Data processing information

Table of contents

1. Purpose of the data processing information
2. Data controller's data

2.1 Data Protection Officer

1. Scope of personal data processed

3.1. Technical data

3.2 Cookies

3.2.1 The role of cookies

3.2.2 Strictly necessary, session cookies

3.2.3. Cookies placed by third parties (analytics)

3.2.4. List of cookies on the controller's websites

4 General data processing guidelines, name of data processing, use, legal basis and retention period

4.1 Data related to online ordering

4.2 Data related to online administration

4.3 Data related to telephone administration

4.4 Newsletter / eDM related data

4.5 Customer contact information

4.6 Billing related data

4.7 Personal data to be provided during registration

5 Physical storage locations of data

6 Data transfer, data processing, circle of persons who have access to the data

6.1 Data transfer to third countries

7 Data subject's rights and remedies

7.1 Right to information

7.2 The data subject's right of access

7.3 Right to rectification

7.4 Right to erasure

7.5 Right to restriction of data processing

7.6 Right to data portability

7.7 Right to object

7.8 Automated decision-making in individual cases, including profiling

7.9 Right of withdrawal

7.10 Right to go to court

8 Other provisions

1. PURPOSE OF THE DATA PROCESSING NOTICE

Kasza Norbert György Individual entrepreneur (address: 8053 Bodajk Petőfi Sándor utca 81., hereinafter referred to as service provider, data controller) as data controller, acknowledges the content of this legal notice as binding on itself.

It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy and in applicable national legislation and European Union legal acts.

Data protection policies related to the data controller's data processing are continuously available at canicolor.hu.

The Data Controller reserves the right to change this information at any time. Of course, it will inform its audience of any changes in due time.

If you have any questions related to this announcement, please write and we will answer your question.

The Data Controller is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect the customers' right to informational self-determination. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data.

The Data Controller describes its data processing practices below.

1. DATA CONTROLLER DATA

If you would like to contact the company, you can contact the data controller at the email address hello@canicolor.hu and the telephone number 36 307337871.

Kasza Norbert György Sole proprietor

Registered office: 8053 Bodajk Petőfi Sándor Street 81.

Registration number: 54852134

Tax number: 56220335-1-27

Mobile: +36 307337871

Email: hello@canicolor.hu

2.1 DATA PROTECTION OFFICER

The data controller does not perform any activity that would justify the appointment of a data protection officer.

1. SCOPE OF PROCESSED PERSONAL DATA

3.1. TECHNICAL DATA

The data controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:

accessible to those authorized to do so (availability);

its authenticity and authentication are ensured (authentication of data processing);

its immutability can be verified (data integrity);

be protected against unauthorized access (data confidentiality).

The data controller takes appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.

The data controller ensures the security of data processing by implementing technical, organizational and organisational measures that provide a level of protection appropriate to the risks associated with data processing.

During data processing, the data controller maintains confidentiality: it protects the information so that only those who are authorized to do so can access it; integrity: it protects the accuracy and completeness of the information and the processing method; availability: it ensures that when the authorized user needs it, he can actually access the desired information and that the related tools are available.

3.2 COOKIES

3.2.1 THE PURPOSE OF COOKIES

Cookies collect information about visitors and their devices; remember visitors' personal settings, which can be used, for example, when making online transactions, so they don't have to be re-entered; make the website easier to use; and provide a quality user experience.

In order to provide a personalized service, a small data package, called a cookie, is placed on the user's computer and read back during a subsequent visit. If the browser sends back a previously saved cookie, the cookie management service provider has the opportunity to connect the user's current visit with previous ones, but only with regard to its own content.

3.2.2 ABSOLUTELY NECESSARY, SESSION COOKIES

The purpose of these cookies is to allow visitors to browse the canicolor.hu website fully and smoothly, use its functions and the services available there. The validity period of these types of cookies lasts until the end of the session (browsing), and when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

3.2.3. THIRD-PARTY COOKIES (ANALYTICS)

The canicolor.hu website also uses Google Analytics as a third-party cookie. Using the Google Analytics statistical service, canicolor.hu collects information about how visitors use the websites. The data is used to develop the website and improve the user experience. These cookies also remain on the visitor's computer or other browsing device, in its browser, until their expiration date, or until the visitor deletes them.

3.2.4. LIST OF COOKIES ON THE DATA CONTROLLER'S WEBSITES

4 GENERAL DATA PROCESSING POLICIES, DATA PROCESSING NAME, USE, LEGAL BASIS AND RETENTION PERIOD

The data processing activities of the Data Controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of data processing.

In certain cases, the processing, storage and transmission of a range of data provided is mandatory by law, of which we separately notify our clients. We draw the attention of data providers to the Data Controller that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject. Its data management principles are in line with the applicable data protection legislation, in particular the following: Act CXII of 2011 – on the right to informational self-determination and freedom of information (Infotv.);

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation, GDPR); Act V of 2013 on the Civil Code (Civil Code); Act C of 2000 on accounting (Accounting Act); Act LIII of 2017 on the prevention and suppression of money laundering and terrorist financing (AML/CFT); Act CCXXXVII of 2013 on credit institutions and financial undertakings (Finance Act).

The data controller has prepared data maps, based on which the scope of the data processed, its use, legal basis and retention period have been determined.

4.1 DATA RELATED TO ONLINE ORDERING

It is possible to order services through the website, personal data requested during the order:

Name (required field)

Email address (required field)

Phone number (optional field, can be filled in optionally, to initiate a callback)

Billing address

Shipping address

Specify payment method

For certain services, such as website maintenance, additional personal data may be transferred.

Purpose of data processing, planned use of the processed data: The data will be used to fulfill the order.

The legal basis for data processing is a contractual mandate.

Retention period: duration of business relationship or deletion request.

4.2 DATA RELATED TO ONLINE TRANSACTIONS

Personal data requested during contact:

Name (required field)

Email address (required field)

Phone number (optional field, can be filled in optionally, to initiate a callback)

Purpose of data processing, planned use of the processed data: The data will be used for contact and order fulfillment.

The legal basis for data processing is voluntary consent.

Retention period: duration of business relationship or deletion request.

4.3 DATA RELATED TO PHONE SERVICE

Personal data requested during contact:

Name (required field)

Phone number (optional field, can be filled in optionally, to initiate a callback)

Intended use of the processed data: The data will be used for contact and order fulfillment.

Purpose of data processing, planned use of the processed data: The data will be used for contact and order fulfillment.

The legal basis for data processing is voluntary consent.

Retention period: duration of business relationship or deletion request.

4.4 NEWSLETTER / EDM RELATED DATA

Personal data requested when subscribing to the newsletter:

Name (required field)

Email address (required field)

The newsletter is available after reading and accepting the data management policy. Acceptance of the data management policy is done by accepting a mandatory checkbox that is not filled in in advance.

After subscribing, the subscriber will receive an email message informing them of their subscription, which they must confirm, after which their subscription will take effect.

During all related processes, the customer still has the option to unsubscribe; the unsubscribe option is included in each email in the form of a link, which can be easily accessed with a single click.

Since the newsletter contains the name of the business and its website contact information, it qualifies as advertising or eDM.

Purpose of data processing, intended use of the processed data: The data will be used to send a newsletter containing advertising. The newsletter contains the address of the website, so it is already considered advertising.

The legal basis for data processing is voluntary consent.

Retention period: until unsubscribed.

4.5 CUSTOMER CONTACT INFORMATION

I store the following personal data and contact information of clients' company managers and contacts:

Name

Email address

Phone number

Purpose of data processing, intended use of the processed data: The data will be used for the purpose of establishing and maintaining contact.

The legal basis for data processing is legitimate interest.

Retention period: duration of business relationship or deletion request.

4.6 BILLING RELATED DATA

The data controller enters into a contract with its customers regarding the ordered services, during which the following data is stored:

Name

Email address

Title

Purpose of data processing, intended use of the processed data: invoicing.

Legal basis for data processing: legal requirement.

Retention period: current year + 5 years according to legal requirements

4.7 PERSONAL DATA TO BE PROVIDED DURING REGISTRATION

Email address

Full name

Phone number

Billing address

Shipping address

5 PHYSICAL STORAGE PLACES FOR DATA

Your personal data (i.e. data that can be linked to you personally) may be processed by us in the following ways:

on the one hand, in connection with maintaining an internet connection, technical data related to the computer you use, browser program, internet address, and the pages you visit are automatically generated in our computer system,

on the other hand, you can also provide your name, contact information or other data if you wish to contact us personally while using the website. Data technically recorded during the operation of the system: the data of the data subject's computer that canicolor.hu systems record as an automatic result of technical processes.

The automatically recorded data is automatically logged by the system upon entry or exit without any separate declaration or action by the data subject.

This data cannot be linked to other personal user data – except in cases required by law. Only canicolor.hu has access to the data.

6 DATA TRANSFER, DATA PROCESSING, CIRCLE OF PERSONS WHO KNOW THE DATA

The Data Controller uses the following data processors within the framework of its business activities:

Hosting service:

Kasza Norbert György Sole proprietor

Registered office: 8053. Bodajk Petőfi Sándor Street 81.

Registration number: 54852134

Tax number: 56220335-1-27

Known data: content of canicolor.hu websites, emails received by email addresses based on these domains.

Invoicing:

System name: Billingo

Contact: www.billingo.hu

Name of the online invoicing service provider: Octonull Kft.

Tax number: 25073364-2-41

Scope of known data: issued invoices

Google Analytics:

Google Inc., Mountain View, California, USA

Scope of known data: IP address of visitors to the canicolor.hu website – anonymized, not personally identifiable.

Facebook page:

Facebook Inc.

Menlo Park, California, USA

Privacy Policy: https://www.facebook.com/about/privacy/update

Known data: username, comment.

6.1 DATA TRANSFER TO A THIRD COUNTRY

Data is transferred to the United States of America, which was subject to an adequacy decision on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).

The adequacy decision also applies to the data controllers Mailchimp https://mailchimp.com/legal/privacy/, Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).

7 YOUR RIGHTS AND REMEDIES CONCERNING YOU

The data subject may request information about the processing of his or her personal data, as well as request the correction of his or her personal data, or - with the exception of mandatory data processing - its deletion or withdrawal, and may exercise his or her right to data portability and objection in the manner indicated when the data was collected, or at the above contact details of the data controller.

7.1 RIGHT TO INFORMATION

The Data Controller shall take appropriate measures to provide data subjects with all information referred to in Articles 13 and 14 of the GDPR concerning the processing of personal data and with all information pursuant to Articles 15 to 22 and 34 in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

7.2 RIGHT OF ACCESS TO DATA

The data subject has the right to receive feedback from the data controller as to whether his or her personal data is being processed and, if such processing is taking place, he or she has the right to access the personal data and the following information:

the purposes of data processing;

the categories of personal data concerned;

the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;

the planned period of storage of personal data;

the right to rectification, erasure or restriction of processing and to object;

the right to lodge a complaint with the supervisory authority;

information on data sources;

the fact of automated decision-making, including profiling, as well as understandable information about the logic involved and the significance and foreseeable consequences of such processing for the data subject.

The data controller shall provide the information within a maximum of one month from the date of submission of the request.

7.3 RIGHT TO CORRECTION

The data subject may request the correction of inaccurate personal data concerning him or her processed by the Data Controller and the completion of incomplete data.

7.4 RIGHT TO DELETION

The data subject shall have the right to request that the Controller erase personal data concerning him or her without undue delay where one of the following grounds applies: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing; the data subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data have been processed unlawfully; the personal data must be erased for compliance with a legal obligation to which the controller is subject under Union or Member State law; the personal data were collected in connection with the provision of information society services.

The erasure of data cannot be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to which the controller is subject to the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes, or for archiving, scientific and historical research purposes or statistical purposes, based on public interest; or for the establishment, exercise or defence of legal claims.

7.5 RIGHT TO RESTRICTION OF DATA PROCESSING

At the request of the data subject, the Data Controller shall restrict the processing of the personal data if one of the following conditions is met: the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period enabling the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead; the data controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or the data subject has objected to the processing; in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the data controller override those of the data subject.

If processing is subject to restrictions, personal data may be processed, with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or of a Member State.

7.6 RIGHT TO DATA PORTABILITY

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and to transmit these data to another controller.

7.7 RIGHT TO OBJECT

The data subject shall have the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data concerning him or her for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

7.8 AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

7.9 RIGHT OF WITHDRAWAL

The data subject has the right to withdraw their consent at any time.

7.10 RIGHT TO REFER TO COURT

In the event of a violation of his or her rights, the data subject may file a complaint with the data controller. The court shall proceed with the case ex officio. 8.11 Data protection authority procedure A complaint may be filed with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box: 5. Telephone: 0613911400 Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

8 OTHER PROVISIONS

We will provide information on data processing not listed in this information when the data is collected. We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies authorized by law may contact the data controller to provide information, communicate or transfer data, or make documents available. The data controller will only provide the authorities with personal data to the extent and insofar as the authority has specified the precise purpose and scope of the data, which is absolutely necessary to achieve the purpose of the request.

(This data management information was prepared based on the recommendation of the Budapest Chamber of Commerce and Industry.)

Bodajk, 2024. 09. 29.