Privacy Policy

which was prepared for the Stakeholders visiting the following domain operated by the individual entrepreneur István Puskás: https://izulafome.com/

As a data controller, the entrepreneur considers the protection and security of the data of the natural persons related to him, as well as the natural persons whose data comes into his possession in connection with his business activities (hereinafter all together: Data Subjects), as well as the respect of their rights and the possibility of enforcing them, extremely important. With this in mind, for the purpose and in the interest of complying with the applicable Hungarian and European legal provisions, the following brief information is provided to all interested parties who wish to contact it based on the information found under the above domain name, or who use any service under the above domain name.

Who is the Data Controller?

In relation to this information, the Data Controller is István Puskás, an individual entrepreneur, who is listed in the Register of Individual Entrepreneurs under number 59129192.

The Data Controller

  • Tax number: 90007501-1-42
  • Telephone number: +36 30 212 8666
  • Email address: info@izulafome.com
  • Headquarters: H-1172 Budapest, V. Street 19/a, Hungary

Who is the person responsible for data protection?

The person responsible for data protection is the same as the individual entrepreneur: István Puskás, whose contact details are included in the previous point.

Who are the Stakeholders?

Any natural person identified or - even indirectly - identifiable on the basis of any specific personal data, whose data is managed by the Data Controller, is affected.

You may be affected if you visit the website operating under the above domain operated by the Data Controller and use that library membership.

Why, on what legal basis and for how long do I process your data?

It depends on the connection method.

I. CREATING OF LIBRARY MEMBERSHIP

After you order the service(s), a contract is created between us according to the General Terms and Conditions, the conclusion of which is it an independent data management.

Legal basis for data management:

  • if you are the contracting party, the legal basis for data processing is defined in Article 6 (1) point b) of the GDPR, according to which data processing is necessary for the performance of a contract to which you are a party.
  • if you are a natural person acting on behalf of our contracting customer (customer), you represent our customer according to the Civil Code. § 3:21, subject to the provisions of you act as a legal representative within the scope of fulfilling your legal obligations, on the basis of which the legal basis for data processing is defined in point b) of Article 6 (1) of the GDPR, according to which data processing is necessary for the performance of a contract in which you legally represent your customer.  

Source of the data: You provide the data during contract preparation when you filll in the appropriate fields on the form.

Scope of affected persons: During the conclusion of the contract, you will be affected if

  • you are a natural person ordering my services as a private individual or sole trader,
  • you are, the managing director of my legal entity customer
  • you are a contact person designated by my legal entity customer.

Scope of processed data:

  • your name, the purpose of which is to identify you as a contracting partner.
  • your e-mail address, the purpose of which is to maintain contact in order to fulfill the contract
  • invoicing data: invoicing name, address, the purpose of which is to process the invoice.
  • indication of ordered service: the purpose of data management is to fulfill the contract.

Duration of data management: I will manage the above data recorded in the contract with you for 5 years after the completion of the contract. After 5 years, your electronically registered data will be deleted from the system. I do not handle contracts on a paper basis.

Place of data processing: Data processing takes place exclusively electronically. The contract is concluded electronically, by filling out and sending the form. The data of the form is stored in the storage space provided by the system.

Data processors: After submitting the form, your data will be stored in the online system provided by MikroVPS Ltd. (H-7150 Bonyhád, Jókai street 3, Hungary. e-mail: info@mikrovps.net )

Online bank card payments are made through the Stripe system, with recurring payments (subscription). The bank card data will not reach to the library operator or the merchant.

Those entitled to access the data: during the conclusion of the contract, only the Data Controller. If there is a problem with the storage space, the data processor MikroVPS Kft. is entitled to access the data to the extent necessary to remedy the error. If an official procedure were to arise in connection with the contract, the data of the concluded contract may be known by the authority acting during the official inspection, or its representative.

 

WHAT DOES STRIPE MEAN?

Online bank card payments are made through Stripe's electronic payment processing system. Stripe is a technology company that builds economic infrastructure for the Internet. It allows businesses to accept payments and manage their businesses online.

More information about Stripe (English language site): stripe.com
Stripe data protection, statements, policies

Stripe's online payment system enables payment with the following bank cards and digital wallets:

    • MasterCard
    • VISA
    • American Express

The bank card payment solution provided by Stripe is secure.
Security is based on the separation of data.
The Webstore receives information about the order from the customer, and Stripe only receives the card data required for the payment transaction on the TLS-encrypted payment page.
The Web Store is not informed of the data content of the payment page, they can only be accessed by Stripe. After payment, the website of the Webshop informs you about the result of the transaction. The consideration for the purchased goods/services, the amount paid, is immediately blocked on your account.

II. MAINTAINING CONTACT

Communication is necessary in order to performance the contract.

Legal basis for data management:

  • if you are the contracting party, the legal basis for data processing is defined in Article 6 (1) point b) of the GDPR, according to which data processing is necessary for the performance of a contract to which you are a party.
  • if you are a natural person acting on behalf of our contracting customer (customer), you represent our customer according to the Civil Code. § 3:21, subject to the provisions of you act as a legal representative within the scope of fulfilling your legal obligations, on the basis of which the legal basis for data processing is defined in point b) of Article 6 (1) of the GDPR, according to which data processing is necessary for the performance of a contract in which you legally represent your customer.

Source of the data: You or the person entering into the contract provide your contact information on the order form, or if there is a change in the data, with a separate notification to that effect.

Scope of affected persons: In the case of contact, you will be affected if you have been designated as the contact person in connection with the contract, or you are the contracting party and there is no separately designated contact person.

Scope of processed data:

  • name, the purpose of which is to identify you.
  • telephone number, e-mail address, the purpose of which data is managed to ensure your contact during the contract.

Duration of data management: The day following the completion of the contract by both parties.

Data processors: After submitting the form, your data will be stored in the online system provided by MikroVPS Ltd. (H-7150 Bonyhád, Jókai street 3. Hungary. E-Mail: info@mikrovps.net ).

Those entitled to access the data: during the conclusion of the contract, only the Data Controller. If there is a problem with the storage space, the data processor MikroVPS Ltd is entitled to access the data to the extent necessary to eliminate the error. If an official procedure were to arise in connection with the contract, the data of the concluded contract - including the data provided in relation to contact - can be seen by the authority acting during the official inspection, or its representative.

III. CREATION OF A USER ACCOUNT

The creation of a user account is necessary in order to fulfill the contract.

Legal basis for data management: based on point b) of Article 6 (1) of the GDPR, data management is necessary for the performance of a contract to which you are a party.

Source of the data: You provide me with the data when placing the order, when you initiate the order process.

Scope of affected persons: you will be affected if the contract is concluded based on successful payment.

Scope of processed data:

The Data Manager manages the following data when creating a user account:

  • name, the purpose of data management is your identification
  • e-mail address, the purpose of which is to manage the user’s name and to notify about the creation of the user,
  • first password, the purpose of which is to manage data to create a user account protected by secure (https) access. You must change the first password!
  • a prepaid service whose purpose of data management is to fulfill the contract.
  • invoicing data, the purpose of which is to process the invoice related to the contract.

After creating a user account, you can voluntarily enter more data in your profile, however, the Data Controller only deletes this data - together with your user account - if it conflicts with good morals, infringes copyright, or makes it impossible to fulfill the contract. Such data:

  •     photograph
  •     Home address
  •     telephone number
  •     introduction data.

These data are PUBLIC, i.e. we strongly draw your attention to the fact that providing them is not mandatory, it is based on voluntary consent, and you can withdraw your consent by deleting the data you provided from the system.

Duration of data management: 5 years after the existence of the contract (or, in the case of providing data based on voluntary consent, until their deletion).

Data processors: The hosting provider of the websites is MikroVPS Ltd. (H-7150 Bonyhád, Jókai street 3. Hungary. email: info@mikrovps.net ), a business company, which qualifies as a data processor, given that all electronic mail sent to or by me can be accessed on its hosting, and all the inquiries you send from the web interface

Those entitled to access the data: If there is a problem with the storage space, the storage provider can look into the data in order to eliminate the error.

IV. INVOICING

We carry out our activities within the framework of current Hungarian and European Union legislation, and we issue invoices in connection with product sales in accordance with this.

Legal basis for data management: CXXVII of 2007 on general sales tax. Act § 159.

Source of the data: you provide me with the data by filling out the order form for this service.

Scope of affected persons: During invoicing, you will be a Data Subject if the invoice is in your name or in the name of a company whose name includes your name.

Scope of processed data:

  •     billing name
  •     billing address
  •     name of ordered service
  •     fee for ordered service

the purpose of processing which data is uniformly to issue the invoice.

Duration of data management: The data is collected by Katv (XIII. of 2022). We store it until the retention period according to § 11, i.e. for 5 years from the due date of the invoice.

Data processors: After submitting the form, your data will be stored in the online system provided by MikroVPS Ltd. (H-7150 Bonyhád, Jókai street 3. Hungary. email: info@mikrovps.net). Invoicing is done using the BILLINGO system of Octonull Ltd. (Commercial register number: 01-09-198177, tax number: 25073364-2-42). The Octonull Ltd. is a business company headquartered at H-1074, Budapest, Hutyra Ferenc street 11. Hungary.

Those entitled to access the data: Should a problem arise with the invoicing systems, the data processor MikroVPS Ltd. is entitled to access the data to the extent necessary to correct the error. If an official procedure were to arise in connection with the contract, the data of the issued invoices can be seen by the authority acting during the official inspection, or its representative.

V. COMPLAINT HANDLING

Legal basis for data management: the Civil Code. § 6:138. fulfillment of my obligation contained in which provides that in the event of a breach of contract, the aggrieved party is entitled to demand the performance of the service.

Source of the data: During complaint handling, you provide us with the data when you submit a complaint to me against my activity or any part of it.

Scope of affected persons: During complaint handling, you will be a Data Subject if you submit the complaint. You provide us with the data during complaint handling.

Scope of processed data:

The Data Controller processes the following data during complaint handling:

  • name of data
  • purpose of data management
  • Name
  • your identification
  • Complaint content
  • settlement of the complained activity in a way that is satisfactory for both parties
  • Date of filing a complaint
  • registration of the complaint
  • Date of complaint resolution
  • closing the complaint in the complaint register
  • Related contract
  • identification of the complained case

In the course of complaint handling, it is possible that in addition to the above, we also process other data, depending on the content of the complaint, e.g. if your complaint was submitted due to payment deficiencies, we can also use your bank account number, which was previously known during the performance of the contract, during the complaint handling in order to reveal the reasons for the failure.

Duration of data management: 5 years after the settlement of the complaint (general limitation period defined by the Civil Code).

Data processors: The hosting provider of the e-mail address receiving complaints and the websites containing the contact form is the business company MikroVPS Ltd., which qualifies as a data processor, taking into account that both electronic mails sent to me or by me, as well as those sent by you from the web interface, can be accessed on its hosting inquiries sent.

Those entitled to access the data: If there is a problem with the storage space, the storage provider can look into the data in order to eliminate the error.

During complaint handling, in addition to the above, my legal representative or the authority that, in the event that the complaint is resolved in a way that is not satisfactory to you, can get to know the data that we handle on the basis of your request.

VI. WEBSITE VISIT

Legal basis for data management: Voluntary consent, which you exercise by opening my website in your browser.

Source of the data: You provide the data when visiting the website.

Scope of affected persons: you will be affected if you appear as a visitor on my website.

Realization of data management: Data management is done through cookies. The site contains only the cookies necessary for operation, which ensure that you can enter the website and access the documents to be viewed. I do not use cookies for marketing purposes.

What is a cookie?

A cookie is a two-line piece of code that your browser places on your computer when you visit certain websites. These may contain data necessary for identification and data related to interests, but they are always stored on your computer. You can delete these cookies from your browser under the Settings menu item.

My website contains data necessary for operation, and their lifetime usually lasts until the browser is closed. The only exception to this is the cookie recording the acceptance of your information about cookies, which has a lifetime of 1 year. Of course, you can also delete this from your computer before 1 year using the above method.

VII. NEWSLETTER

Legal basis for data management: is your voluntary consent.

Source of the data: You provide the data by filling out the form when subscribing to the newsletter.

Scope of affected persons: you will be affected if you subscribe to the newsletter service on my website.

Scope of processed data:

  •     name: the purpose of processing the data is your identification,
  •     e-mail address: the purpose of the processing of which data is to send the newsletter,
  •     date of subscription: the purpose of the processing of which data is to establish that the subscription has actually taken place.

Duration of data management: Until unsubscription. By unsubscribing, you withdraw your consent to data management. After unsubscribing, I will delete your data from the system.

Data processors: After submitting the form, your data will be stored in the online system provided by MikroVPS Ltd. (H-7150 Bonyhád, Jókai street 3. Hungary. email: info@mikrovps.net ).

Those entitled to access the data: only the Data Controller when sending the newsletter. If there is a problem with the storage space, the data processor MikroVPS Ltd. is entitled to access the data to the extent necessary to remedy the error.

Do we handle your data differently?

We handle your data exclusively for the purposes defined above, and will not pass them on to third parties - unless we have indicated otherwise in this information.

An exception to this is the case where an investigative authority, court, prosecutor, violation authority, public administrative authority, or other authority seeks you based on the authority of the law. In this case, we will transmit your data only to the extent and to the scope that the request sent by the authority with a precise purpose and specifying the scope of the data covers, and which is absolutely necessary for the performance of the authority's tasks.

If a legal dispute arises between me and you, or between our partner represented by you, or between our partner appointing you as a result of the contract, the contract will be handed over to a court or mediator authorized to decide the legal dispute. The purpose of this is ours legitimate interest.

What rights do you have?

You have the right to be informed about the handling of your data, which we provide within the framework of this document.

1. Right of Access

When exercising this right, you can request access to your personal data. In this context, you can request information from us regarding what kind of data we process, on what legal basis, for what purpose, for how long, how we got access to this data, and to whom, when, for what purpose and on what legal basis we forwarded this data, as well as to whom, when and on what legal basis we granted access.

2. Right to rectification

If you exercise this right, you can request the correction and clarification of the above data if you notice any discrepancies. According to your request, we are obliged to correct the above data within 3 working days.

For example: If your notification address, phone number, or e-mail address has changed, you can request that the Data Controller transfer the new data to its records.

You can supplement your data if you find any gaps in them. However, in the course of individual data management, no additional data is required in addition to the above data, so they would be processed by the Data Controller without a specific purpose. If you want to enter a new phone number or e-mail address and do not want to delete the old one, please indicate which of the two contact details (the old and the new) you consider to be primary!

3. Right to erasure and oblivion

In case of exercising this right, you can ask the data manager to delete all your data that the Data Manager manages based on your consent and that is not required to be kept for a specified period of time by applicable law.

You can also request that if the data manager forwarded the data to a third party, and this data transfer was not carried out in order to fulfill a legal obligation, then the data manager initiates the deletion of your data from the recipient.

For example, you can request the deletion of your e-mail address or telephone number from our records, however, this entails the consequence that we cannot fulfill the concluded contract due to the lack of contact.

4. Right to restrict data processing (right to block)

If you dispute the accuracy of your personal data, you can limit data processing to the period until the data controller is convinced of the accuracy of the data and corrects it if necessary.

You can also request the restriction of the processing of your data according to the specified purpose(s) in the event that the data processing is illegal, but you do not request their deletion. In this case, your data cannot be used for the purpose you indicated until you make a statement to the contrary.

For example, if you made your data available to us in order to conclude a contract, however, the contract was not concluded, so the purpose of the data management was not achieved, the data management may become illegal after the planned date of signing the contract. However, if you declare that you do not want to delete your data, they will still be included in the Data Controller's records, so the next time you contact us with the intention of entering into a contract, we will not have to record your data again, it is enough to clarify them.

You can also request the restriction of the processing of your data in the event that the data controller no longer needs the personal data for the purpose of data processing, but you decide to request their further processing for the presentation, enforcement and protection of legal claims. In this case, in addition to making the restrictive statement, we ask that you also make a statement recording your consent to the further processing of the data!

If you feel that your legitimate interests are being harmed by the processing of your data, you can limit the processing of your data until it is determined whether the purpose of processing your data or the legitimate reasons for processing your data take precedence over your legitimate interests.

During the period of the restriction, the locked personal data may only be stored by the data controller, or with your consent, or to submit, assert, or defend legal claims, or to protect the rights of other natural or legal persons, or for important public interest.

For example: if the data controller has a direct claim against you, it can use your data to enforce this through official or judicial means.

5. Right to protest

You have the right to object to the processing of your personal data at any time for reasons related to your own situation, unless the law stipulates an obligation to keep and manage your data previously provided based on your consent.

In order to obtain direct business, the data controller uses personal data to the extent that information about new publications and services appears in the newsletters. The data controller does not perform profiling. The data controller does not process data for scientific or historical research purposes or for statistical purposes.

6. The right to appeal to the authorities

In the event that the data management of the data controller is objectionable, you are entitled to contact the National Data Protection and Freedom of Information Authority. Contact information of the Authority:

  • Postal address: H-1530 Budapest, Pf.: 5.
  • Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C. Hungary
  • Telephone: +36 1 3911400
  • E-mail: ugyfelszolgalat@naih.hu
  • Web: http://naih.hu

7. Right to go to court

If you feel that we have violated your rights by handling your data, and you wish to enforce your grievance in court, you have the right to go to court. In addition, you can take legal action against the decision of the data protection authority in accordance with the general rules of the administrative procedure by submitting a claim to the competent administrative and labor court.

Declaration on compliance with data management principles

Given that I consider the security of your data to be extremely important both as an entrepreneur and as an individual, I inform you that

  • I handle your data legally and fairly, as well as in a manner that is transparent to you.
  • your data is only collected for specific, clear and legitimate purposes, I do not handle them in a way that is incompatible with these purposes.
  • your data are appropriate and relevant for the purposes; they are limited only to the extent necessary.
  • your data is accurate and up-to-date based on what you have provided, if you request this, I will take all reasonable measures to ensure that your personal data is deleted or corrected.
  • I store your data in a form that enables your identification only for the time necessary to achieve the goals of personal data management, I keep them protected by appropriate technical and organizational measures.
  • I handle your data in such a way as to ensure adequate security of personal data, including protection against unauthorized or illegal processing, accidental loss, destruction or damage.

Budapest, on April 25, 2024

István Puskás
Data controller