Introduction
The COMPANY (hereinafter referred to as the Service Provider, Data Controller) subjects itself to the following information.
In accordance with the protection of personal data of natural persons and the free movement of such data, as well as the repeal of Regulation (EC) No 95/46/EC (General Data Protection Regulation) by the European Parliament and the Council (EU) 2016/679 Regulation (April 27, 2016), we provide the following information.
This data protection notice governs the data processing on the following website: www.gastrohobbi.com
The data protection notice can be accessed at the following link: https://gastrohobbi.com/privacy-policy/
Changes to this notice become effective upon publication at the above address.
Data Controller and Contact Information:
Name: GastroHobbi 2014 Kft.
Registered Office: Hungary, 4025 Debrecen, Simonffy utca 4-6. fszt 41.
Tax Identification Number: 27108510-2-09
Email: info@gastrohobbi.hu
Phone: +36706353444
Definitions
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Data processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Data controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Data processor”: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
“Recipient”: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
“Consent of the data subject”: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Principles of Personal Data Processing
Personal data shall be:
a) processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”); b) collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (“purpose limitation”); c) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”); d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”); e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”); f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
The controller is responsible for compliance with the above principles and must be able to demonstrate such compliance (“accountability”).
The data controller declares that the data processing is carried out in accordance with the principles mentioned above.
Data Processing
Data Processing Related to Operating an Online Store
The fact of data collection, the scope of processed data, and the purpose of data processing: Personal Data Purpose of Data Processing First and Last Name Required for contact, purchase, and regular invoice issuance. Email Address Communication. Phone Number Communication, more efficient coordination regarding invoicing or delivery inquiries. Billing Name and Address Issuance of regular invoices, as well as establishing, defining, modifying, monitoring the performance, invoicing charges arising from it, and enforcing related claims. Shipping Name and Address Facilitating home delivery. Date and Time of Registration/Purchase Technical operation. IP Address at the time of Registration/Purchase Technical operation. It is not necessary for the username or email address to contain personal data.
Scope of Data Subjects: All individuals registered/purchasing on the webshop website. Duration of Data Processing, Deadline for Deletion of Data: Immediately upon deletion of the registration. Except for accounting documents, as the Accounting Act of 2000 prescribes, these data must be retained for 8 years. Accounting records directly or indirectly supporting accounting documents (including general ledger accounts, analytical or detailed records), must be kept in a legible form, retrievable based on references made in the accounting records, for at least 8 years, in compliance with technical and organizational measures prescribed in this Regulation, in order to protect the rights and freedoms of data subjects.
The identity of possible data processors authorized to access the data, recipients of personal data: Personal data can be processed by the sales and marketing employees of the data controller, respecting the principles mentioned above. Description of data subject’s rights related to data processing: The data subject may request access to their personal data, rectification, erasure, or restriction of processing from the data controller, and may object to the processing of such personal data, and has the right to data portability, as well as the right to withdraw consent at any time. The data subject can initiate requests for access to personal data, data erasure, modification, or processing restriction, data portability, and objections to data processing in the following ways:
- by mail: GastroHobbi 2014 Kft., Hungary, 4025 Debrecen, Simonffy utca 4-6. fszt 41,
- by email: info@gastrohobbi.hu,
- by phone: +36706353444.