hungarian Trade Licensing Office Carneol Ltd. (henceforth referred to as: The Service Provider) under the trade registry number of 1232/2013/B can, under the conditions of the law, operate a delivery service.
The purpose of this policy is to protect every person’s rights and basic freedoms, especially their right to privacy, without any consideration given to their nationality or place of residence, in every area of the services provided by the Service Provider during the procession of their personal data (data protection).
2. The Service Provider as Data Handler
- Name: Carneol Kft.
- Principal office and address: 2021, Dunakeszi, Repülőtéri u. 1.
- Telephone number: +36 70 632 7504
- Email address: email@example.com
- Data Protection Registry Number: NAIH-106546/2016
3. Policy Scope
During registration, the Data Subject obligatorily has to provide the following personal data:
- own e-mail address,
- billing address (billing name, street, street number, location, post code),
- address of delivery (delivery name, street, street number, location, post code),
- telephone number
3.2. Technical Data
During the operation of the system the following data will be recorded: the data of the Data Subject’s computer, the one’s that signs in, which are generated during the usage of the service and which are automatically recorded by the Service Provider’s system as a natural product of the technical processions. The automatically recorded data are logged, whenever signing in or out, without the Data Subject’s separate statement or action. These data together with other personal user data, not counting the cases where the law made it obligatory, cannot be connected to each other. Only the Service Provider can access them.
When visiting the Website, the Service Provider sends one or two cookies, small files containing a series of characters, to the visitor’s computer, through which their browser can be individually identified. These cookies are secure; their usage occurs through Google’s Adwords system. We only send these cookies to the visitor’s computer in case of visiting certain sub-pages, so we only store the fact that the visitation occurred and the time of visitation, not anything else. The usage of the cookies sent this way is the following: With the help of these cookies outside service providers, one among them for example is Google, can store whether the Data Subject has visited the advertiser’s website before, and according to this data the outside service providers’ partners, among them Google, display advertisements for the Data Subject on their Internet websites. The Data Subject can disable Google’s cookies on one Google’s webpages, which is for switching off advertisements.
(It can notify Data Subject about that, that on Network Advertising Initiative’ webpage outside service providers’ cookies can be blocked as well.)
No personalised advertisements will appear after disabling by the Service Provider. Used cookies:
- Session cookie: session cookies are automatically deleted after the Data Subject leaves. The purpose of these cookies is to make the Service Provider’s Website work more efficiently and safely, so they are necessary for certain functions and applications on the Website to work sufficiently.
- Persistent cookie: The Service Provider also uses persistent cookies in order to achieve better user experience (for example to provide optimized navigation). These cookies are stored for a longer period in the browser’s cookie file. The length of this period depends on what setting the Data Subject uses in their Internet browser.
- Cookies protected by password and used for work phases. – Cookies needed for shopping cart.
- Security cookie
Outside servers help measuring and auditing independently the Website’s visitation and other web analytic data (Google Analytics). About data measuring, the data handlers can provide the Data Subject with a detailed explanation.
They can be contacted at: www.google.com/analytics/
When the Data Subject does not want Google Analytics to measure the above data in the manner and with the intent described above, then the Data Subject can install this blocking application in their browser.
In most browsers, the ‘Help’ function in the menu bar gives information about:
- how to disable cookies in your browser,
- how to accept new cookies or
- how to make your browser accept a new cookie or
- how to switch off other cookies.
3.4. General Data Handling in regards to Online Shopping
The Service Provider reserves the right to record the natural person’s identification number on the Bills, if that natural person chooses to personally receive the product in one of the Service Provider’s shops, with the natural person’s consent, according to the terms described in the Info. act. According to the terms of the Info. act consent can be given verbally, in written form and by way of implied conduct (by giving documents over). The purpose of this policy is to protect the customers’ right to private property. The terms of Info. act say the Data Subject can ask the Service Provider to delete personal data described in this point.
3.5. Data Handling in regards to newsletters and personalised newsletters
On www.carneoldesign.com you can subscribe to a personalised newsletter. When taking this opportunity, the user subscribing to the newsletter provides the personal data below to Carneol Ltd. for handling.
- Email addess
4. LEGAL BASIS, PURPOSE AND METHOD OF DATA HANDLING
4.1. Data handling is done according to the contents on the www.carneoldesign.com website (henceforth referred to as the Website) and with the Data Subject’s informed and voluntary statement, which contains the Data Subject’s expressed consent to his/her personal data, provided during the usage of the Website, being handled.
Data handling is done according to the legal basis in the 2011 CXII act about informational autonomy rights and informational freedom (Info. act), paragraph 5, point a) data handling is done with the voluntary consent of the data subject, and according to the 2001 CVIII act of electronic trade services and certain questions regarding services connected to informational society. The Data Subject consents by using the Website, by creating an account, and by providing certain data in question voluntarily, in regards to certain data handling.
4.2. The purpose of data handling is to provide services on the Website. The Service Provider only stores the data provided by the Data Subject for certain purposes, for example in order to fulfil orders, to deliver packages to certain addresses, to make billing possible, to contact the Data Subject, and if the Data Subject subscribed to a newsletter, to send newsletters and to prove the terms and conditions of certain contracts that could be made.
4.3. The purpose of automatically recorded data is to create statistics and to improve the IT system, to protect the Data Subject’s rights.
4.4. The Service Provider does not and cannot use the provided personal data for purposes other than the ones described in these articles. Issuing personal data to third parties and authorities, if the law does not decree it otherwise with compulsory force, can only be done with the Data Subject’s prior, expressed consent.
4.5. The Service Provider does not check the personal data provided to them. The only one responsible for the provided data being correct is the person providing them. Any Data Subject takes responsibility for that, they are the only ones using the services from their e-mail address. In regards to this responsibility, any responsibility for the usage of the provided e-mail address is only the Data Subject’s who registrated the e-mail address.
5. PERIOD OF DATA HANDLING
5.1. The handling of personal data provided upon registration begins with registration and ends upon their deletion, done upon requesting deletion. In case of non-obligatory data, data handling begins with the data of providing the data and lasts until requesting to delete the data in question. Deleting an account either by the Service Provider or by the Data Subject, can be done at any time according to the terms of the General Terms and Conditions (henceforth referred to as the GTC), and in cases and way specified by the GTC.
5.2. The logged data is stored for one year by the system, counting from the date of logging, except for the date of the last visit, which is overridden automatically.
5.3. The above regulations do not apply to the fulfilment of care obligations determined by the law (for example by accounting laws), they do not apply to the data handling done through creating an account on the Website or to handling data provided through any other means of consenting.
5.4. In the case of newsletters, the handling of personal date lasts until unsubscribing from the newsletter, as described in point 8.4.
6. PEOPLE WHO WILL KNOW THA DATA, DATA TRANSFER, DATA PROCESSION
6.1. Primarily, the Service Provider and the inside employees of the Service Provider have the right to learn the data, but the data will not be published, or will not be given to a third party.
6.2. The Service Provider may and can require the help of data processors (for example system operators, delivery companies, accountants), while operating the basic computer system, while fulfilling orders and while accounting.
- Fox-post Zrt.
- Pick-pack, Sprinter delivery service Ltd.
- DPD Hungária Ltd.
- DHL express Ltd.
Newsletter sending system:
The service provider issues electronic invoices for the Data Subject with the data provided by the Data Subject, and sends it to the Data Subject’s e-mail address.
6.3. Carneol Ltd. handles the Data Subjects’ personal data with traceability and according to the effective laws. Not counting the points above, we only forward personal data to third parties, if the Data Subject consents and if the authorities require it.
7. THE RIGHTS OF THE DATA SUBJECT AND WAYS TO ENFORCE THEM
7.1. The Data Subject has the right to ask for information about the data, handled by the Service Provider pertaining to them at any time, furthermore the Data Subject may change them at any time in the way described in the General Terms and Conditions.
7.2. The Service Provider provides information to the Data Subject about the data pertaining to the Data Subject and handled by the Service Provider, about the data handled by the data processors, who have been instructed to do so by the Service Provider, about their source, about the purposes of the data handling, about the legal basis of data handling, about its period, about the name, address and data handling activities of the data processor, about the circumstances and consequences of the data protection incident, about steps taken to remedy it, and, in case of forwarding the Data Subject’s personal data, about the legal basis of forwarding personal data and about the addressee of them. The Service Provider provides the requested information within thirty days of the request being submitted. The Service Provider records the Data Subject’s relevant data, the Data Subjects and their number who have been affected, the date of the data protection incident, its circumstances, its consequences and the steps taken to remedy it and other data described in the law regarding data handling, the Service Provider accomplishes this through its Internal Data Protection Officer, if the Service Provider has one, the Service Provider does this to audit the measures taken in connection with the data protection incident and to inform the Data Subject.
7.3. The Data Subject can enforce his/her rights through the following contacts:
- Mailing address: Carneol Kft., 2021 Dunakeszi, Repülőtéri St. 1.
- Email: firstname.lastname@example.org
- Telephone number: 06 70 632 7504
- If the Data Subject has questions or opinions regarding data protection, he/she can contact the Service Provider via the contacts in point 7.3.
7.4. The Data Subject has the right to ask for the correction or deletion of their incorrectly recorded data at any point in time. Certain data can be corrected on the Website by the Data Subject, in other cases the Service Provider deletes the data within three workdays of receiving the request, in this case the data can no longer be reinstated. The deletion does not apply to the data handling required by the law (for example by laws about accounting), these data will be kept by the Service Provider for the time required.
7.5. The Data Subject may ask for the blocking of their data. The Service Provider blocks the personal data, if the data subject requests it, and if, according to available information, it can be reasonably assumed that deletion would harm the legal interests of the Data Subjects. The personal data blocked this way, can be handled only until the purpose for the data handling still stands, which precluded the deletion of the personal data.
The Data Subject and everyone else, who has been previously forwarded the data for data handling, has to be informed about the correction. The notification can be avoided, if this would not harm the legal interests of the Data Subject, regarding the purpose of data handling.
If the Service provider does not fulfil the Data Subject’s request for blocking or deletion, the Service Provider has to inform the Data Subject about the legal and factual reasons for rejecting the blocking or deletion request in written form within thirty days of receiving the request.
The Data Subject can oppose the handling of his/her personal data, the Service Provider examines the opposition within the shortest period of time, but within the maximum of fifteen days after sending the request, and decides about whether it is well-founded or not, and informs the requestee about the decision in written form.
7.6. The Data Subject can, according to the Info. act and the Civil Codes (2013 V. law)
1. turn to the Nemzeti Adatvédelmi és Információszabadság Hatósághoz (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu) or
2. enforce their rights in court.
7.7. If the Data Subject gave a third party’s data upon registration to use our services, or caused damages in any way while using the Website, the Service Provider is entitled to compensation for damages from the Data Subject. In such a case the Service Provider helps the authorities in any capacity to identify the offender.
8. NEWSLETTER, PERSONALISED NEWSLETTER
8.1. The Service Provider takes the legal handling of e-mail addresses especially seriously, so they are only used according to the points below (information or advertisement) to send e-mails.
8.2. The handling of e-mail addresses serves primarily to identify the Data Subject, to fulfil orders, to contact the Data Subject, while he/she uses our services, these are the primary reasons for sending e-mails.
8.3. In case the services provided by the Service Provider or the GTC change, or if any other similar services provided by the Service Provider change, the Service Provider may inform the Data Subject via about the changes via e-mail. These notifications are not used for marketing purposes by the Service provider.
The Service Provider only sends letters containing advertisements and newsletters to the e-mail addresses provided upon registration when the Data Subject has given precise consent, and in the cases and ways permitted by the law. The newsletter contains direct marketing elements and advertisements. The Service Provider handles the data provided by the Data Subject. In the case of newsletters, the Service Provider handles the Data Subjects data, provided upon subscription, until the Data Subject does not unsubscribe from the newsletter by clicking on ‘Unsubscribe’ button on the bottom of the newsletter, or does not ask for their removal from the list of subscribers either through e-mail or through postal services.
In case of unsubscribing the Service Provider will no longer send newsletters and offers to the Data Subject. The Data Subject can unsubscribe at any time without charge from the newsletter and recount their consent. Our registered users can unsubscribe at any time without charge from the newsletter by accessing their personal profiles.
8.5. Personalised newsletter
Carneol Ltd. can use users’ personal data to send them personal offers in the form of newsletters, as well. In personalised newsletters Carneol Ltd. examines registered users’ and subscribed users’ previous purchases, and using the results of this examination they can send personalised newsletters to the users.
The regulations in point 8.4 provide precedent for unsubscribing. When the Data Subject unsubscribes from Carneol’s newsletter they will no longer receive personalised newsletters either.
9. OTHER REGULATIONS
9.1. The Service Provider’s system may gather date about the Data Subject’s activities, which cannot be connected to other data the Data Subject gave upon registration, or data which was created when using other websites and services.
9.2. In every case, where the Service Provider wishes to use the data with a purpose other than the one given at the original data provision, they need to inform the Data Subject, and get their prior consent, and also provide an opportunity to prohibit further usage of their personal data.
9.3. The Service Provider commits themselves to take care of the data’s safety, to take the necessary technological steps to make the provided, stored and handled data secure, and they will also do everything in order to prevent their destruction, unauthorised usage and unauthorised change. They commit themselves also to inform every third party to whom these data may be sent or given, about these same responsibilities and duties
9.4. The Service Provider reserves the right to change these policies and regulations unilaterally, while also informing the Data Subject previously on the Website. After the change becomes effective, to be able to use the Website, the Data Subject has to accept the changes, in the way specified by the Service Provider on the Website.
Budapest, 29th September, 2016.