ANGELOPULU ZAFIRULA EV. (hereinafter: Data Controller), as the https://zarina.hu  as the operator of the website available under the domain name (hereinafter: the Website), hereby publishes the information regarding the processing of personal data carried out within the framework of the Website, the services related to the Website, as well as other services provided by the Data Controller as defined in this Privacy Policy.

 

By starting to use the Website and by using the services of the Data Controller, visitors to the Website and users of the services provided by the Data Controller (hereinafter: Users) accept all the terms set out in this Privacy Policy (hereinafter: the Policy). Therefore, we kindly ask you to read this Policy carefully before using the Website or making use of the services.

1. DETAILS OF THE DATA CONTROLLER

Name: Angelopulu Zafirula 

Registered office: 1091 Budapest Üllői út 91/b fsz. 5.

E-mail: info@zarina.hu

Phone number: +36203979565

Website: http://www.zarina.hu/

Hosting provider

Name: Rackhost Zrt.

Mailing address 6722 Szeged, Tisza Lajos körút 41.

E-mail Address: info@rackhost.hu

2) SCOPE OF DATA PROCESSED

Description of data processing carried out in the operation of the webshop

Information on the use of cookies and data processing

What is a cookie?

During the visit to the Website, the Data Controller uses so-called cookies. A cookie is a package of information consisting of letters and numbers which our website sends to your browser for the purpose of saving certain settings, facilitating the use of our website, and helping us collect some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying individual users, while some may contain a unique identifier – a secret, randomly generated string of numbers – that is stored on your device and makes you identifiable. The duration of operation of each cookie is included in the relevant description of that particular cookie.

Legal background and legal basis for the use of cookies:

The legal basis for data processing is your consent pursuant to Article 6 (1) (a) of the Regulation (GDPR).

Main characteristics of the cookies used by the Website:

Strictly necessary cookies: These cookies are essential for the use of the website and enable the use of the website’s core functions. Without these, many functions of the site will not be available to you. The lifetime of such cookies is limited exclusively to the duration of the session.

Cookies to improve user experience: These cookies collect information about how users interact with the website, for example, which pages they visit most often or what error messages they receive from the website. These cookies do not collect information that identifies the visitor, meaning they only work with completely general, anonymous data. The data obtained from these cookies are used to improve the performance of the website. The lifetime of such cookies is limited exclusively to the duration of the session.

Cookie acceptance cookie: When arriving on the site, you accept the statement on the storage of cookies in the pop-up window. Its lifetime is 365 days.

If you do not accept the use of cookies, certain functions will not be available to you. For more detailed information on deleting cookies, please refer to the following links:

• Internet Explorer:  http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox:  https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Data processing for the purpose of concluding and performing contracts

In order to conclude and perform contracts, several data processing cases may arise. Please note that data processing related to complaint handling and warranty administration will only take place if you exercise one of the mentioned rights.

If you do not make a purchase through the webshop and only visit the webshop, then only the data processing for marketing purposes may apply to you, provided you give us your consent for marketing purposes.

Data processing carried out for the purpose of concluding and performing contracts in detail:

Contact

If, for example, you contact us by e-mail, contact form, or telephone with a question regarding a product. Prior contact is not mandatory; you may place an order from the webshop at any time without it.

 

Data processed:
The data you provide during contact.

 

Duration of data processing:
We process the data only until the contact is concluded.

 

Legal basis for processing:
Your voluntary consent, which you give to the Data Controller by contacting us [processing under Article 6 (1) (a) of the Regulation].

Registration on the Website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g., your data does not need to be entered again for future purchases). Registration is not a prerequisite for concluding a contract.

 

Data processed:
Your name, address, telephone number, e-mail address, details of the purchased product, and date of purchase.

 

Duration of data processing:
Until you withdraw your consent.

 

Legal basis for processing:
Your voluntary consent, which you provide to the Data Controller by registering [processing under Article 6 (1) (a) of the Regulation].

Order processing

During order processing, data processing activities are necessary for the performance of the contract.

 

Data processed:
Your name, address, telephone number, e-mail address, details of the purchased product, order number, and date of purchase.

Note: If you place an order in the webshop, data processing and the provision of data are indispensable for the performance of the contract.

 

Duration of data processing:
We process the data for 5 years in accordance with the civil law limitation period.

 

Legal basis for processing:
Performance of the contract [processing under Article 6 (1) (b) of the Regulation].

Issuing invoices

The purpose of data processing is to issue invoices in compliance with legal requirements and to fulfill the obligation to retain accounting records. Under Section 169 (1)-(2) of the Accounting Act, companies are obliged to retain accounting documents that directly and indirectly substantiate accounting records.

 

Data processed:
Name, address, e-mail address, telephone number.

 

Duration of data processing:
Invoices must be kept for 8 years from the date of issue, pursuant to Section 169 (2) of the Accounting Act.

 

Legal basis for processing:
Issuing invoices is mandatory under Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, and retention for 8 years is required under Section 169 (2) of Act C of 2000 on Accounting [processing under Article 6 (1) (c) of the Regulation].

Data processing related to product delivery

The purpose of data processing is to deliver the ordered product.

Data processed:
Name, address, e-mail address, telephone number.

Duration of data processing:
The Data Controller processes the data until the delivery of the ordered product.

Legal basis for processing:
Performance of the contract [processing under Article 6 (1) (b) of the Regulation].

Handling warranty and guarantee claims

Warranty and guarantee claims must be handled in accordance with Decree 19/2014 (IV. 29.) of the Ministry for National Economy (NGM), which also sets out how such claims must be administered.

Data processed:

When handling warranty and guarantee claims, we must act in accordance with the rules of Decree 19/2014 (IV.29.) of the Ministry for National Economy (NGM). 

Based on the Decree, we are obliged to take minutes of the warranty or guarantee claim you submit to us, in which we record:

1. a) your name, address, and your declaration that you consent to the processing of the data recorded in the minutes as set out in the Decree,
2. b) the designation and purchase price of the movable goods sold under the contract concluded between you and us,
3. c) the date of performance of the contract,
4. d) the date on which the defect was reported,
5. e) a description of the defect,
6. f) the right you wish to enforce on the basis of your warranty or guarantee claim, and
7. g) the method of settling the warranty or guarantee claim or the reason for rejecting the claim and the right you wish to enforce.

If we take back the purchased product from you, we must issue a receipt, which must include:

1. a) your name and address,
2. b) the data necessary to identify the item,
3. c) the date of receipt of the item, and
4. d) the date when you may collect the repaired item. 

Duration of data processing:
The business is obliged to retain the minutes taken of the consumer’s warranty or guarantee claim for three years from the date of recording, and must present them to the supervisory authority upon request.

Legal basis for processing:
The legal basis for data processing is compliance with legal obligations under Decree 19/2014 (IV.29.) of the Ministry for National Economy [Section 4 (1) and Section 6 (1)] [processing under Article 6 (1) (c) of the GDPR].

Handling of other consumer protection complaints

The purpose of data processing is to handle consumer protection complaints. If you submit a complaint to us, data processing and the provision of your data are indispensable.

Data processed:
Customer’s name, telephone number, e-mail address, content of the complaint.

Duration of data processing:
We keep warranty complaints for 5 years in accordance with the Consumer Protection Act.

Legal basis for processing:
Whether you lodge a complaint is your voluntary decision; however, if you do so, we are obliged to retain the complaint for 5 years under Section 17/A (7) of Act CLV of 1997 on Consumer Protection [processing under Article 6 (1) (c) of the GDPR].

Data processed in relation to the verifiability of consent

During registration, ordering, or subscribing to the newsletter, the IT system stores data related to your consent for later verifiability.

Data processed:
Date of consent and the IP address of the data subject. 

Duration of data processing:
Due to legal requirements, consent must be demonstrable later; therefore, the storage period of the data extends to the limitation period following the termination of processing.

Legal basis for processing:
Article 7 (1) of the GDPR imposes this obligation [processing under Article 6 (1) (c) of the GDPR].

Data processing for marketing purposes

Newsletter distribution

The purpose of data processing is to send newsletters.

Data processed:
Name, address, e-mail address, telephone number.

Duration of data processing:
Until withdrawal of consent by the data subject.

Legal basis for processing:
Your voluntary consent, which you give to the Data Controller by subscribing to the newsletter [processing under Article 6 (1) (a) of the GDPR].

Sending and displaying personalized advertisements

The purpose of data processing is to send advertising content tailored to the data subject’s interests.

Data processed:
Name, address, e-mail address, telephone number.

Duration of data processing:
Until you withdraw your consent.

Legal basis for processing:
Your separate, voluntary consent, given to the Data Controller when the data is collected [processing under Article 6 (1) (a) of the GDPR].

Further data processing

If the Data Controller wishes to carry out further data processing, prior information will be provided about the essential circumstances of the processing (legal background and legal basis, purpose, scope of data processed, duration).

We inform you that the Data Controller must comply with legally authorized, written data requests from authorities. The Data Controller keeps records of data transfers in accordance with Section 15 (2)-(3) of the Information Act (Infotv.), including which authority, what personal data, on what legal basis, and when the Data Controller transferred them. The Data Controller provides information about this upon your request, except where excluded by law.

Legal basis for the processing of personal data When contacting us, the User consents to the Data Controller processing their personal data as described in this Policy. The processing of personal data is based on the User’s voluntary consent given with knowledge of this information (legal basis: GDPR Article 6 (1) (a)). Furthermore, processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (legal basis: GDPR Article 6 (1) (b)). 

Users may only provide their own personal data. If they provide data of others, it is the responsibility of the data provider to obtain the consent of the data subject [GDPR Article 6 (1) (a)].

3) PERSONS AUTHORIZED TO ACCESS PERSONAL DATA, DATA PROCESSING

Personal data may be accessed by the Data Controller and the Data Processors engaged by the Data Controller, in accordance with the applicable laws.

 

The following Data Processors act on behalf of the Data Controller:

Data processing related to product delivery

Recipient Foxpost Zrt.

Registered office: 3300 Eger, Maklári út 119

Phone number: +36-1-999-0369

Email Address: info@foxpost.hu

Website: https://foxpost.hu/

 

The courier service cooperates in the delivery of the ordered goods under a contract concluded with the Data Controller. The courier service processes the received personal data in accordance with its Privacy Policy available on its website.

Data processing related to invoicing

Data Processor: Billingo Technologies Zártkörűen Működő Részvénytársaság 

Registered office: 1133 Budapest, Árbóc utca 6. I. emelet

E-mail: hello@billingo.hu

Website: https://www.billingo.hu/

The Data Processor assists with the management of accounting records under a contract concluded with the Data Controller. In this context, the Data Processor processes the data subject’s name and address to the extent necessary for accounting records, for the period required under Section 169 (2) of the Accounting Act, and deletes them thereafter.

Data processing related to online payment

Data Processor: Automattic Inc.

Registered office: 60 29th Street #343, San Francisco, CA 94110, USA

E-mail: privacy@automattic.com

Website: https://automattic.com/

The Data Processor cooperates in the execution of online payments under a contract concluded with the Data Controller. In this context, the Data Processor processes the billing name and address of the data subject, the order number, and the date of the order within the civil law limitation period.

4) RIGHTS OF THE DATA SUBJECT DURING DATA PROCESSING

During the period of data processing, you are entitled to the following rights under the provisions of the GDPR:

• The right to withdraw consent
• The right of access to personal data and to information about processing
• The right to rectification
• The right to restriction of processing
• The right to erasure (“right to be forgotten”)
• The right to object
• The right to data portability

If you wish to exercise your rights, this necessarily involves your identification and communication with the Data Controller. Therefore, for identification purposes, it will be necessary to provide personal data (but identification can only be based on data already processed by the Data Controller). Your complaint relating to data processing will be available in the Data Controller’s email system within the retention period specified for complaints in this Policy. If you were our customer and wish to identify yourself for the purpose of complaint handling or warranty administration, please also provide your order ID. Using this, we can identify you as a customer.

The Data Controller will respond to complaints regarding data processing no later than 30 days.

Right to withdraw consent

You may withdraw your consent to data processing at any time, in which case we will delete your data from our systems. Please note, however, that if your order has not yet been fulfilled, withdrawal may result in us being unable to deliver your order. Furthermore, if the purchase has already taken place, we cannot delete invoicing data due to accounting regulations. If you have an outstanding debt with us, we may process your data even if you withdraw your consent, based on our legitimate interest in enforcing claims.

Right of access to personal data

You are entitled to receive confirmation from the Data Controller as to whether your personal data is being processed, and if so, to

• access the personal data
• and the following information:
  • purposes of processing,
  • categories of personal data processed,
  • recipients or categories of recipients with whom the data have been or will be shared,
  • the envisaged period of storage or the criteria used to determine that period,
  • your rights to request rectification, erasure, restriction, or to object,
  • the right to lodge a complaint with the supervisory authority,
  • where data are not collected directly from you, any available information on their source,
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved and its consequences.

The exercise of this right is aimed at verifying the lawfulness of processing. The Data Controller may charge a reasonable fee for repeated requests.

Access will be provided by sending the data and information by e-mail after identification, or if you have a registered account, by allowing you to view the data in your user account.

.

Right to rectification

You are entitled to request without undue delay the rectification of inaccurate personal data concerning you.

Right to restriction of processing

You have the right to request the restriction of processing if:

• you contest the accuracy of personal data (restriction applies until verification),
• processing is unlawful but you oppose erasure,
• the Data Controller no longer needs the personal data, but you require it for legal claims,
• you objected to processing, pending verification of legitimate interests.

If processing is restricted, data may only be processed with your consent or for legal claims, rights protection, or important public interest.

You will be informed in advance before the restriction is lifted.

Right to erasure (“right to be forgotten”)

You are entitled to request that the Data Controller erase your personal data without undue delay if:

• the data is no longer necessary for the purpose,
• you withdraw consent and no other legal basis applies,
• you object to processing based on legitimate interest and no overriding grounds exist,
• processing is unlawful,
• data must be erased for legal compliance.

Erasure does not apply where processing is required for freedom of expression, legal compliance, public interest, or legal claims.

.

• .
• .
• .

Right to object

You may object at any time to processing based on legitimate interest. In this case, the Data Controller may no longer process the data unless compelling legitimate grounds override your interests, or for legal claims.

If personal data is processed for direct marketing, including profiling, you may object at any time, and the data may no longer be used for that purpose.

Right to data portability

Where processing is carried out by automated means or based on consent, you have the right to receive the personal data you provided in a structured, commonly used, machine-readable format (XML, JSON, or CSV) and request transmission to another controller if technically feasible.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you. Exceptions apply if necessary for a contract, authorized by law, or based on your explicit consent.

A fentiek nem alkalmazandóak abban az esetben, ha a döntés:

• Ön és az adatkezelő közötti szerződés megkötése vagy teljesítése érdekében szükséges;
• meghozatalát az adatkezelőre alkalmazandó olyan uniós vagy tagállami jog teszi lehetővé, amely Ön jogainak és szabadságainak, valamint jogos érdekeinek védelmét szolgáló megfelelő intézkedéseket is megállapít; vagy
• az Ön kifejezett hozzájárulásán alapul.

Data Controller’s actions upon the User’s request

 The Data Controller shall, without undue delay but no later than within one month from the receipt of the request, inform the User of the measures taken in response to requests for access, rectification, erasure, restriction, objection, or data portability. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the User of any such extension, together with the reasons for the delay, within one month of receiving the request. If the User has submitted the request electronically, the information shall, where possible, be provided electronically, unless the User requests otherwise.

If the Data Controller does not take action upon the User’s request, the Data Controller shall inform the User without delay and at the latest within one month of receipt of the request of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

5) DATA SECURITY MEASURES

The Data Controller undertakes to ensure the security of the data, to take the necessary technical and organizational measures, and to establish the procedural rules that ensure that the collected, stored, and processed data are protected, and to prevent their destruction, unauthorized use, or alteration. The Data Controller also undertakes to require all third parties to whom the data are transmitted or transferred, based on the Users’ consent, to comply with the requirements of data security. 

The Data Controller ensures that unauthorized persons cannot access, disclose, transmit, modify, or delete the processed data. The processed data may only be accessed by the Data Controller, its employees, and the Data Processors it uses; the Data Controller does not transfer them to any third party without authorization.

The Data Controller shall take all reasonable measures to ensure that data are not accidentally damaged or destroyed. The Data Controller requires the employees involved in data processing activities to comply with this obligation.

The User acknowledges and accepts that, despite the Data Controller applying modern security tools to prevent unauthorized access or disclosure, full protection of data on the Internet cannot be guaranteed. The Data Controller shall not be held liable for the acquisition or unauthorized access to data, or for any damage incurred by the User as a result of such events, despite its efforts. Furthermore, Users may provide their personal data to third parties who may use such data for unlawful purposes or in unlawful ways.

6) LEGAL REMEDIES

The Data Controller makes every effort to ensure that the processing of personal data is carried out in accordance with the law. However, if the User feels that this has not been the case, they may contact us at: info@zarina.hu e-mail címre, vagy a 1091 BUDAPEST 9 ker. ÜLLŐI ÚT 91. B ép. FS em. 5 ajtó szám postai címre.

If the User believes that their right to the protection of personal data has been violated, they may seek legal remedy under the applicable laws from the competent authorities:

• Hungarian National Authority for Data Protection and Freedom of Information (NAIH), 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• The competent court.

7) AMENDMENTS TO THE PRIVACY POLICY

The Data Controller reserves the right to amend this Privacy Policy without affecting the purpose or legal basis of processing. By continuing to use the website after the entry into force of the amendments, you accept the modified Privacy Policy.

If the Data Controller intends to process the collected data for a purpose other than that for which it was collected, you will be informed in advance of the new purpose and the following information:

• the period of storage of personal data or, if this is not possible, the criteria used to determine that period;
• your right to request access to, rectification, erasure, or restriction of your personal data from the Data Controller, and, in the case of processing based on legitimate interest, to object to the processing of personal data; in the case of processing based on consent or contractual relationship, your right to data portability;
• in the case of processing based on consent, your right to withdraw consent at any time;
• your right to lodge a complaint with the supervisory authority;
• whether the provision of personal data is based on law or contractual obligation or a prerequisite for concluding a contract, whether you are obliged to provide personal data, and the possible consequences of failure to provide such data;
• the existence of automated decision-making, including profiling, and meaningful information about the logic involved and its consequences.

Processing will only begin thereafter, and if the legal basis is consent, in addition to the information provided, your consent must also be obtained.

This document contains all relevant information on data processing in connection with the operation of the webshop in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.

8) OTHER PROVISIONS

 This Policy shall be governed by Hungarian law,

in particular Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (adopted on 27 April 2016).

Budapest, October 31, 2024

ANGELOPULU ZAFIRULA  EV.

Data Controller