Privacy Policy


Data Controller

Name: Radnai Rita

Registered office: 2836 Baj Haláp utca 4.

Correspondence address, complaint handling: 2836 Baj Haláp utca 4.

Email: myramileinfo@gmail.com

Phone number: +36 30 010 30 67

Website: Contains - a secret, randomly generated sequence of numbers - stored by your device, thereby ensuring your identifiability. The operating duration of each cookie is specified in the main characteristics of each cookie:

Data processed for the purpose of contract conclusion and performance

Several data processing events may occur for the purpose of contract conclusion and performance. Please note that data processing related to complaint handling and warranty administration will only take place if you exercise any of the aforementioned rights.

If you do not make a purchase through the webshop, but are only a visitor, the provisions concerning marketing data processing may apply to you if you provide us with your consent for marketing purposes.

Details of data processing for the purpose of contract conclusion and performance:

Contact

For example, if you contact us by email, contact form, or phone with a question about a product. Preliminary contact is not mandatory; you can order from the webshop at any time without it.

 

Processed data
The data you provide during contact.

 

Duration of data processing
We only process data until the contact is closed.

 

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by contacting them. [Data processing according to Article 6(1)(a) of the Regulation]

Order processing

During order processing, data processing activities are necessary for the performance of the contract.

 

Processed data
During data processing, the Data Controller processes your name, address, phone number, email address, characteristics of the purchased Product, order number, and date of purchase.

If you have placed an order in the webshop, data processing and the provision of data are essential for the performance of the contract.

 

Duration of data processing
We process data for 5 years according to the civil law statute of limitations.

 

Legal basis for data processing
Performance of the contract. [Data processing according to Article 6(1)(b) of the Regulation]

Invoice issuance

The data processing is carried out for the purpose of issuing an invoice in accordance with legal regulations and fulfilling the obligation to retain accounting documents. Pursuant to Section 169 (1)-(2) of the Accounting Act, business entities must retain accounting documents directly and indirectly supporting accounting records.

 

Processed data
Name, address, email address, phone number.

 

Duration of data processing
Issued invoices must be retained for 8 years from the date of issue, pursuant to Section 169 (2) of the Accounting Act.

 

Legal basis for data processing
Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issuance of an invoice is mandatory, and it must be retained for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [Data processing according to Article 6(1)(c) of the Regulation].

Recipients and data processors of data processing related to goods delivery

Name of recipient: Magyar Posta Zártkörűen Működő Részvénytársaság (Hungarian Post Private Limited Company)

Registered office of recipient: 1138 Budapest, Dunavirág utca 2-6.

Phone number of recipient: +36-1/767-8200

Email address of recipient: ugyfelszolgalat@posta.hu

Website of recipient: posta.hu

 

The courier service cooperates in the delivery of the ordered goods based on a contract with the Data Controller. The courier service processes the received personal data in accordance with its data processing information available on its website.

 

Handling of warranty and guarantee claims

We must handle warranty and guarantee claims according to the rules of NGM Decree 19/2014. (IV. 29.), which also specifies how we must handle your claim.

 

Processed data

When handling warranty and guarantee claims, we must proceed according to the rules of NGM Decree 19/2014. (IV. 29.).

Based on the decree, we are obliged to record a protocol of your warranty or guarantee claim reported to us, which includes:

  • your name, address, and your statement that you consent to the processing of your data recorded in the protocol as specified in the decree,
  • the name and purchase price of the movable property sold under the contract between you and us,
  • the date of performance of the contract,
  • the date of reporting the defect,
  • a description of the defect,
  • the right you wish to enforce based on your warranty or guarantee claim, and
  • the method of settling the warranty or guarantee claim or the reason for rejecting the claim or the right to be enforced based on it.

If we take over the purchased goods from you, we must issue a receipt for this, which must include

  • your name and address,
  • data necessary for identifying the item,
  • the date of receipt of the item, and
  • the date when you can pick up the repaired item.

 

 

Duration of data processing
The business is obliged to retain the protocol recorded on the consumer's warranty or guarantee claim for three years from its recording and to present it to the supervisory authority upon request.

 

Legal basis for data processing
The legal basis for data processing is compliance with legal obligations according to NGM Decree 19/2014. (IV. 29.) [Section 4 (1) and Section 6 (1)] [Data processing according to Article 6(1)(c) of the Regulation].

Handling of other consumer protection complaints

The data processing is carried out for the purpose of handling consumer protection complaints. If you have submitted a complaint to us, data processing and the provision of data are essential.

 

Processed data
Customer's name, phone number, email address, content of complaint.

 

Duration of data processing
Consumer protection complaints are retained for 3 years based on the Consumer Protection Act.

 

Legal basis for data processing
Whether you submit a complaint to us is your voluntary decision, but if you do, we are obliged to retain the complaint for 3 years pursuant to Section 17/A (7) of Act CLV of 1997 on Consumer Protection [Data processing according to Article 6(1)(c) of the Regulation].

Data processed in connection with the verifiability of consent

During registration, order placement, and newsletter subscription, the IT system stores IT data related to consent for later proof.

 

Processed data
Date of consent and IP address of the data subject.

 

Duration of data processing
Due to legal requirements, consent must be verifiable later, so the data storage period is until the expiration of the limitation period following the termination of data processing.

 

Legal basis for data processing
This obligation is stipulated by Article 7(1) of the Regulation. [Data processing according to Article 6(1)(c) of the Regulation]

Marketing data processing

Data processing related to newsletter sending

The data processing is carried out for the purpose of sending newsletters.

 

Processed data
Name, address, email address, phone number.

 

Duration of data processing
Until the withdrawal of consent by the data subject.

 

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [Data processing according to Article 6(1)(a) of the Regulation]

Data processing related to sending and displaying personalized advertisements

The data processing is carried out for the purpose of sending advertisement content tailored to the data subject's interests.

 

Processed data
Name, address, email address, phone number.

 

Duration of data processing
Until the withdrawal of your consent.

 


Legal basis for data processing
Your voluntary, explicit consent, which you provide to the Data Controller during data collection [Data processing according to Article 6(1)(a) of the Regulation]

Remarketing

Data processing as remarketing activity is carried out using cookies.

 

Processed data
Data processed by cookies as specified in the cookie policy.

 

Duration of data processing
The storage duration of the respective cookie, more information available here:

Google general cookie policy:
https://www.google.com/policies/technologies/types/

 

Google Analytics policy:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

 

Facebook policy:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

 

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by using the website [Data processing according to Article 6(1)(a) of the Regulation].

Automated decision-making

SAMPLE

Automated decision-making

 

The purpose of automated decision-making is to conclude and perform the contract between the Data Controller and the data subject; the results of automated decision-making are reviewed by the Data Controller's staff. The data subject has the right to request human intervention from the data controller in connection with automated decision-making, to express their point of view, and to lodge an objection against the decision.

 

The Data Controller uses automated decision-making in the following cases:

 

Loyalty discount

- applied logic:

- consequences for the data subject:

 

Coupon code

- applied logic:

- consequences for the data subject:

 

Weight-based shipping fee calculator

- applied logic:

- consequences for the data subject:

 

Value-based shipping fee calculator

- applied logic:

- consequences for the data subject:

Further data processing

If the Data Controller intends to carry out further data processing, it will provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of processed data, duration of data processing).

Recipients of personal data

Data processing for the storage of personal data

Name of data processor: Shopify Inc.

Contact details of the data processor:

Phone number:

Email address: info@shopify.com

Registered office: 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8 Canada

Website: shopify.com

The Data Processor carries out the storage of personal data based on a contract with the Data Controller. It is not authorized to access personal data.

Data processing activity related to newsletter sending

Name of company operating newsletter system: The Rocket Science Group LLC.

Registered office of company operating newsletter system: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Phone number of company operating newsletter system:

Email address of company operating newsletter system: privacy@mailchimp.com

Website of company operating newsletter system: mailchimp.com

The Data Processor assists in sending newsletters based on a contract with the Data Controller. In doing so, the Data Processor processes the data subject's name and email address to the extent necessary for sending newsletters.

Data processing related to invoicing

Name of data processor: 

Phone number of data processor: 

Email address of data processor: info@szamlazz.hu

Website of data processor: https://szamlazz.hu

The Data Processor assists in recording accounting documents based on a contract with the Data Controller. In doing so, the Data Processor processes the data subject's name and address to the extent necessary for accounting records, for the duration specified in Section 169 (2) of the Accounting Act, and then deletes it.

Data processing related to online payment

Name of data controller: Stripe Inc

Registered office of data controller: 510 Townsend Street San Francisco, CA 94103 United States

Phone number of data controller: 

Email address of data controller: info@stripe.com

Website of data controller: https://stripe.com

The payment service provider assists in carrying out online payment based on a contract with the Data Controller, for which purpose data transfer to the online payment service provider takes place during the purchase process. In doing so, the online payment service provider processes the data subject's billing name and address, order number, and date of purchase according to its own data processing rules.

Purpose of data transfer: to provide the online payment service provider with the transaction data necessary for the payment operation initiated by it in connection with the purchase.

Legal basis for data transfer: the performance of the contract concluded between you and the Data Controller based on Article 6(1)(b) of the Regulation, which includes payment by the buyer, and in the case of online payment, data transfer according to this point is necessary for payment.

Your rights during data processing

Within the duration of data processing, you are entitled to the following rights according to the provisions of the Regulation:

  • right to withdraw consent
  • right to access personal data and information related to data processing
  • right to rectification
  • right to restriction of processing,
  • right to erasure
  • right to object
  • right to data portability.

If you wish to exercise your rights, it will involve your identification, and the Data Controller will necessarily have to communicate with you. Therefore, personal data will be required for identification (but identification can only be based on data that the Data Controller already processes about you), and your complaints related to data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and wish to identify yourself for complaint handling or warranty administration, please also provide your order ID for identification. This will allow us to identify you as a customer.

Complaints related to data processing will be answered by the Data Controller within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the provided data will be deleted from our systems. However, please note that in the case of an unfulfilled order, withdrawal may result in us being unable to fulfill the delivery to you. In addition, if the purchase has already been made, we cannot delete invoicing-related data from our systems based on accounting regulations, and if you have an outstanding debt to us, we may process your data even if you withdraw your consent, based on our legitimate interest related to debt collection.

Right to access personal data

You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed, and where that is the case, you have the right to:

  • obtain access to the personal data processed and
  • be informed by the Data Controller about the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • information regarding the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Data Controller;
    • the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period;
    • your right to request from the Controller rectification or erasure of personal data or restriction of processing concerning you, and to object to such processing of personal data if based on legitimate interest;
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from you, any available information as to their source;
    • the existence of automated decision-making, including profiling (if such a procedure is applied), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of data processing. Therefore, in case of repeated requests for information, the Controller may charge a reasonable fee for providing the information.

The Controller ensures access to personal data by sending you the processed personal data and information by email after your identification. If you have a registration, access is provided by allowing you to view and check your personal data processed in your user account.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you.

Right to restriction of processing

You have the right to obtain from the Controller restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data. If the accurate data can be determined immediately, no restriction will be applied;
  • the processing is unlawful, but you oppose the erasure of the personal data for any reason (for example, because the data are important for you to assert a legal claim), and therefore you do not request the erasure of the data but rather the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of the specified processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to processing, but the Controller's legitimate interest may also justify the processing. In this case, until it is verified whether the Controller's legitimate grounds override your legitimate grounds, the processing must be restricted.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

The Controller shall inform you in advance (at least 3 working days before the lifting of the restriction) about the lifting of the restriction of data processing.

Right to erasure ('right to be forgotten')

You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Controller;
  • you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
  • you object to processing based on legitimate interest, and there are no overriding legitimate grounds (i.e., legitimate interest) for the processing;
  • the personal data have been unlawfully processed by the Controller, and this has been established based on the complaint;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.

If the Controller has made public personal data concerning you for any lawful reason and is obliged to erase it for any of the reasons mentioned above, it shall take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform other controllers processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject (this includes data processing in the context of invoicing, as the retention of invoices is prescribed by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for the establishment, exercise or defence of legal claims (e.g., if the Controller has an outstanding claim against you and it has not yet been fulfilled, or a consumer or data protection complaint is ongoing).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interest. In this case, the Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to data portability

Where processing is carried out by automated means or if the processing is based on your voluntary consent, you have the right to request from the Controller to receive the data provided by you to the Controller, which the Controller will provide in XML, JSON, or CSV format. If technically feasible, you may request that the Controller transmit the data in this format to another controller.

Automated individual decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. In these cases, the Controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

The above shall not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and the Controller;
  • is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

Registration in the Data Protection Register

Pursuant to the provisions of the Infotv., the Controller had to notify certain data processing operations to the data protection register. This notification obligation ceased on 25 May 2018.

Data security measures

The Controller declares that it has taken appropriate security measures to protect personal data from unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as from accidental destruction and damage, and from becoming inaccessible due to changes in the technology used.

The Controller does everything in its power, within organizational and technical possibilities, to ensure that its Data Processors also take appropriate data security measures when processing your personal data.

Remedies

If you believe that the Controller has violated any statutory provision concerning data processing or has not fulfilled any of your requests, you may initiate an investigation procedure by the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400) to cease presumed unlawful data processing.

We also inform you that in case of violation of statutory provisions concerning data processing, or if the Controller has not fulfilled any of your requests, you may initiate civil proceedings against the Controller before a court. 

Amendment of the Data Processing Information

The Controller reserves the right to amend this data processing information in a way that does not affect the purpose and legal basis of data processing. By using the website after the amendment comes into effect, you accept the amended data processing information.

If the Controller intends to carry out further data processing with respect to the collected data for a purpose different from the purpose of their collection, it shall inform you of the purpose of the data processing and the following information prior to the further data processing:

  • the period for which the personal data will be stored, or if not possible, the criteria used to determine that period;
  • your right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning you, and to object to the processing of personal data if based on legitimate interest, and in the case of processing based on consent or a contractual relationship, to request the right to data portability;
  • in the case of processing based on consent, that you may withdraw your consent at any time;
  • your right to lodge a complaint with a supervisory authority;
  • whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data;
  • the existence of automated decision-making (if such a procedure is applied), including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Data processing may only commence thereafter. If the legal basis for data processing is consent, in addition to being informed, you must also give your consent to the data processing.