The www.etights.eu website and the webshop operated within the site, as well as the related communication and correspondence, process personal data using state-of-the-art technologies and security settings, and use cookies to operate the website. We process personal data in a way that makes it available to our customers / partners / visitors for self-determination and information - the conditions and technical methods, principles and rules developed for this purpose are set out and described in this Privacy Notice and Privacy Statement.
The information notice and the data management processes pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as "Regulation (EU) 2016/679"): Regulation), the Data Controller shall take appropriate measures to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in a clear and plain language, and to facilitate the exercise of the data subject's rights, taking into account the Data Subject's prior information obligation in accordance with the Directive 2011/46/EC of the European Parliament and of the Council on the right to information and freedom of information. CXII of 2011. If you have any questions or comments about the processing or use of your personal data, please contact us at etightsinfo@gmail.com or by phone at +36203387604.
1. NAME OF THE CONTROLLER
The publisher of this notice is the Data Controller: Company name: Elsilpes Kft
Registered office: 2234 Maglód Pasteur Lajos utca 44/2 Hungary
Company registration number: 13-09-220596
Tax number: 27868692-2-13
Vat number: HU27868692
Representative: Tibor Takács Managing Director
Phone number: +36203387604
E-mail address: etightsinfo@gmail.com
Website: www.etights.eu (hereinafter referred to as "the Company")
2. DEFINITIONS OF TERMS USED IN THE PROSPECTUS
2.1. personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.2. data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.3. controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
2.4. processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
2.5. recipient: the natural or legal person, public authority, agency or any other body to whom or with which the personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
2.6. data subject's consent: a voluntary, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
2.7. data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3. PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA
Personal data -processing must be lawful, fair and transparent for the data subject ("lawfulness, fairness and transparency");
-collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) ('purpose limitation'); -the processing must be adequate, relevant and limited to what is necessary for the purposes for which it is intended ('data minimisation');
-be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay ('accuracy');
-be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of data subjects as provided for in this Regulation ('limited storage');
-processing must be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage ('integrity and confidentiality'), by implementing appropriate technical or organisational measures. The controller is responsible for compliance with the above principles and must be able to demonstrate such compliance ("accountability").
4. DATA MANAGEMENT
4.1. Data processing related to the operation of the webshop
4.1.1.1: The fact of collection, the scope of the data processed and the purpose of the processing:
Name of personal data Purpose of data processing
1.User name: Identification, enabling registration. To provide secure access to the user account. It does not need to contain personal data!
2.Surname and first name: It is required to contact you, to make a purchase and to issue a proper invoice.
3.E-mail address: Maintaining contacts, coordinating more efficiently on billing or delivery issues. No personal data is required!
4.Phone number: Keeping in touch, negotiating billing or delivery issues more efficiently.
5.Billing name and address: The issuing of proper invoices and the creation, definition, modification and monitoring of the performance of the contract, the invoicing of the fees arising therefrom and the enforcement of claims relating thereto.
6.Delivery name and address: Required to ensure home delivery.
7.Date of purchase/registration: Perform a technical operation.
8.IP address at the time of purchase/registration: Perform a technical operation. All data subjects registered/customers of the online shop.
4.1.3. Deletion of any personal data provided by the data subject. If the data subject's request for erasure also includes the e-mail address provided by the data subject, the controller will also erase the e-mail address following the notification. Except in the case of accounting records, since pursuant to Article 169 (2) of Act C of 2000 on Accounting, these data must be kept for 8 years. The accounting documents (including general ledger accounts, analytical or detailed records) which directly and indirectly support the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.
4.1.4. Potential data controllers entitled to access the data, recipients of personal data: personal data may be processed by the commercial and marketing staff of the controller, in compliance with the above principles. Limited access to the data is available to the financial and logistical staff of the Controller, to the extent necessary for their work.
4.1.5. Description of data subjects' rights in relation to data processing: The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and object to the processing of such personal data; and the data subject has the right to data portability and the right to withdraw consent at any time.
4.1.6 The data subject may initiate the access to, deletion, modification or restriction of the processing of personal data, the portability of data, objections to processing in the following ways: by post to: 2234 Maglód Pasteur Lajos utca 44/2 HUNGARY by e-mail to: etightsinfo@gmail.com by telephone at: +36203387604
4.1.7. Legal basis for processing: Article 6(1)(b) of the GDPR, Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter: Elker Act): the service provider may process personal data which are technically necessary for the provision of the service. The service provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only if absolutely necessary for the provision of the service and for the fulfilment of the other purposes specified in this Act, but in this case only to the extent and for the duration necessary. Article 6(1)(c) if the invoice is issued in accordance with accounting legislation. In the event of enforcement of claims arising from the contract, 5 years pursuant to § 6:21 of Act V of 2013 on the Civil Code. § 6:22 [Statute of limitations] (1) Unless otherwise provided by this Act, claims shall be subject to a limitation period of five years.(2) The limitation period shall begin to run when the claim becomes due. (3) An agreement to alter the limitation period shall be in writing.(4) An agreement excluding the limitation period shall be null and void.
4.1.8 We inform you that the processing is necessary for the performance of a contract. According to the general rules of the online shop, the customer is obliged to provide personal data in order to fulfil the order (including invoicing and delivery). Failure to provide the data will have the automatic consequence that the order cannot be processed and fulfilled.