This document is an automated English translation of the original Hungarian text provided solely for your convenience. In the event of any discrepancies, misunderstandings, or disputes, the Hungarian version of the document shall prevail and shall be considered authoritative before any authorities or courts.
—
Data Controller
Name: Kisari Bettina Ev.
Registered Address: 1072 Budapest, Akácfa utca 6. 1/4
Registering Authority: National Tax and Customs Administration
Registration Number: 59820116
VAT Number: 90574960142
Email: info@kisaribettina.hu
Website: https://kisaribettina.hu/
Hosting Service Provider Information
Name: SeoLogic Kft
Registered Address: 1051 Budapest, Arany János utca 7. 1/16
Contact: info@seologic.hu
Website: https://seologic.hu
Description of Data Processing in the Operation of the Webshop
This document contains all relevant data processing information related to the webshop’s operation, in accordance with the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679, GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.).
Information on the Use of Cookies
What is a cookie?
The Data Controller uses so-called cookies when you visit the website. A cookie is an information package consisting of letters and numbers that our website sends to your browser to store certain settings, facilitate the use of our website, and contribute to collecting statistical information about our visitors.
Some cookies do not contain personal data and cannot be used to identify individual users, while others contain unique identifiers (a secret, randomly generated numerical sequence) stored on your device, making user identification possible. The duration of each cookie’s operation is specified in its respective description.
Legal Basis and Regulation of Cookies
The legal basis for data processing is your consent, in accordance with Article 6(1)(a) of the GDPR.
Main Types of Cookies Used on the Website
Strictly necessary cookies: These cookies are essential for using the website and enable basic website functionalities. Without them, many website features would not be available to you. These cookies are only stored for the duration of the session.
User experience enhancement cookies: These cookies collect information on how visitors use the website, such as which pages they visit most often or what error messages they receive. These cookies do not collect identifiable information, meaning they operate with completely general, anonymous data. The information obtained is used to improve the website’s performance. These cookies are only stored for the duration of the session.
Session cookies: These store the visitor’s location, browser language, and payment currency, and their lifespan lasts until the browser is closed or for a maximum of 2 hours.
Recently viewed product cookies: These record the products that the visitor last viewed. Their lifespan is 60 days.
Recommended product cookies: These store the list of products recommended to a friend through the “Recommend to a friend” function. Their lifespan is 60 days.
Cookie acceptance cookie: This stores the acknowledgment of the cookie storage notification that appears upon arrival at the site. Its lifespan is 365 days.
Cart cookie: This records the products placed in the shopping cart. Its lifespan is 365 days.
Smart offer cookie: This records conditions for displaying smart offers (e.g., whether the visitor has been on the site before or has made a purchase). Its lifespan is 30 days.
Backend identifier cookie: Identifies the backend server serving the website. Its lifespan lasts until the browser is closed.
Currency cookie: Stores the customer’s selected currency. Its lifespan is 30 days.
If you do not accept the use of cookies, certain features will not be available to you. More information on deleting cookies can be found at the following links:
•Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
•Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
•Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
•Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
•Chrome: https://support.google.com/chrome/answer/95647
•Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
Data Processing for Contract Formation and Performance
Various data processing activities may take place for contract formation and performance. Please note that data processing related to complaint handling or warranty claims will only occur if you exercise one of these rights.
If you do not make a purchase through the webshop and only visit the site, the marketing-related data processing section may apply to you if you provide marketing consent.
Detailed data processing for contract formation and performance:
Order Processing
Data processing activities are necessary for fulfilling the contract during order processing.
Processed Data
During data processing, the Data Controller handles your name, email address, home address, phone number, purchased product details, order number, and purchase date.
If you place an order in the webshop, data processing and providing the requested information are essential for contract fulfillment.
Duration of Data Processing
We retain data for 5 years, as required by civil law statutes of limitation.
Legal Basis for Data Processing
Fulfillment of the contract [Article 6(1)(b) of the GDPR].
Issuance of Invoices
The data processing is conducted to issue invoices in compliance with legal regulations and fulfill accounting document retention obligations. Under Section 169 (1)-(2) of the Accounting Act, businesses must retain accounting documents that directly or indirectly support bookkeeping records.
Processed Data
Name, address, email address, phone number.
Duration of Data Processing
Issued invoices must be retained for 8 years from the date of issuance, as per Section 169(2) of the Accounting Act.
Legal Basis for Data Processing
Under Section 159(1) of Act CXXVII of 2007 on Value Added Tax, issuing an invoice is mandatory, and under Section 169(2) of Act C of 2000 on Accounting, invoices must be kept for 8 years [Article 6(1)(c) of the GDPR].
Marketing-Related Data Processing
Newsletter Subscription
Data processing is conducted for sending newsletters.
Processed Data
Name, address, email address.
Duration of Data Processing
Until the affected individual withdraws their consent.
Legal Basis for Data Processing
Your voluntary consent, provided by subscribing to the newsletter [Article 6(1)(a) of the GDPR].
Additional Data Processing
If the Data Controller intends to conduct additional data processing, prior notification will be provided regarding the key aspects of data processing (legal basis, purpose, scope of data, duration).
We inform you that the Data Controller must comply with legally authorized, written data requests from authorities. The Data Controller maintains records of data transmissions in accordance with Section 15(2)-(3) of the Infotv., documenting which authority received personal data, on what legal basis, and when. Upon request, the Data Controller will provide information on the content of these records, except where disclosure is prohibited by law.
Data Processing Related to Invoicing
•Data Processor: Billingo Technologies Zrt.
•Registered Address: 1133 Budapest, Árbóc utca 6. I. floor
•Phone Number: +36-1/500-9491
•Email: hello@billingo.hu
The Data Processor collaborates with the Data Controller under a contractual agreement to maintain accounting records. As part of this process, the Data Processor handles the affected individual’s name and address to the extent necessary for accounting records, retaining the data in accordance with Section 169(2) of the Accounting Act, after which it is deleted.
Online Payment Data Processing
Stripe
By using Stripe for card payments, I acknowledge that Kisari Bettina EV, as the Data Controller, transfers the following personal data stored in the user database of https://kisaribettina.hu to Stripe as the data processor.
The transferred data includes:
•Email address
•Billing name
•Country
•County (based on city)
•City
•Postal code
•Address
Details regarding Stripe’s data processing activities can be found in their privacy policy: https://stripe.com/en-hu/privacy/
The Data Controller will respond to data processing complaints within 30 days at the latest.
Right to Withdraw Consent
You may withdraw your consent for data processing at any time, in which case your data will be deleted from our systems. However, please note that withdrawing consent while an order is still pending may result in us being unable to fulfill the shipment. Additionally, if the purchase has already been completed, accounting regulations require that invoicing-related data cannot be deleted from our systems. If you have an outstanding debt, we may continue processing your data based on legitimate interest for debt collection purposes, even if you withdraw your consent.
Right to Access Personal Data
You have the right to receive confirmation from the Data Controller regarding whether your personal data is being processed. If processing is in progress, you have the right to:
•Access the personal data being processed, and
•Receive the following information from the Data Controller:
•The purposes of the data processing;
•The categories of personal data being processed;
•Information about the recipients or categories of recipients to whom the personal data has been or will be disclosed;
•The planned retention period for the personal data, or if this is not possible, the criteria used to determine this period;
•Your right to request the rectification, erasure, or restriction of processing of your personal data, and in cases where processing is based on legitimate interest, to object to such processing;
•Your right to lodge a complaint with a supervisory authority;
•If the data was not collected from you, any available information about its source;
•The existence of automated decision-making (if applicable), including profiling, and at least in these cases, meaningful information about the logic used and the expected significance and consequences of such processing for you.
The purpose of exercising this right is to verify and ensure the lawfulness of data processing. If you request information multiple times, the Data Controller may charge a reasonable fee to fulfill the request.
Access to personal data is provided by the Data Controller by sending the processed personal data and related information to you via email upon verification of your identity. If you have a registered account, access is also provided through your user account, where you can review and verify your processed personal data.
Please specify in your request whether you seek access to personal data or information related to data processing.
Right to Rectification
You have the right to request that the Data Controller promptly correct any inaccurate personal data concerning you.
Right to Restriction of Processing
You have the right to request that the Data Controller restricts data processing if any of the following conditions apply:
•You contest the accuracy of the personal data, in which case the restriction applies for the period necessary for the Data Controller to verify the accuracy of the personal data. If the correct data can be immediately determined, the restriction will not apply.
•The data processing is unlawful, but you object to the deletion of the data for any reason (e.g., because you need the data to exercise legal claims) and instead request restriction of its use.
•The Data Controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims.
•You have objected to the data processing, but the Data Controller may have legitimate grounds for processing. In this case, the data processing must be restricted until it is determined whether the Data Controller’s legitimate grounds override yours.
If data processing is restricted, such personal data, except for storage, may only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of public interest of the European Union or a Member State.
The Data Controller will inform you in advance (at least three business days before lifting the restriction) before removing the restriction on data processing.
Right to Erasure (Right to Be Forgotten)
You have the right to have your personal data erased by the Data Controller without undue delay if any of the following conditions apply:
•The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
•You withdraw your consent, and there is no other legal basis for the processing.
•You object to processing based on legitimate interest, and there is no overriding legitimate reason (such as a compelling legitimate interest) for the processing.
•The Data Controller has processed your personal data unlawfully, and this has been confirmed based on a complaint.
•The personal data must be deleted to comply with a legal obligation under European Union or Member State law applicable to the Data Controller.
If the Data Controller has made the personal data public and is required to delete it for any of the above reasons, it must take reasonable steps, considering available technology and implementation costs—including technical measures—to inform other data controllers processing the data that you have requested the deletion of any links to, copies, or replications of that personal data.
Exceptions to the Right to Erasure
The right to erasure does not apply if data processing is necessary for:
•Exercising the right to freedom of expression and information.
•Compliance with a legal obligation that requires processing under European Union or Member State law applicable to the Data Controller (such as data processing related to invoicing, as legal regulations require invoice retention).
•Public interest purposes or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
•The establishment, exercise, or defense of legal claims (e.g., if the Data Controller has an outstanding claim against you that has not yet been settled, or if a consumer or data protection complaint is under investigation).
Right to Object
You have the right to object at any time to the processing of your personal data based on legitimate interest due to reasons related to your particular situation. In such cases, the Data Controller may no longer process your personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling related to direct marketing. If you object to the processing for direct marketing purposes, your personal data may no longer be processed for such purposes.
Right to Data Portability
If data processing is carried out automatically or is based on your voluntary consent, you have the right to request that the Data Controller provide the data you have supplied in XML, JSON, or CSV format. If technically feasible, you may also request that the Data Controller transfer these data directly to another data controller.
Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which would have legal effects on you or similarly significantly affect you. In such cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms, and legitimate interests of the affected individual. This includes ensuring that the affected individual has at least the right to request human intervention, express their viewpoint, and challenge the decision.
The above does not apply if the decision:
•Is necessary for entering into or performing a contract between you and the Data Controller;
•Is authorized by European Union or Member State law applicable to the Data Controller, which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or
•Is based on your explicit consent.
Data Security Measures
The Data Controller declares that appropriate security measures have been taken to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage and loss of accessibility due to changes in the applied technology.
The Data Controller takes all reasonable efforts within its organizational and technical capabilities to ensure that its data processors also implement appropriate data security measures when processing your personal data.
Legal Remedies
If you believe that the Data Controller has violated any legal provisions regarding data processing or has not fulfilled a request you submitted, you may initiate an investigation by the National Authority for Data Protection and Freedom of Information to stop the alleged unlawful data processing.
•Mailing address: 1363 Budapest, Pf. 9.
•Email: ugyfelszolgalat@naih.hu
Additionally, if your rights related to data processing have been violated or if the Data Controller has not fulfilled your request, you have the right to file a civil lawsuit against the Data Controller in court.
Modification of the Data Processing Notice
The Data Controller reserves the right to modify this privacy notice without affecting the purpose and legal basis of data processing. By continuing to use the website after the modification takes effect, you accept the modified privacy notice.
If the Data Controller intends to process collected data for purposes other than those for which they were originally collected, you will be informed in advance about:
•The duration of data storage or, if not possible, the criteria used to determine this duration;
•Your right to request access to, rectification, deletion, or restriction of processing of your personal data and, in the case of processing based on legitimate interest, your right to object to the processing;
•If the processing is based on consent or contractual necessity, your right to data portability;
•Your right to withdraw consent at any time, if applicable;
•Your right to file a complaint with the supervisory authority;
•Whether providing personal data is a legal or contractual requirement or a prerequisite for concluding a contract, and the possible consequences of not providing the data;
•The existence of automated decision-making (if applicable), including profiling, and meaningful information about the logic involved, as well as the significance and potential consequences of such processing.
Data processing can only commence after this information is provided. If the legal basis for processing is consent, you must give your explicit consent before data processing begins.
Last modified: 2025.03.12
