General Terms and Conditions and Privacy Policy

Privacy Policy

Please read the Prospectus carefully in order to understand how we handle your personal information and your rights regarding data management.
.
As a data controller, the Service Provider or the Data Controller respects the privacy of all persons to whom personal data is transferred during the use of the kiteshop.hu website or by other inquiries at one of our contact details. The Service Provider treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.

Pursuant to Article 13 of the General Data Protection Regulation of the European Union (Regulation No. 679/2016, hereinafter "GDPR"), it provides the following mandatory information:
Entry into force of data management: 2018. 11.10.
We may change our data management principles at any time, of which the Service Provider will do its utmost to notify users thereof.

contents

1. Summary
2. Relevant legislation
3. Data of the data controller
4. Concepts of data protection
5. Rules of data management
6. Enforcing the rights of the data subject
7. Scope of personal data processed
8. Cookies and similar technologies
9. Application of automated decision making, profiling
10. Data Protection Officer:
11. Supervisory authority
2. Our data processing is governed in particular by the provisions of the following legislation:

Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46.

Act CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: Information Act),

Act V of 2013 on the Civil Code
Act C of 2003 on Electronic Communications (hereinafter: Eht.)

CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act (hereinafter: Eker Act)

Act C of 2000 on Accounting,

Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Act (hereinafter: Grt.)

Act CXIX of 1995 on the management of name and address data for the purpose of research and direct business acquisition. law. (hereinafter: DM TV.)

Name of the controller
Name: Dániel Harmati E.V.

Head office: 1051 József Nádor u. 11

Tax number: 56175194-1-41

EV registration number: 54805981

Phone number +36306833892

Concepts of data protection
Data subject: Any natural person identified or identifiable, directly or indirectly, on the basis of personal data

Personal data: data that can be contacted with the Data Subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and the conclusion that can be drawn from the data

Consent: the voluntary and firm expression of the data subject's wishes, based on appropriate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;

Objection: a statement by the Data Subject objecting to the processing of his / her personal data and requesting the termination of the data processing or the deletion of the processed data

Data controller: a natural or legal person or an organization without legal personality who determines the purpose of data processing, makes and implements decisions on data processing (including the means used), or implements it with a data processor entrusted by him

Data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, erasure and destruction, and prevent further use of the data, take photographs, sound or images

Data transfer: when the data is made available to a specific third party

Disclosure: when the data is made available to anyone

Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it

Data destruction: complete physical destruction of the data carrier; data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data

Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data

Data processor: a natural or legal person or an organization without legal personality who, on the basis of a contract concluded with the data controller, including the conclusion of a contract on the basis of a provision of law, processes data

Third party: a natural or legal person or an organization without legal personality who is not the same as the data subject, the controller or the processor

Third country: any state that is not an EEA state

Data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage

 

Data management rules
This data management policy is valid from 25 May 2018 until revoked.

The conceptual system of this prospectus is the same as in Infotv. To the interpretative definitions defined in § 3.

Personal data may only be processed for the purpose of exercising a right or fulfilling an obligation. The use of personal data managed by the Service Provider for private purposes is prohibited. Data management must always comply with the purpose limitation principle.

The legal basis for data processing is, as a general rule, the consent of the data subject and, in the case of certain data processing (for example: personal data on an invoice), a provision of law.

When collecting data, the Data Controller informs the Data Subject that the handling of his / her data is governed by the Data Management Information.

Acceptance of the Data Management Information confirms the knowledge of the Data Management Information and constitutes a data management consent.

The Service Provider handles personal data only for a specific purpose, in order to exercise a right and fulfill an obligation, on the basis of the prior consent of the data subject or by law or legal authorization, to the minimum extent and for the time necessary to achieve the purpose.

At all stages of the data management, the purpose must be fit for purpose - and if the purpose of the data management has ceased or the processing of the data is otherwise unlawful, the data will be deleted.

In all cases, the Service Provider shall inform the data subject of the purpose of the data processing and the legal basis of the data processing before recording the data.

If a person subject to the regulations becomes aware that the personal data managed by the Service Provider is incorrect, incomplete or out of date, he / she is obliged to correct it or initiate the correction with the employee responsible for recording the data.

In the course of their work, the employees of the Service Provider ensure that unauthorized persons cannot inspect personal data, and that the storage and placement of personal data is designed in such a way that it cannot be accessed, known, changed or destroyed by unauthorized persons.

The data protection system of the Service Provider is supervised by the managing director.

Please note that our website contains some links (links, links) that lead to the pages of other organizations. The given body is responsible for the data and information protection practices of these bodies!

Enforcing the rights of data subjects
The data subject may request information on the handling of his / her personal data, as well as request the correction or deletion of his / her personal data at the e-mail address daniel@true-surfers.com, except for the data processing required by law.

6.1. Right to information

At the request of the data subject, the Service Provider provides information on the data processed by the data subject or processed by the data controller, the source, the purpose, legal basis, duration, name, address and activities related to data processing and the circumstances of the data protection incident. , its effects and the measures taken to remedy it, as well as the legal basis and the recipient of the transfer.

The Service Provider shall respond to the request related to the processing of the personal data of the data subject in writing, in a comprehensible form, no later than within 25 days from its submission.

The information covers the Infotv. To the information specified in Section 15 (1), if the information of the data subject cannot be refused on the basis of law.

Inaccurate data will be corrected by the data controller, if the necessary data and the public documents proving them are available, the Infotv. In case of the reasons specified in Section 17 (2), it shall take measures to delete the processed personal data.

 

6.2. Right to protest

The data subject may object to the processing of his personal data,

if the processing or transfer of personal data is necessary only for the fulfillment of a legal obligation to the controller or for the exercise of a legitimate interest of the controller, the recipient or a third party, except in the case of mandatory processing;
if the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; and
in other cases specified by law.
The Service Provider shall examine the protest as soon as possible after the submission of the application, but not later than within 25 days, make a decision on the merits of the application and inform the applicant of its decision in writing.

If the protest is justified, the Service Provider terminates the data processing and blocks the data, and notifies all those to whom the personal data affected by the protest was previously transmitted and who are obliged to take action to enforce the right to protest.

If the data subject does not agree with the decision made on the subject of the protest, or the Service Provider fails to meet the deadline, the data subject shall, within 30 days from the notification of the decision or the last day of the deadline, inform Infotv. He may apply to a court as defined in Section 22.

If the protest is justified, the data controller shall inform Infotv. Act in accordance with the provisions of Section 21 (3).

 

6.3. Locking

The Service Provider shall block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it can be assumed that the deletion would harm the data subject's legitimate interests. Blocked personal data may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists.

6.4. Deletion

The Service Provider deletes the personal data if its processing is illegal, the data subject requests it (unless the data processing is based on a mandatory provision of law *), the processed data is incomplete or incorrect - and this condition cannot be legally remedied - provided the deletion is not prohibited by law out, the purpose of the data processing has ceased or the time limit for the storage of data specified by law has expired, it has been ordered by a court or the National Data Protection and Freedom of Information Authority.

The Service Provider has 25 days to delete, block and correct personal data. The Service Provider shall notify the data subject of the measures taken, as well as all those to whom it has previously transmitted the data for the purpose of data management.

The Service Provider shall also reimburse the damage caused to others by the unlawful handling of the data of the data subject or the violation of the data security requirements, as well as the personal injury compensation caused by the personal data breach caused by him or her or the data processor used by him. The controller shall be released from liability for the damage caused and the obligation to pay damages if it proves that the damage or the violation of the data subject's right to privacy was caused by an unavoidable cause outside the scope of data processing. Likewise, it does not compensate for damage if it was caused by the intentional or grossly negligent conduct of the injured party.

* The Service Provider does not delete the data of the Data Subject even after the termination of the given legal relationship, taking into account the data retention obligation specified in the legal regulations (Pmt., Accounting Act). Upon termination of this obligation, the data will be deleted.

In previous periods, however, the data will not be used for any other purpose without consent.

 

6.5 Modifying the data

Changes to the data of the data subject can be requested at the email address daniel@true-surfers.com.

6.6 Storing the data

The data is stored electronically at the data processing companies commissioned by the Service Provider, which guarantee the protection of personal data with strong security systems. The Service Provider assumes the responsibility. The data processor may not make a substantive decision concerning data management, may process personal data obtained only in accordance with the provisions of the Data Controller, may not process data for its own purposes, and must store and preserve personal data in accordance with the provisions of the Data Controller.
The data is transferred abroad to the high-security data processors commissioned by the Service Provider.

The data is transmitted for hosting purposes to

Shopify

which may use additional data processors to provide IT support services.

 

The scope of personal data managed
7.1. Newsletter subscription at www.true-surfers.com.

Name
E-mail address

The data provided will be managed by the Data Controller until the consent of the data subject is revoked, which can be revoked at any time by clicking on the unsubscribe link at the bottom of the newsletter or at the contact details provided above.
Its purpose is to inform those who voluntarily subscribe to the newsletter about news, service changes, promotions and novelties.
The legal basis is voluntary registration.
The data is stored by the next service provider.

Mailchimp
he Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States
www.mailchimp.com

7.2 Contact details.

If you contact us by email or telephone, we will not store the data or until the end of any contract.

Use of cookies and similar technologies
We use cookies in certain areas of our website. Cookies are files that store information on your hard drive or in your web browser. We would like to emphasize that cookies are included in Act C of 2003 on Electronic Communications, Act CVIII of 2001 on Certain Issues in Electronic Commerce Services and Information Society Services. and in accordance with European Union regulations.

Cookies allow the website to recognize if you have visited it before. Cookies help us understand which part of the website is most popular because they allow us to see which pages our visitors visit and how much time they spend there. By studying this, we can better tailor the website to your needs and provide an even more diverse user experience by using cookies, among other things.

- they remember the settings so you don't have to re-enter them when you go to a new page,
- remember previously entered data (eg postcode) and do not need to re-type,
- analyze the use of the website in order to ensure that, as a result of the improvements made using the information obtained in this way, it works as well as expected, easily finds the information you are looking for and monitors the effectiveness of our advertisements.

8.1Types, purpose and use of cookies

We may use two types of cookies on our website: temporary (session cookies) or permanent cookies. Temporary cookies remain on your device until you leave our website, while permanent cookies remain on your device for a longer period of time, or until you delete them manually, depending on your web browser settings.

8.2 Essential session-id cookies

These are essential for navigating our website, operating key features of our website, and accessing protected content. These cookies store the information needed to complete the forms and do not collect any information that could identify the user. After closing the website, these cookies are automatically deleted and the session is closed.

If you do not accept these cookies, the website or parts of it may not or may not be displayed correctly, making it impossible to use the website.

8.3. Analytical or performance monitoring cookies

These allow us to differentiate and count visitors to our website, and monitor how users use a particular website, such as which pages they visit most often and whether they receive error messages about websites. These cookies ensure the uniform appearance of the website and collect information about the use of the website. All this contributes to the further development of our website. These cookies do not collect personally identifiable information, store the data aggregated and anonymously, and are only used to improve the operation of our website.

8.3.1. Google Analitycs

Through Google Analytics, we collect anonymous information about how website visitors use the site. We do this to make sure the site meets the needs of our visitors.

Google Analitycs collects information about what pages they visit, how long they stay, how they got there, and what they clicked on. Because we do not collect or store your name or address in this context, this information is not personally identifiable and we do not allow Google to use it for your own purposes or to share it with anyone.

8.4. Functional cookies

In order to improve the user experience, these cookies detect the means by which our website was opened, memorize previous user decisions, so that we can offer better and more personalized features. These cookies may also allow you to watch videos, play games and use social tools such as blogs, chat rooms and forums.

However, these cookies do not track your activity on other websites and we do not use them for the purpose of sending advertisements through other websites.

8.5. Targeted or advertising cookies

In order to provide our website visitors with the marketing information that best suits their interests, we also use personalized, ie targeted or advertising cookies.

These cookies collect fairly detailed information about your browsing habits on our websites (for example, they record which products and services were clicked on). It can also be used to detect repeated visits to one of our websites and / or websites that belong to our advertising partner networks.

8.6 Handling of cookies

Browser settings: You can set your web browser to accept all cookies, reject them all, or notify you when a cookie arrives on your machine. The setting options are usually found in the "Options" or "Settings" menu of the browser. Each web search engine is different, so please adjust accordingly. use your search engine's "Help" menu or the following links to change your cookie settings:

- Manage cookies in Internet Explorer
- Manage cookies in Firefox
- Manage cookies in Chrome

Please note here that this website is designed to work using cookies, so disabling them in part or in full may affect the usability of this website, prevent interactive communication and allow you to use all its features.

We would like to emphasize that we do not exchange cookies with third-party websites or external data providers.

More information can be found at the following links:

- Google Policies and Policies

8.7 Community Buttons

Our website also uses so-called “community buttons” that allow our visitors to share or bookmark a particular page. These links point to social media independent of us, which may collect information about your browsing activity on the Internet, including this website. If you would like more information about how these websites use information about you. If you wish to disable or delete such data, please read the terms and conditions and privacy policy of the affected sites.

Use of automated decision making, including profiling
We do not use automated decision making and profiling.

Data Protection Officer:
the controller is not obliged to appoint a data protection officer under Article 37 of the GDPR

Authorities
The data subject may file a complaint with the NAIH regarding the Company's data management procedure:

National Data Protection and Freedom of Information Authority
head office: 1024 Budapest, Szilágyi Erzsébet avenue 22 / C.
website: www.naih.hu

The data subject may, at his or her choice, also pursue his or her claim in court. The trial falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where he or she resides or stays.