Data processing information
Privacy Policy
Effective date: 25 May 2018
This website is operated by:
Apesyto Store GmbH
Registered office:
Dornbacherstraße 5 / Top 2–3
1170 Vienna
Austria
Company registration number:
671967m
EU VAT number:
AT U82994468
Represented by:
Tibor Peter Nemeth
Telephone:
+43 664 9911 0479
E-mail:
support@apesyto.store
Hereinafter referred to as the Service Provider or Data Controller.
Bank account details of the Service Provider:
Bank: ERSTE Bank Österreich
IBAN: AT57 2011 1856 3624 0200
SWIFT: GIBAATWWXXX
Introduction
Apesyto Store GmbH pays particular attention to the protection of personal data, compliance with applicable legal requirements, and secure and fair data processing.
When you use our services, you entrust us with your data. We understand that this is a great responsibility, and we make every effort to protect your data and to give you control over your personal information.
This Privacy Policy explains what data we collect, why we collect it, how we use it, and how you may update, manage, export or delete your data.
We aim to explain everything as clearly as possible. If you have any questions regarding this Privacy Policy, please feel free to contact us.
We collect data in order to provide better quality services to all our users. This may include basic information such as the language used by the customer, the products they may be interested in, or the way they use our services. The type of information collected and how it is used depends on how users interact with our services and how they manage their privacy settings.
We also use data to ensure that our services operate properly, including monitoring service interruptions, resolving technical problems, and improving the functionality and quality of our services.
Data may also be used for analytical and measurement purposes in order to better understand how visitors use our website. For example, information related to website visits may help us optimise product presentation, website structure and user experience.
We also use data to improve the security and reliability of our services. This includes detecting, preventing and resolving fraud, abuse, security risks and technical issues that could harm our company, our users or the public.
Legal background
The Data Controller processes personal data in accordance with applicable Hungarian, Austrian and European data protection laws and ethical standards. The Data Controller takes all necessary technical and organisational measures to ensure secure data processing.
This Privacy Policy has been prepared with consideration of the following legal regulations:
- Act CXIX of 1995 on the processing of name and address data for research and direct marketing purposes
- Act CVIII of 2001 on electronic commerce services and certain issues related to information society services
- Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities
- Act CXII of 2011 on the right of informational self-determination and freedom of information
- Regulation (EU) 2016/679 of the European Parliament and of the Council, known as the General Data Protection Regulation, GDPR
The Data Controller undertakes to comply with this Privacy Policy and requests that users also accept its provisions.
The Data Controller reserves the right to amend this Privacy Policy. If the policy is modified, the updated version will be made publicly available on the website.
The purpose of this Privacy Policy is to ensure that, in all areas of our services and for every individual regardless of nationality or place of residence, their rights and fundamental freedoms, especially their right to privacy, are respected in relation to the processing of their personal data.
Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings set out below.
Personal data means any information relating to an identified or identifiable natural person, including but not limited to name, address, postal address, telephone number, e-mail address or any other information that can be used to identify a person directly or indirectly.
Data subject means any natural person identified or identifiable on the basis of personal data.
Data Controller means the natural or legal person who determines the purposes and means of processing personal data.
Data Processor means any natural or legal person or organisation that processes personal data on behalf of the Data Controller.
Data processing means any operation or set of operations performed on personal data, including collection, recording, organisation, storage, alteration, use, disclosure, transmission, restriction, deletion or destruction.
Data transfer means making data available to a specific third party.
Deletion of data means making data unrecognisable in such a way that it can no longer be restored.
Data breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
Consent means the freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they agree to the processing of personal data relating to them.
Third party means a natural or legal person, public authority, agency or body other than the data subject, the Data Controller, the Data Processor or persons authorised to process personal data under the direct authority of the Data Controller or Data Processor.
Special categories of personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, data concerning sex life or sexual orientation, and data relating to criminal convictions or offences.
Principles of data processing
The Data Controller processes personal data lawfully, fairly and transparently.
Personal data may only be collected and processed for specified, explicit and legitimate purposes.
Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
Personal data must be accurate and, where necessary, kept up to date.
Personal data may only be stored in a form that permits identification of data subjects for as long as necessary for the purposes for which the data is processed.
Appropriate technical and organisational measures must be taken to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.
The Data Controller processes personal data either on the basis of the data subject’s consent, the performance of a contract, compliance with a legal obligation, protection of legitimate interests, or another legal basis permitted by applicable law.
Data processors and service providers
In the course of its activities, the Data Controller may use the services of trusted data processors and service providers.
Data may be transferred for the following purposes:
- fulfilment of orders
- delivery of products
- collection of cash-on-delivery fees, where applicable
- customer support
- newsletter delivery
- website analytics
- advertising and remarketing activities
- technical maintenance and operation of the website
The scope of data transferred may include:
- customer name
- telephone number
- e-mail address
- postal code
- delivery address
- doorbell or entry information
- message provided for the courier
- order-related information
The purpose of the data transfer is the fulfilment of orders, delivery of products and provision of customer service.
Website visitor data
When visiting the websites operated by the Data Controller, certain technical data may be processed for analytical, security and operational purposes.
The website may contain references or scripts from independent external servers for web analytics and measurement purposes. These measurements may include conversion tracking.
The analytics service provider processes browsing-related information that is not suitable for directly identifying individual visitors.
The Data Controller may use Google Analytics or similar analytics services to understand website usage and improve the user experience.
Cookies and remarketing
The Data Controller may use cookies, web beacons and similar technologies on its website.
Cookies may be used for:
- ensuring proper website functionality
- remembering user settings
- analytics and performance measurement
- advertising and remarketing
- improving user experience
The Data Controller may run remarketing advertisements through Facebook, Google Ads or other advertising systems. These providers may collect or receive data from the website through cookies, web beacons or similar technologies in order to provide measurement services and targeted advertisements.
Remarketing lists do not contain personal data suitable for direct identification.
Users may delete cookies from their computer or disable the use of cookies in their browser settings. These options are generally available under the privacy or security settings of the browser.
Further information about the privacy policies of Google and Facebook is available on their official websites.
Newsletter
The Data Controller may send newsletters, news, updates, business offers and direct marketing messages electronically to users who subscribe to the newsletter.
Newsletter communication may usually be sent monthly, but not more than twice per week.
Subscription to the newsletter requires the provision of a name and e-mail address, which are necessary for delivering the messages.
The data provided for newsletter subscription is processed until the data subject requests its deletion or unsubscribes from the newsletter.
Each newsletter contains a direct unsubscribe link.
The user is responsible for the accuracy of the personal data provided.
General principles regarding user data
The Data Controller declares the following general principles:
Personal data is obtained and processed fairly and lawfully.
Personal data is stored only for specified and legitimate purposes and is not used in a way incompatible with those purposes.
The scope of processed data is proportionate to the purpose of processing.
Data must be accurate and, where necessary, kept up to date.
Data must be stored in a way that allows identification of the data subject only for the period necessary for the purpose of storage.
Special categories of personal data are not processed unless there is an appropriate legal basis and the necessary safeguards are in place.
Appropriate security measures are implemented to protect personal data stored in automated systems against accidental or unlawful destruction, accidental loss, unauthorised access, alteration or disclosure.
Rights of data subjects
Every data subject has the right to receive information about the processing of their personal data.
The data subject has the right to request:
- access to their personal data
- correction of inaccurate personal data
- deletion of personal data, where legally possible
- restriction of processing
- objection to processing
- data portability, where applicable
- withdrawal of consent, where processing is based on consent
Upon request, the Data Controller provides information about the data processed, the source of the data, the purpose and legal basis of processing, the duration of processing, the name and address of the Data Processor, and any data transfer carried out.
The Data Controller responds to such requests within the time limit required by applicable law.
If the data subject believes that their rights have been violated, they may contact the Data Controller or submit a complaint to the competent data protection authority.
Correction and deletion of data
The Data Controller corrects inaccurate personal data where necessary.
Personal data is deleted if:
- the processing is unlawful
- the data subject requests deletion and there is no legal reason to retain the data
- the data is incomplete or inaccurate and cannot lawfully be corrected
- the purpose of data processing has ceased
- the statutory storage period has expired
- deletion is ordered by a court or supervisory authority
The Data Controller informs the data subject about correction or deletion where required by law.
Objection to data processing
The data subject may object to the processing of their personal data where the processing is based on the legitimate interest of the Data Controller or a third party.
The data subject may also object to the use of their personal data for direct marketing purposes.
If the objection is justified, the Data Controller shall terminate the processing, block the data and notify all parties to whom the data was previously transferred, where required by law.
Data security
The Data Controller protects personal data especially against:
- unauthorised access
- alteration
- transmission
- disclosure
- deletion
- destruction
- accidental damage
- accidental loss
The Data Controller and its service providers implement technical and organisational measures appropriate to the level of risk associated with data processing.
Sharing of personal data
The Data Controller does not share personal data with companies, organisations or individuals outside the company except in the following cases.
With the consent of the data subject
Personal data may be shared outside the company if the data subject has given consent.
For external processing
Personal data may be provided to trusted service providers, subcontractors or partners who process the data on behalf of the Data Controller and in accordance with its instructions, this Privacy Policy and applicable confidentiality and security requirements.
For example, service providers may assist with customer support, order fulfilment, delivery, payment processing, newsletter delivery or technical website operation.
For legal reasons
The Data Controller may disclose personal data if it believes in good faith that access, use, preservation or disclosure of the data is reasonably necessary to:
- comply with applicable laws, regulations, legal proceedings or enforceable authority requests
- enforce applicable terms and conditions
- detect, prevent or otherwise address fraud, security or technical issues
- protect the rights, property or safety of the company, users or the public
Non-personally identifiable information may be shared publicly or with partners for analytical, advertising or statistical purposes.
International data transfer
In certain cases, data may be processed on servers located outside the country of residence of the data subject.
Where international data transfers take place, the Data Controller ensures that appropriate safeguards are applied in accordance with applicable data protection laws.
Children’s personal data
If the processing of personal data of a child under the applicable age limit becomes necessary, such data may only be processed with appropriate and verifiable parental or legal guardian consent.
In the absence of such authorisation, the Data Controller does not knowingly collect or store children’s personal data.
Registration and user-provided data
Certain services may require users to complete a registration form.
During registration, the Data Controller clearly indicates which data is required, for what purpose and under what conditions.
The term “required” does not mean that data provision is legally mandatory, but that without certain data the registration or service may not be completed.
The Data Controller treats registration data confidentially and protects it from unauthorised access.
Personal data provided by users is not supplemented or combined with data from other sources unless the user has been properly informed and has given prior consent.
Public communication channels
If the website provides public communication channels, such as forums or comment sections, users use these features at their own responsibility.
Users should be aware that any personal data voluntarily disclosed in public areas may be accessible to others.
The Data Controller is not responsible for personal data voluntarily made public by users.
External links
The website may contain links to websites operated by other service providers.
The Data Controller is not responsible for the privacy practices, content or data processing activities of external websites.
Users are encouraged to read the privacy policies of external websites before providing any personal data.
Data subject requests and contact
The data subject may request information about the processing of their personal data, and may request correction, deletion or restriction of their data by contacting the Data Controller through any of the contact details provided in this Privacy Policy.
Contact:
Apesyto Store GmbH
Dornbacherstraße 5 / Top 2–3
1170 Vienna
Austria
E-mail:
support@apesyto.store
Telephone:
+43 664 9911 0479
Supervisory authority
If the data subject believes that their rights have been violated, they may contact the competent data protection authority.
For Hungarian-related matters, complaints may be submitted to:
Hungarian National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu
Closing provision
This Privacy Policy was originally prepared in Budapest on 25 May 2018.
Apesyto Store GmbH reserves the right to amend this Privacy Policy at any time. The updated version will be made available on the website.
