Fifteen minute break

Data Processing Notice

Data Processing Notice

Acceptance date: 06-26-2023

Data Controller

Name: Orsolya Varga-Szeli

Registered office: Calle la Rosa 7. Tamaimo, 38684, S.C. Tenerife

Mailing address, Complaints handling: Calle la Rosa 7. Tamaimo, 38684, S.C. Tenerife

E-mail: info@sonjablondeauthor.com

Website: sonjablog.com

Hosting provider

Name: AB Plusz Bt.

Mailing address: 2049 Diósd, IV. Béla király utca 48., Hungary

E-mail: info@abplusz.hu

Description of data processing activities carried out during website operation

Information about the use of cookies

What is a cookie?

The Data Controller uses so-called cookies during your visit to the website. A cookie is an information package consisting of letters and numbers that our website sends to your browser with the aim of saving certain settings, facilitating the use of our website, and assisting in collecting some relevant statistical information about our visitors.

Some of the cookies do not contain personal information and are not suitable for individual user identification. However, some of them contain an individual identifier – a secret, randomly generated number – which your device stores, thereby ensuring your identifiability. The duration of operation of each cookie is described in the relevant cookie descriptions.

The legal background and basis for using cookies:

The legal basis for data processing is Article 6(1)(a) of the Regulation, based on your consent.

Key characteristics of cookies used by the website:

Marketing cookies:

Google Adwords cookies: When someone visits our site, the visitor’s cookie identifier is added to the remarketing list. Google uses cookies such as NID and SID cookies in Google products, such as customizing ads seen in Google Search. These cookies are used, for example, to remember your recent searches, previous interactions with ads from advertisers, and visits to advertiser websites. The AdWords conversion tracking feature uses cookies. Cookies are placed on the user’s computer when the person clicks on an ad to track sales and other conversions resulting from the ad. Some common uses of cookies include selecting ads based on what’s relevant to the individual user, improving reports on campaign performance, and avoiding displaying ads that the user has already seen.

If you do not accept the use of cookies, certain features will not be available to you. You can find more information about deleting cookies at the following links:

  • Internet Explorer:  http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
  • Firefox:  https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
  • Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
  • Chrome: https://support.google.com/chrome/answer/95647
  • Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Further data processing

If the Data Controller intends to carry out further data processing, they will provide prior information on the essential circumstances of the data processing (the legal background and basis of data processing, the purpose of data processing, the scope of processed data, and the duration of data processing).

Recipients of personal data

Data processing for the storage of personal data

Name of the data processor: AB Plusz Bt.

E-mail: info@abplusz.hu

Registered office: 2049 Diósd, IV. Béla király utca 48., Hungary

Website: www.abplusz.hu

The Data Processor, based on a contract with the Data Controller, performs the storage of personal data. The Data Processor is not authorized to access or retrieve the personal data.

Your rights during data processing

During the duration of data processing, you have the following rights in accordance with the provisions of the Regulation:

  • The right to withdraw consent
  • The right to access personal data and information related to data processing
  • The right to rectification
  • The right to restrict data processing
  • The right to erasure
  • The right to object
  • The right to data portability

If you wish to exercise your rights, it will require your identification, and the Data Controller will necessarily need to communicate with you. Therefore, for identification purposes, you will need to provide personal data (although identification can only be based on data that the Data Controller otherwise processes about you), and your data processing-related complaints will be accessible in the Data Controller’s email account as specified in this notice, within the designated time frame for complaints. If you were a customer and wish to identify yourself for complaint resolution or warranty processing, please provide your order identifier as well. With this information, we can identify you as a customer.

The Data Controller will respond to data processing-related complaints within a maximum of 30 days.

The right to withdraw consent

You are entitled to withdraw your consent to data processing at any time; in such cases, we will delete the provided data from our systems. However, please note that in the case of an unfulfilled order, withdrawing your consent may result in our inability to complete the delivery to you. Additionally, if the purchase has already been completed, in accordance with accounting regulations, we cannot delete data related to invoicing from our systems. Moreover, if you have outstanding debts to us, we may still process your data based on our legitimate interest in debt collection even if you withdraw your consent.

Access to personal data

You have the right to receive feedback from the Data Controller regarding whether your personal data is being processed, and if so, you are entitled to:

  • Obtain access to the processed personal data
  • Be informed by the Data Controller about the following information:
    • The purposes of data processing.
    • Categories of personal data concerning you that are being processed.
    • Information about recipients or categories of recipients with whom the Data Controller has communicated or will communicate your personal data.
    • The planned duration of personal data storage, or if this is not possible, the criteria used to determine that duration.
    • Your right to request from the Data Controller rectification, erasure, or restriction of processing of your personal data, and the right to object to such processing when it is based on legitimate interests.
    • The right to lodge a complaint with a supervisory authority.
    • If the data was not collected from you, all available information about the source.
    • The existence of automated decision-making, including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising this right may be to determine and verify the lawfulness of data processing, and therefore, in the case of multiple requests for information, the Data Controller may charge a reasonable fee for providing the information.

Access to personal data is provided by the Data Controller by sending you the processed personal data and information via email after your identification. If you have a registered account, we provide access by allowing you to log in to your user account to view and verify the personal data processed about you.

Please specify in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request the Data Controller to rectify inaccurate personal data concerning you without undue delay.

Right to restrict data processing

You have the right to request that the Data Controller restrict the processing of your data if any of the following conditions apply:

  • You dispute the accuracy of the personal data, in which case the restriction will apply for the period during which the Data Controller verifies the accuracy of the personal data. If the accuracy of the data can be immediately ascertained, no restriction will be imposed.
  • The processing of the data is unlawful, but you oppose the erasure of the data for any reason (for example, because they are important for you to assert a legal claim), so you request the restriction of their use instead.
  • The Data Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
  • You have objected to the data processing, but the legitimate interests of the Data Controller may override your objections. In this case, until it is determined whether the legitimate interests of the Data Controller take precedence over your objections, the data processing must be restricted.

If data processing is subject to restriction, such personal data can only be processed with your consent or for the establishment, exercise, or defense of legal claims, the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State, except for storage.

The Data Controller will inform you in advance (at least 3 working days before lifting the restriction) about the lifting of the restriction on data processing.

Right to erasure – right to be forgotten

You have the right to request the Data Controller to erase your personal data without undue delay if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller.
  • You withdraw your consent, and there is no other legal basis for the data processing.
  • You object to the data processing based on legitimate interests, and there are no overriding legitimate grounds for the processing, or you object to the data processing for direct marketing purposes.
  • The personal data have been unlawfully processed by the Data Controller, and this has been confirmed by a relevant authority following your complaint.
  • The personal data must be erased to comply with a legal obligation in Union or Member State law to which the Data Controller is subject.

If the Data Controller has made the personal data concerning you public and is obliged to erase it for any of the reasons mentioned above, the Data Controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.

Erasure shall not apply when the data processing is necessary:

  • For the exercise of the right to freedom of expression and information.
  • For compliance with a legal obligation that requires processing by Union or Member State law to which the Data Controller is subject (such as data processing for invoicing, as it is required by law to retain invoices), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
  • For the establishment, exercise, or defense of legal claims (e.g., if the Data Controller has a claim against you that is still outstanding and not fulfilled, or if there is an ongoing consumer or data processing complaint).

Right to object

You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data based on legitimate interests. In this case, the Data Controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to data portability

If the data processing is carried out in an automated manner or if the data processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data you provided to the Data Controller in a structured, commonly used, and machine-readable format, such as XML, JSON, or CSV, and have the right to transmit those data to another data controller if technically feasible.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In such cases, the Data Controller shall take appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the Data Controller, to express your point of view, and to contest the decision.

The above provisions do not apply in cases:

  • where the decision is necessary for the conclusion or performance of a contract between you and the Data Controller;
  • is authorized by Union or Member State law to which the Data Controller is subject, and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests
  • or is based on your explicit consent.

Registration in the data protection records

According to the provisions of the Information Act, the Data Controller was required to register certain data processing activities in the data protection records. This registration obligation ceased on May 25, 2018.

Data Security Measures

The Data Controller declares that appropriate security measures have been taken to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and to prevent becoming inaccessible due to changes in technology.

To the extent of organizational and technical possibilities, the Data Controller ensures that data processors also take appropriate data security measures when handling your personal data.

Remedies

If you believe that the Data Controller has violated any legal provisions related to data processing or has not fulfilled one of your requests, you have the right to initiate an investigation by the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969, +36 (30) 549-6838; +36 (1) 391 1400) to cease the presumed unlawful data processing.

Furthermore, please note that in case of a breach of legal provisions related to data processing or if the Data Controller has not fulfilled one of your requests, you can initiate a civil lawsuit against the Data Controller.

Modification of the Data Processing Information

The Data Controller reserves the right to modify this data processing information in a manner that does not affect the purpose and legal basis of data processing. By using the website after the effective date of the modification, you accept the modified data processing information.

If the Data Controller intends to carry out further data processing for purposes other than the collection of data, you will be informed about the purpose of the data processing and the following information before further data processing:

  • The duration of personal data storage, or if this is not possible, the criteria for determining the duration;
  • Your right to request access to your personal data, their correction, deletion, or restriction of processing from the Data Controller, and, in the case of data processing based on legitimate interests, your right to object to the processing of personal data, as well as your right to data portability;
  • If the processing is based on consent, that you can withdraw your consent at any time;
  • Your right to file a complaint with the supervisory authority;
  • Whether the provision of personal data is based on a legal or contractual obligation or a requirement necessary to conclude a contract, and whether you are obliged to provide personal data, and what the possible consequences of failure to provide data may be;
  • Information about the fact of automated decision-making (if such a procedure is applied), including profiling, and at least in these cases, meaningful information on the logic applied and the expected consequences of such data processing.

Data processing may only commence after you have given your consent in addition to receiving this information, if the legal basis for data processing is consent.

This document contains all relevant data processing information related to the operation of the webshop in accordance with the General Data Protection Regulation (GDPR) of the European Union 2016/679 and Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act).