Introduction

The COMPANY (hereinafter referred to as the Service Provider, Data Controller) subjects itself to the following information.

In accordance with the protection of personal data of natural persons and the free movement of such data, as well as the repeal of Regulation (EC) No 95/46/EC (General Data Protection Regulation) by the European Parliament and the Council (EU) 2016/679 Regulation (April 27, 2016), we provide the following information.

This data protection notice governs the data processing on the following website: www.gastrohobbi.com

The data protection notice can be accessed at the following link: https://gastrohobbi.com/privacy-policy/

Changes to this notice become effective upon publication at the above address.

Data Controller and Contact Information:

Name: GastroHobbi 2014 Kft.

Registered Office: Hungary, 4025 Debrecen, Simonffy utca 4-6. fszt 41.

Tax Identification Number: 27108510-2-09

Email: info@gastrohobbi.hu

Phone: +36706353444

Definitions

“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Data processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Data controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Data processor”: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

“Recipient”: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Consent of the data subject”: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Principles of Personal Data Processing

Personal data shall be:

a) processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”); b) collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (“purpose limitation”); c) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”); d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”); e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”); f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

The controller is responsible for compliance with the above principles and must be able to demonstrate such compliance (“accountability”).

The data controller declares that the data processing is carried out in accordance with the principles mentioned above.

Data Processing

Data Processing Related to Operating an Online Store

The fact of data collection, the scope of processed data, and the purpose of data processing: Personal Data Purpose of Data Processing First and Last Name Required for contact, purchase, and regular invoice issuance. Email Address Communication. Phone Number Communication, more efficient coordination regarding invoicing or delivery inquiries. Billing Name and Address Issuance of regular invoices, as well as establishing, defining, modifying, monitoring the performance, invoicing charges arising from it, and enforcing related claims. Shipping Name and Address Facilitating home delivery. Date and Time of Registration/Purchase Technical operation. IP Address at the time of Registration/Purchase Technical operation. It is not necessary for the username or email address to contain personal data.

Scope of Data Subjects: All individuals registered/purchasing on the webshop website. Duration of Data Processing, Deadline for Deletion of Data: Immediately upon deletion of the registration. Except for accounting documents, as the Accounting Act of 2000 prescribes, these data must be retained for 8 years. Accounting records directly or indirectly supporting accounting documents (including general ledger accounts, analytical or detailed records), must be kept in a legible form, retrievable based on references made in the accounting records, for at least 8 years, in compliance with technical and organizational measures prescribed in this Regulation, in order to protect the rights and freedoms of data subjects.

The identity of possible data processors authorized to access the data, recipients of personal data: Personal data can be processed by the sales and marketing employees of the data controller, respecting the principles mentioned above. Description of data subject’s rights related to data processing: The data subject may request access to their personal data, rectification, erasure, or restriction of processing from the data controller, and may object to the processing of such personal data, and has the right to data portability, as well as the right to withdraw consent at any time. The data subject can initiate requests for access to personal data, data erasure, modification, or processing restriction, data portability, and objections to data processing in the following ways:

  • by mail: GastroHobbi 2014 Kft., Hungary, 4025 Debrecen, Simonffy utca 4-6. fszt 41,
  • by email: info@gastrohobbi.hu,
  • by phone: +36706353444.

Management of Cookies

Cookies commonly used for online stores include “password-protected session cookies,” “cookies necessary for the shopping cart,” and “security cookies,” for which prior consent from the data subjects is not required.

The fact of data processing and the scope of processed data: Unique identifiers, dates, timestamps
Scope of data subjects: All visitors to the website.
Purpose of data processing: User identification, maintaining the “shopping cart,” and tracking visitors.
Duration of data processing, deadline for data deletion:
Cookies for basic operation
Legal basis for data processing Purpose of data processing Duration of data processing Processed data
Legitimate interest Ensuring the proper functioning of the website Session cookies:
until the end of the visitor’s session Webshop cart: wc_cart_hash_#
wc_fragments_#
Statistical cookies
Legal basis for data processing Purpose of data processing Duration of data processing Processed data
Your consent Collecting information about how visitors use our website Depending on the cookie:– until the end of the session
– up to 2 years
– up to 24 hours
– up to 1 minute
– up to 90 days Google Analytics: ga
_gid
_gat
_gac_<property-id>You can find descriptions of individual cookies by clicking here.
Targeting and advertising cookies
Legal basis for data processing Purpose of data processing Duration of data processing Processed data
Your consent Displaying relevant advertisements, creating and storing identifiers Depending on the cookie:– up to 90 days
– up to 18 months
– or up to 2 years
– Google Adwords conversion code
– Google Adwords remarketing code
– Google Analytics remarketing function

– Facebook conversion code

– Facebook remarketing code

– DoubleClick Floodlight code

Identity of possible data processors entitled to access the data: The data controller does not process personal data through the use of cookies.
Description of data subjects’ rights related to data processing: Data subjects have the option to delete cookies in the browser’s Tools/Settings menu, usually under the Privacy section.
Legal basis for data processing: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information or the provision of an information society service explicitly requested by the subscriber or user via an electronic communications network, for which the service provider absolutely needs it.

Legal Basis for Data Processing: 7.1. GDPR Article 6(1) b) and c), 7.2. Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Elker tv.) Article 13/A(3): The service provider may process personal data that are technically necessary for the provision of the service. In cases of the same conditions, the service provider must choose and operate the tools used in the provision of information society services in such a way that personal data are only processed if it is absolutely necessary for the provision of the service and for the fulfillment of other purposes defined in this Act, but even in this case, only to the extent and for the duration necessary. 7.3. In the case of issuing invoices in compliance with accounting regulations, GDPR Article 6(1) c), 7.4. In the case of enforcing claims arising from contracts, Civil Code Act V of 2013 Section 6:21 (for 5 years). Section 6:22. Limitation of actions (1) Unless otherwise provided by this Act, claims shall lapse after five years. (2) The limitation period shall start when the claim becomes due. (3) Any agreement modifying the limitation period shall be made in writing. (4) An agreement excluding limitation shall be void.

We inform you that:

  • Data processing is based on your consent.
  • It is obligatory to provide personal data for us to process your order.
  • Failure to provide data will result in us being unable to process your order.

Newsletter, Direct Marketing Activity

In accordance with Section 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities, the User may expressly and in advance consent to the Service Provider contacting them with advertising offers and other communications via the contact details provided during registration.
Furthermore, the User, while considering the provisions of this information, may consent to the processing of their personal data necessary for sending advertising offers by the Service Provider.
The Service Provider does not send unsolicited advertising messages, and the User can unsubscribe from receiving offers without restriction or justification, free of charge. In this case, the Service Provider will delete all personal data required for sending advertising messages from its records and will not contact the User with further advertising offers. The User can unsubscribe from advertisements by clicking on the link in the message.
The fact of data collection, the scope of data processed, and the purpose of data processing:
Personal Data Purpose of Data Processing
Name, email address. Identification, enabling subscription to the newsletter.
Date of subscription Performing a technical operation.
IP address at the time of subscription Performing a technical operation.
Data Subjects: All individuals subscribing to the newsletter.
Purpose of Data Processing: Sending electronic messages containing advertisements (email, SMS, push notifications) to the data subject, providing information about current news, products, promotions, new features, etc.
Duration of Data Processing, Deadline for Data Deletion: Data processing continues until the withdrawal of consent, i.e., until unsubscribing from the newsletter.
Persons authorized to access the data, recipients of personal data: The personal data can be processed by the Service Provider’s sales and marketing employees, while respecting the principles mentioned above.
Explanation of the data subjects’ rights related to data processing:
The data subject can request from the data controller access to their personal data, their correction, deletion, or restriction of processing, and may object to the processing of such personal data. Additionally, the data subject has the right to data portability and the right to withdraw consent at any time.
The data subject can initiate access to personal data, their deletion, modification, or processing restriction, data portability, and objections to data processing through the following means:
– by post: GastroHobbi 2014. Kft. Hungary, 4025 Debrecen, Simonffy utca 4-6. fszt 41 mailing address,
– by email: info@gastrohobbi.hu email address,
– by phone: at +36706353444.

The data subject can unsubscribe from the newsletter at any time, free of charge.
Legal Basis for Data Processing: Consent of the data subject, Article 6(1)(a) of the GDPR, Section 5(1) of the Infotv., and Section 6(5) of Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities:
The advertiser, the advertising service provider, and the publisher of the advertisement maintain a record of personal data of individuals who have given their consent within the scope specified in the consent. Data recorded in this register may only be processed in accordance with the provisions of the consent until it is withdrawn, and may only be transferred to third parties with the prior consent of the data subject.

Please be informed that:
Data processing is based on your consent.
You are obligated to provide your personal data if you wish to receive newsletters from us.
Failure to provide data will result in us being unable to send you newsletters.

Customer Relations and Other Data Processing

If the data controller’s services raise any questions or concerns for the data subject during their use, they can contact the data controller through the methods provided on the website (phone, email, social media, etc.).

The data controller will delete emails, messages, data provided over the phone, Facebook, etc., along with the inquirer’s name and email address, and any other voluntarily provided personal data, within a maximum of 2 years from the date of data submission.

For data processing not listed in this information, the data subject will be informed at the time of data collection.

In exceptional cases of authority request or when authorized by law, other organizations may require the Service Provider to provide information, disclose, transfer, or provide documents. In such cases, the Service Provider will provide the requesting party with personal data only to the extent necessary to achieve the purpose of the request if the requester specifies the exact purpose and scope.

Rights of Data Subjects

The right of access: You have the right to receive confirmation from the data controller as to whether your personal data is being processed, and if so, you have the right to access your personal data and obtain information as specified in the regulation.

The right to rectification: You have the right to request the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

The right to erasure (‘right to be forgotten’): You have the right to request the erasure of personal data concerning you without undue delay, and the data controller shall have the obligation to erase personal data without undue delay under certain conditions.

The right to be forgotten: Where the data controller has made your personal data public and is obliged to erase it, taking into account available technology and the cost of implementation, the data controller shall take reasonable steps to inform other data controllers processing the personal data that you have requested the erasure of any links to, or copy or replication of, that personal data.

The right to restriction of processing: You have the right to obtain from the data controller restriction of processing under certain conditions.

The right to data portability: You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used, and machine-readable format and have the right to transmit that data to another data controller without hindrance.

The right to object: You have the right to object at any time to the processing of your personal data, including profiling, under certain conditions.

Right to object to direct marketing: If personal data processing is carried out for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you unless certain conditions are met.

Notification Obligation

If a data breach is likely to result in a high risk to your rights and freedoms, the data controller shall promptly inform you of the data breach.

Complaints

If you believe that your rights have been violated, you have the right to file a complaint with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

H1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, P.O. Box: 5.

Phone: +36-1-391-1400

Fax: +36-1-391-1410

Email: ugyfelszolgalat@naih.hu

Closing Remarks

This information was prepared in accordance with the following regulations:

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

– Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.)

– Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services

– Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices Against Consumers

– Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (especially § 6)

– Act XC of 2005 on the Freedom of Electronic Information

– Act C of 2003 on Electronic Communications (especially § 155)

– Opinion 16/2011 on EASA/IAB Recommendations for Online Behavioral Advertising

– Recommendation of the National Authority for Data Protection and Freedom of Information on the Requirements for Preliminary Information

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

GastroHobbi 2014 Kft.

Data Controller