PRIVACY POLICY

PURPOSE AND SCOPE OF THE NOTICE

Mester Anett Individual Entrepreneur (hereinafter: Mester Anett EV)

(last modification: 06.10.2022)

PURPOSE AND SCOPE OF THE NOTICE

The purpose of this data management information (hereinafter: "Information") is to define Mester Anett EV (headquarters: 1133 Budapest Tutaj utca 1. .tax number: 59530619-1-41 ) as a data controller and service provider (hereinafter: "Service Provider", " the legal order of the use of registers/databases kept by the Data Controller"), as well as ensure the enforcement of the constitutional principles of data protection, the right to informational self-determination and the requirements of data security, as well as that everyone can dispose of their personal data within the framework of the legal regulations, learn about the conditions of their management, and prevent the unauthorized access, alteration and unauthorized disclosure of data. Furthermore, this Information Sheet serves as information for those concerned to present the data management practices of the Data Controller.

(2) The scope of the Notice covers the handling of personal and special data at all organizational units of the Data Controller.

The Budapest Flower webshop (hereinafter: Webshop) is part of the websites available under the domain name www.budapestflower.hu and www.budapestflower.com (hereinafter: Website), which are considered the Data Controller's own websites.

The Data Controller acknowledges the content of this legal notice regarding data management within the scope of its activities as binding.

The Data Controller reserves the right to amend this Data Protection Notice (hereinafter: "Notice"). The Data Controller publishes the effective version of the Information on its website. The Data Controller handles personal data confidentially and securely and makes the necessary improvements and modifications as legal and technical possibilities change.

By using the Website, the User accepts the contents of the Information Sheet at the same time, so please read this Information Sheet carefully before using the Website.
The User gives his consent to the individual data management by using the Website, by registering, or by voluntarily providing the data in question.

DEFINITIONS

"personal data": any information concerning the data subject (identified or identifiable natural person); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

"data management": any operation performed on personal data or data files in an automated or non-automated manner or a set of operations, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or other by making available, coordinating or connecting, limiting, deleting and destroying;

"data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others;

"data transfer": making data available to a specific third party;

"user": visitor to the Website; and the person with consumer status who registers, places an order and has an account;

"consent": the voluntary, specific and well-informed and clear declaration of the data subject's will, by which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her;

"data processing": the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;

"data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

"data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;

"profiling" means any form of automated processing of personal data in which personal data is used to assess certain personal characteristics of a natural person, in particular work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement used to analyze or predict related characteristics;

"service": services provided on the Webshop available on the website, such as the fulfillment and delivery of orders for flowers, chocolates, plushies, and products.

"third party": the natural or legal person, public authority or agency or any other body that is not the same as the User, the data controller, the data processor or the persons who, under the direct control of the data controller or data processor, are authorized to process personal data they got;

"website/website": www.budapestflower.hu

INFORMATION AND ACCESSIBILITY OF THE DATA PROCESSOR

The company name: Mester Anett EV
Headquarters and mailing address: 1133 Budapest Tutaj utca 1/a
The company's tax number: 59530619-1-41
registration number: 57574644

Email address: budapestflower@budapestflower.hu

PRINCIPLES OF DATA MANAGEMENT, SCOPE OF MANAGED DATA

The Data Controller collects and processes personal data in a legal and fair manner, as well as in a transparent manner for the User.

The Data Controller collects and processes personal data only for specific, clear and legal purposes.

The personal data managed by the Data Controller are appropriate and relevant for the purposes of data management and are limited to what is necessary in terms of extent and duration.

Registration on the website is only permitted for persons over the age of 18, and the User is responsible for ensuring that his/her activities comply with the provisions of this Notice. The service provider makes every effort to filter out the processing of personal data of persons under the age of 18.

If the informant does not provide his own personal data, the informant is obliged to obtain the consent of the User.

DATA OF WEBSITE VISITORS

The range of personal data handled: identification number, date and time of the visit, IP address of the user's computer at the time of the visit.

The purposes of data management: the use of the website, the service provider's control of the operation of the services during the visit to the website, personalized service and prevention of abuse.

The legal basis for data management: the voluntary consent of the User, or Article 6 (1) point a) of the GDPR; the Elker. TV. 13/A. (3) of §

The range of Users: visitors to the Website.

DATA MANAGEMENT RELATED TO ONLINE PURCHASES

Scope of processed personal data: name, e-mail address (it does not need to contain personal data), telephone number, billing data (name, country, zip code, town, street, house number), recipient's name, address, recipient's phone number, recipient's email address, bank card data, date of purchase, IP address at the time of purchase.

The purposes of data management: identification of the User, contacting, maintaining contact, completing a purchase, issuing a regular invoice, confirmation, more effective negotiation of questions related to purchases and invoicing, enforcement of claims, execution of technical operations.

The legal basis for data management: data management is necessary for the performance of the contract pursuant to GDPR Article 6 (1) point b) and Elker tv. 13/A. based on paragraph (3) of §

Scope of Users: all purchasing Users.

Duration of data management, deadline for data deletion: data related to the performance of the contract concluded electronically are used for the benefit of the contract and are deleted or destroyed upon its termination or upon expiry of the statutory deadline.
Pursuant to Section 169 (1) of the Accounting Act, accounting receipts and supporting documents must be kept for 8 years.

The person of the possible data controllers entitled to access the data, the recipients of the personal data: the personal data can be handled by the employees of the data controller.

We inform you that

to enter into a contract concluded electronically, it is essential to provide personal data so that we can fulfill your order;

Failure to provide data will result in us not being able to process your order.

 

CUSTOMER CORRESPONDENCE

 

If you have any questions while using our services, you can contact the Data Controller via the contact details provided in this Information Sheet or on the website, as well as through the Chat window.

The Data Controller deletes all messages received with the sender's name, e-mail address, date, time and other personal data provided in the message no later than 2 years after the date of communication.

 

DATA PROCESSORS REQUIRED

 

The Data Controller is entitled to use a data processor to carry out its activities.

After 04/24/2020, the Data Processors will record the personal data provided to them by the Data Controllers and managed or processed by them in accordance with the provisions of the GDPR, or are processed and a statement is made to the Data Controllers.

The Data Controller uses the following Data Processors for the operation of the IT system, the fulfillment of purchases/orders, settlement of accounts, and marketing activities:

Hosting provider

1. Activity provided by a data processor: hosting service

2. Name and contact information of data processor:

Name: Nethely Kft. 

Headquarters: 1115 Budapest, Halmi utca 29.

Web: https://www.nethely.hu/

3. Scope of managed data: all personal data provided by the User.

4. The range of Users: all Users who use the services of the Website or who have registered/placed an order on the website.

5. The purpose of data management: making the Website available and operating it properly. /Hosting service/

6. The duration of data management, the deadline for data deletion: lasts until the termination of the agreement between the Data Controller and the Storage Service Provider, or until the User's deletion request addressed to the Storage Service Provider.

7. The legal basis for data processing: the User's consent, or Article 6 (1) point a) of the GDPR, as well as Elkertv. 13/A. (3) of §

Transport

1. Name and contact information of data processors:

Name: Postcar Futár Kft.

Headquarters: 1161 Budapest, Bács utca 34.

Web: www.postcar.hu

Name: City Taxi Transport Organization Cooperative

Headquarters: 1119 Budapest, Vahot u. 6.

Web: www.citytaxi.hu

2. Activity performed by a data processor: delivery of products.

3. The fact of the data management, the scope of the managed data: delivery name, delivery address, telephone number, e-mail address.

4. The range of stakeholders: home delivery requesters and recipients.

5. Purpose of data management: home delivery of the ordered product.

6. The duration of the data management, the deadline for deleting the data: it lasts until the home delivery is completed.

7. Legal basis for data processing: performance of contract, GDPR Article 6 (1) point b).

Online payment

1. Name and contact information of data processors:

Braintreegateway

https://www.braintreegateway.com

PayPal

Web: www.paypal.com

2. Activity provided by data processor: Online payment

3. The fact of the data management, the scope of the managed data: billing name, billing address, e-mail address.

4. Scope of Users: all Users requesting online payment.

5. The purpose of data management: to process online payments, confirm transactions and check abuses for the protection of users.

6. The duration of data management, the deadline for deleting data: lasts until the online payment is completed.

7. Legal basis for data processing: performance of contract, GDPR Article 6 (1) point b).

System administrator service

1. Name and contact information of data processor:

Name: Wix.com Ltd

Web: www.wix.com

2. Activities provided by the data processor: system administrator services (checking, technical updates, security system development, other developments, repair tasks).

3. The fact of the data management, the scope of the managed data: all personal data provided by the User.

4. The range of Users: all Users who use the services of the Website or who have registered/placed an order on the Website.

5. Purpose of data management: System administrator service (improvements, checks, error corrections).

6. The duration of data management, the deadline for data deletion: lasts until the termination of the agreement between the Data Controller and the data processor specified in this point, or until the deletion request addressed to the data processor specified in this point by the Service Provider.

7. Legal basis for data processing: consent of the User, point a) of Article 6 (1) of the GDPR, and Elkertv. 13/A. (3) of §

Invoicing

1. Name and contact information of data processor:

Name: KBOSS.hu Kft.

Headquarters: 1031 Budapest, Záhony utca 7.

Web: www.szamlazz.hu

2. Activity performed by a data processor: invoicing.

3. The fact of the data management, the scope of the managed data: name, billing name, billing address.

4. The range of Users: all Users placing orders on the Website.

5. Purpose of data management: issuing an invoice.

6. Duration of data management, deadline for deletion of data: 8 years based on Section 169 (2) of Act C of 2000 on accounting.

7. The legal basis for data processing: the User's consent, Article 6 (1) point a), and Elkertv. 13/A. (3) of §

MANAGEMENT OF TECHNICAL DATA, COOKIES

With the help of cookies, Mester Anett EV does not collect or store personally identifiable information. Thus, these cookies cannot identify you personally.

The data of the User's logged-in computer that is generated during the use of the service and recorded by the Service Provider's system as an automatic result of technical processes, in particular the date and time of the visit, the IP address of the User's computer, and the type of browser.

The automatically recorded data is automatically logged by the system upon entry and exit without any special declaration or action by the User. These data cannot be combined with other personal user data - except in cases made mandatory by law. Only the Data Controller has access to the data.


In order to provide customized service, the Data Controller and the designated external service providers store a small file containing a series of characters on the User's computer, so-called cookies are placed and read back. If the browser returns a previously saved cookie, the cookie management service provider has the option to connect the data saved during the User's current visits with the previous ones, but only with regard to its own content. It uses the following cookie:

Security cookie;

Temporary (session) cookies: they are automatically deleted after the User visits. These cookies are used so that the Service Provider's website can function more efficiently and securely, so they are essential for certain functions of the Website or certain applications to function properly;

Persistent cookies: these are stored for a longer time in the cookie file of the browser. The duration of this depends on the settings the User uses in his Internet browser.

Some of these cookies are used to enable the Service Provider's Website to function more efficiently and securely, they are essential for certain functions of the Website or certain applications to function properly. While other cookies have been placed for a better user experience (e.g. providing optimized navigation).

The "Help" or "Settings" function in the menu bar of most browsers provides information on whether the User's own browser

how you can disable cookies,

how to accept new cookies,

how to instruct your browser to set a new cookie or

how to disable other cookies.

External servers assist in the independent measurement and auditing of the website's visitor and other web analytics data (Google Analytics, Facebook Analytics). The regulations for the service provide information on the handling of measurement data. Contact information: www.google.com/analytics/; https://analytics.facebook.com/.

If the User does not want the external service providers to measure the above data in the manner and for the purpose described, install the blocking add-on in his browser.

METHOD OF DATA MANAGEMENT

The Data Controller stores the data provided by the User for a specific purpose.

The purpose of automatically recorded data is to create statistics, to improve the technical development of the Website, and to protect the rights of the User. The statistical compilation may not contain any other data suitable for the identification of the concerned User in any form, therefore it is not classified as data management or data transmission.

The service provider does not check the personal data provided to him. The person providing the data is solely responsible for the accuracy of the data provided. When any User provides his/her e-mail address, he/she assumes responsibility for the fact that only he/she uses the service from the given e-mail address. In view of this responsibility, all kinds of responsibility related to logins to a specified e-mail address are borne solely by the User who registered the e-mail address.

The Data Controller does not use or may use the provided personal data for purposes other than those specified in this Notice. The Data Controller does not transfer the personal data it manages to third parties other than the Data Processors specified in this Information.

The release of personal data to third parties or authorities is possible with the prior express consent of the User, unless otherwise required by law. In any case, if the Data Controller intends to use the provided data for a purpose other than the purpose of the original data collection, the User shall be informed of this and his or her prior express consent shall be obtained, or the User shall be given the opportunity to prohibit the use.

If the User has any questions or problems while using the Data Controller's services, they can contact the Data Controller at the contact details provided on the website.

The User can contact the Service Provider's staff with any questions or comments related to data management via the known contact details. The Data Controller deletes e-mails received with the sender's name, e-mail address and other personal data provided in the message no later than 2 years after the date of data communication.

The Data Controller will provide information on data processing not listed in this Notice when the data is collected.

In response to an exceptional official request, or in the case of requests from other bodies based on the authorization of the law, the Data Controller is obliged to provide information, communicate and transfer data, and make documents available. In these cases, the Data Controller only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

EMBEDDED CONTENTS

Embedded content from other websites
Posts available on the website may use embedded content from external sources (e.g. videos, images, articles, etc.). Embedded content from an external source behaves exactly as if you had visited another website. These websites may collect information about visitors, use cookies or third-party tracking code, monitor user behavior related to embedded content if you have a user account and are logged in to the site.

USER RIGHTS

1. Right of access

The User is entitled to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data is being processed, he is entitled to access the personal data and the information listed in the regulation.

2. Right to rectification

The User may request that the Data Controller correct inaccurate personal data concerning the User without undue delay. Taking into account the purpose of data management, the User may request the completion of incomplete personal data.

3. Right to erasure

The User may request that the Data Controller delete the personal data processed on the basis of his consent without undue delay under the conditions specified in the Regulation.

4. The right to be forgotten

If the Data Controller has disclosed the personal data and is obliged to delete it, taking into account the available technology and the costs of the implementation, it will take the reasonably expected steps - including technical measures - in order to inform the data controllers handling the data that the User has requested the personal data in question the deletion of links or duplicates of these personal data.

5. The right to restrict data processing

The User may request that the Data Controller restrict data processing upon request, in the event that the conditions specified in Article 18 (1) of the GDPR are met.

6. The right to data portability

The User is entitled to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller.

7. Right to protest

The user has the right to object to the processing of his personal data at any time, including profiling.

Request for information

The user has the right to request information from the Data Controller regarding the handling of his personal data at any time. The User can initiate access to personal data, its deletion, modification or restriction of processing, portability of data, objection to data processing in the following ways:

- by post to 1133 Budapest, Tutaj utca 1/A (Hungary)

- by e-mail at the e-mail address budapestflower@budapesflower.hu.

Action deadline

The Data Controller shall inform the User in writing of the measures taken following the above requests without undue delay, but no later than within 30 days of receipt of the request.

If necessary, this can be extended by 30 days. The Data Controller informs the User of the extension of the deadline, indicating the reasons for the delay, within 30 days of receiving the request.

If the Data Controller does not take measures following the User's request, it shall notify the factual and legal reasons for rejecting the request, the reasons for not taking action, and the fact that the User may file a complaint under X. at the supervisory authority specified in point or you can use your right of judicial remedy.


NOTIFYING THE USER ABOUT THE DATA PROTECTION INCIDENT

The Data Controller informs the User of the data protection incident without undue delay - in a clear and understandable manner - if the data protection incident is likely to involve a high risk for the rights and freedoms of the User(s).

In the information provided to the User, the Data Controller describes the nature of the data protection incident, and provides the name and contact information of the contact person providing further information; describes the likely consequences of a data protection incident; describes the measures taken or planned to remedy the data protection incident, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The Data Controller is not obliged to inform the Users if one of the cases set out in Article 34, paragraph (3) of the GDPR is met.

ONE PAGE MODIFICATION

Master Anett EV. reserves the right to unilaterally modify this data management information.

ENFORCEMENT OPTIONS

1. The User can contact the Data Controller with comments regarding the handling of his personal data in the following way:

- by post to 1133 Budapest  , Tutaj utca 1/A 2.em/2

- by e-mail at the e-mail address budapestflower@budapestflower.hu,

2. A complaint against a potential violation of the data controller can be filed with the National Data Protection and Freedom of Information Authority.

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, PO Box: 5.

Telephone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: www.naih.hu

3. The User may apply to court against the Data Controller in case of violation of his rights. The court acts out of sequence in the case.

4. If the User provided third-party data during registration to use the service or caused damage in any way while using the Website, the Data Controller is entitled to claim compensation from the User. In such a case, the Data Controller will provide all possible assistance to the acting authorities in order to establish the identity of the infringer.

OTHER PROVISIONS

1. The Data Manager's system may collect data on the activity of Users, which cannot be linked to other data provided by the User during registration, nor to data generated when using other websites or services.

2. The Data Controller undertakes to ensure the security of the data, and to take the technical measures to ensure that the recorded, stored and managed data are protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized changing it. You also undertake to call on all third parties to whom you may forward or transfer the data to fulfill their obligations in this regard.

3. The data controller declares that the cases listed in Article 37 (1) of the GDPR do not exist, so no data protection officer has been appointed.

z The data controller pays attention to the fact that, during data management, it acts in accordance with the applicable data protection legislation and established data protection official practice. Its basic data management principles are in line with the current legislation on data protection, and in particular with the following:

Regulation 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);

CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society (Elkertv.);

Act V of 2013 on the Civil Code (Ptk.);

Act C of 2003 on electronic communications;

XLVIII of 2008 Act on the basic conditions and certain limitations of economic advertising activity (Grtv.).

RESPONSIBILITY

Master Anett EV. assumes no responsibility for indirect or direct damages resulting from the use of the website.

Master Anett EV. assumes responsibility for the consequences of other implementations of documents prepared for customers on the website only if the personalization of the document is carried out under the direct supervision of Master Anett EV. .


This Data Management Notice enters into force on 10.10.2022.