Data Management
The www.store.hypeandhyper.com Portal (hereinafter: Portal) is operated by Filtz Europe Limited Liability Company (headquarters: H-1027 Budapest, Kapás utca 41. III. em. 16.; Company registration number: 01-09-185701, Tax number: 24848444-2-41; hereinafter referred to as: Company/Service Provider). The Company operates on the Portal's webshop (hereinafter: webshop), in which Users can purchase creative products and other products offered by the Service Provider or subscribe to Newsletter.
The Service Provider informs the Users below in accordance with Regulation No. 2016/679 of the General Data Protection Regulation of the European Parliament and of the Council (hereinafter: GDPR) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information regarding the data processing on the Portal and the activities performed by the Service Provider. (hereinafter referred to as the Information Act).
This Privacy Policy applies to the processing of personal data provided by the User to the Company, as well as to all personal data collected by the Company either on the Company's online platforms or using the 'Cookies'.
Interpretative provisions
For the purposes of this Privacy Policy:
Personal data: any information relating to an identified or identifiable natural person (“data subject”); identifiable is a natural person who, directly or indirectly, in particular an identifier such as a name, number, location data, online identifier or a natural person be identified on the basis of one or more factors relating to his physical, physiological, genetic, mental, economic, cultural or social identity;
Processing: any operation or set of operations carried out on personal data or files by automated or non-automated means, in particular collection, recording, organisation, storage, adaptation or alteration, use, inquiry, consultation, transmission of communication, by dissemination or otherwise making available, coordination or interconnection, restriction, erasure or destruction;
Data controller: any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;
Data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
Data destruction: total physical destruction of the media containing the data;
Transmission: making data available to a specific third party;
Data deletion: making data unrecognizable in such a way that it is no longer possible to restore it;
User: the person visiting the Portal or the WebStore, or the person buying the product in the Webshop (concerned);
Online interface: the Portal operated by the Company (www.store.hypeandhyper.com);
General stipulations:
Anyone can access the Company's Portal without providing your personal data and obtain information freely and without limitation on the Portal and on the pages linked to it.
With regard to possible data processing on the Portal, the Service Provider is considered to be a data controller. In the course of providing the Services, the service provider also qualifies as a data controller.
The Users are responsible for the data provided by Users and the content uploaded by Users, and the Service Provider excludes its liability for this.
The Service Provider has the right to modify this data management notice unilaterally at any time. The service provider is making changes to the data management notice. Publish it by displaying it on the Portal in a separate menu item. Users are asked to read the data management notice carefully every visit to the Portal.
This Privacy Notice is available on the Portal continuously. Users may open this data management notice on the Portal, view it, print it, save it, but they may not modify it, only the Service Provider is entitled to do so.
Scope of personal data processed by the Service Provider, purpose, legal basis, method, duration of data processing
The legal bases for data processing are as follows:
(a) the voluntary informed consent of the user to the processing pursuant to Article 6 (1) (a) of the GDPR (hereinafter: Consent.);
b) according to Article 6 (1) (b) of the GDPR, the data processing is necessary for the performance of a contract in which the User, as one of the parties, (hereinafter: Performance of the contract)
c) According to Article 6 1 (c) of GDPR, data processing is necessary for the fulfilment of the legal obligation of the controller (such as the fulfilment of accounting and accounting obligations — hereinafter: Fulfilment of a legal obligation
d) according to Article 6 (1) (d) of GDPR, processing is necessary in order to protect the vital interests of the data subject or of another natural person (hereinafter: Critical interest);
(e) in accordance with Article 6 1 (e) of GDPR, processing is necessary for the performance of a task in the public interest or in the exercise of a public authority vested in the controller (hereinafter: Public interest);
f) in accordance with Article 6 1 (f) GDPR, processing is necessary for the purposes of enforcing the legitimate interests of the controller or of a third party (hereinafter: Rightful interest).
Marketing inquiry, data management in case of sending newsletter
We inform the Users that we will send newsletter to those who have specifically subscribed to the newsletter. You can subscribe to the newsletter on the Portal by ticking the corresponding checkbox or by pressing the button.
Individuals who have subscribed to the newsletter have the right to unsubscribe from the newsletter at any time by clicking on the unsubscribe link at the bottom of each newsletter.
If you have unsubscribed from the newsletter, the Service Provider will no longer send a newsletter.
In case of withdrawal of consent, you can resubmit your consent at any time. The granting of consent is not a condition for the use of any Services. E-mail address and name are required when giving consent, without this consent, it is not possible to give consent. An e-mail address and name must also be provided for the withdrawal of consent in order to be identifiable.
-
The person concerned
Managed Data Type
Data Source
The purpose of data processing
Legal basis of data processing
Duration of data storage, deletion
date
Newsletter Recipient
Name
Affected User
Electronic direct marketing message,
send newsletter
Article 6 1 (a) GDPR: Contribution of the data subject
Until withdrawal of consent
E-mail address
Affected User
Electronic direct marketing message,
send newsletter
Article 6 1 (a) of GDPR: Contribution of the data subject
Until withdrawal of consent
-
The person concernedManaged Data TypeData SourceThe purpose of data processingLegal basis of data processingDuration of data storage, deletiondateUser visiting the portalIP address, country, browser used, device and operating system type andversion number, language settings,date of visitAffected UserProduction of statistics, Development of a portal,Identify and recognize the userArticle 6 1 (f) GDPR:data processing isnecessary to enforce the legitimate interests of the data controller2 years from the date of visitPortal Visit Data(pages viewed, time spent,clicks, openings)Affected UserCreate statisticsPortal developmentUser identification,RecognitionArticle 6 1 (f) GDPR:data processing isnecessary to enforce the legitimate interests of the data controller2 years from the date of visit
The Service Provider uses cookies and other various programs on the Portal in order to understand the needs and behaviour of the Users of the Portal and to develop the Portal on their basis. The Service Provider compiles anonymous statistics on visits to the Portal.
The above data management is in the business legitimate interest of the Service Provider, because it is able to further develop and make its Portal safer. The scope of the processed and collected data is not significant, the Service Provider uses them only anonymized for the production of statistics, does not collect behavioural preferences, and automated decision-making based on them does not take place, or does not send personalized offers on this basis. For users. Consequently, the fundamental rights and freedoms of the User are not disproportionately affected by this data processing.
Further information is contained in the Cookie Handling Policy, accessible by the User at the attached link: ___.
Processing of personal data during registration, placing orders for visitors and contacting
Visitors to the Portal can purchase creative products and other products offered by the Service Provider in the WebShop. The purchase can be made either through registration on the Portal or without registration.
Registration
You can register on the Portal by entering personal data. Personal data processed in this way:
-
Type of data handled
Data Source
The purpose of data processing
Legal basis of data processing
Name
Affected User (Customer)
Conclusion and performance of a contract
Contact
Article 6 1 (b) of GDPR provides: Performance of contract
Phone number
Affected User (Customer)
Conclusion and performance of a contract
Contact
Article 6 1 (b) of GDPR provides: Performance of contract
E-mail
Affected User (Customer)
Conclusion and performance of a contract
Contact
Article 6 1 (b) of GDPR provides: Performance of contract
Delivery address
Affected User (Customer)
Performance of contract
Article 6 1 (b) of GDPR provides: Performance of contract
Invoice address
Affected User (Customer)
Issuing of an invoice
Article 6 1 (b) of GDPR provides: Performance of contract
Tax number
Affected User (Customer)
Issuing of an invoice
Article 6 1 (b) of GDPR provides: Performance of contract
Username
Affected User (Customer)
Registration in the portal/Webshop
Article 6 1 (a) of GDPR: Contribution of the data subject
Password
Affected User (Customer)
Registration in the portal/Webshop
Article 6 1 (a) of GDPR: Contribution of the data subject
The User provides the above data on a form which is sent to the Service Provider and the Service Provider manages these data. The completed registration is necessary for the performance of the contract or for the preparation of the contract. Contact details, depending on the situation, are required for the conclusion and performance of contracts. The User's data is stored by the Company until the deletion of the customer account, but not more than 2 years after the execution of the contract, except the billing data, which the Service Provider manages for the mandatory period specified therein on the basis of the accounting legislation.
Orders as visitors:
The User has the option to place an order as a visitor. If you choose this method of placing the order, the User does not have to register before placing the order. Personal data processed in this way:
-
Type of data handled
Data Source
The purpose of data processing
Legal basis of data processing
Name
Affected User (Customer)
Conclusion and performance of a contract
Contact
Article 6 1 (b) of GDPR provides: Performance of contract
Phone number
Affected User (Customer)
Conclusion and performance of a contract
Contact
Article 6 1 (b) of GDPR provides: Performance of contract
E-mail
Affected User (Customer)
Conclusion and performance of a contract
Contact
Article 6 1 (b) of GDPR provides: Performance of contract
Delivery address
Affected User (Customer)
Performance of contract
Article 6 1 (b) of GDPR provides: Performance of contract
Invoice address
Affected User (Customer)
Issuing of an invoice
Article 6 1 (b) of GDPR provides: Performance of contract
Tax number
Affected User (Customer)
Issuing of an invoice
Article 6 1 (b) of GDPR provides: Performance of contract
Please note that for future orders, you will need to re-enter your details.
The Service Provider manages the data provided for visitor orders in order to fulfill the contract. The Company stores the information thus provided by the User during the execution of the order. The User's data will then be deleted unless he decides to activate his account (register on the portal) within 14 days of the order. On the basis of accounting rules, billing data are not deleted, for the mandatory period specified in the legislation.
Contact
If the User contacts the Company by telephone, e-mail or contact form, the data provided by the User shall be handled by the Company pursuant to Art. 6 (1) (a) GDPR. The purpose of data management is to enable the Company to answer the User's questions. The Company logs the connection. The User's consent is voluntary, as the contact is done actively. Data related to this will be deleted when the communication in question is terminated and the case is finally resolved.
Data Controller and Processors
The Data Controller defined in Section III is the Service Provider:
Filtz Europe Limited Liability Company
Registered seat: H-1027 Budapest, Kapás utca 41. III. em. 16.
Records: Commercial Court of the Metropolitan Court (Hungary)
Company registration number: 01-09-185701
Tax number: 24848444-2-41
E-mail:hello@hypeandhyper.com
On the part of the Service Provider, the Service Provider's employees have access to the User's data in the scope that is absolutely necessary for the performance of their work. Access rights to your personal data are set out in strict internal policies.
Data Processors
In order to manage and store the User's data, the Service Provider uses different enterprises with whom he concludes a data processor contract. The following data processors process the User's data:
-
Name and address of the processor
Purpose of data processing
Scope of data covered by data processing
MailChimp (675 Ponce de Leon Ave NE, Suite 5000;
Atlanta, GA 30308 USA)
Newsletter sending service
Information indicated in point III.2
Google LLC. (USA, Google Data Protection Office, 1600
Amphitheatre Pkwy Mountain View, California 94043
- Google Analytics)
Google Analytics service
Information indicated in point III.2
Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus
Hosting
Information indicated in point III.2
Shopify (150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4 Canada
Webshop Framework Provider
Information referred to in point III.3
KBOSS.hu Commercial and Service Limited Liability Company (szamlazz.hu) (H-1031 Budapest, Záhony utca 7.)
Billing Service
Name, billing address, VAT number
As regards processors based in the USA, data subjects are informed of the following possible data transfer risks, in accordance with the Court of Justice of the European Union, Case C-311/18 of the Privacy Shield Initiative of the Court of Justice of the European Union. (Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems):
it cannot be ensured that the undertaking concerned complies with the requirements of the GDPR,
it cannot be ensured that the undertaking concerned complies with the data security requirements,
it cannot be ensured that the undertaking concerned ensures an adequate level of protection for the processing of personal data,
it cannot be ensured that fundamental freedoms and the protection of personal data are guaranteed by the legislation applicable to the company concerned,
it cannot be ensured that an effective and independent data protection supervisory authority or body exists over the company that controls the processing of the data of the enterprise,
it cannot be ensured that the country of the undertaking complies with its international obligations relating to the protection of personal data,
it cannot be ensured that the data subject can properly and effectively exercise his data protection rights under the law applicable to the undertaking and in his country.
The Service Provider is entitled and obliged to transmit to the competent authorities all personal data available to it and stored properly by the Service Provider which it is obliged to transmit to the competent authorities by law or by a legally binding authority obligation. The Service Provider cannot be held liable for such data transfer and the consequences arising from it. The Service Provider does not carry out any other data transfer.
Privacy Policy applied by the Company
The Company respects the rights of visitors and users of the online interfaces operated by it as defined by law.
The Company uses the personal data essential for the use of the Company's services on the basis of the consent of the data subjects and solely on the basis of the intended purpose. The Company uses the personal data of Users as defined in Section III only in the manner and for the purposes specified in this Data Management Notice.
The Company, as Data Controller, undertakes to process the data obtained in accordance with the provisions of the GDPR, the Info Act, as well as other relevant laws and as specified in this Data Processing Notice, and on the controllers defined in this Privacy Policy outside it is not transferred to third parties. An exception to the provision of this clause is the use of data in a statistically aggregated form, which may not contain the name of the User concerned or any other data capable of identifying it in any form, thus does not constitute data processing, nor data transmission.
In certain cases, in particular on the basis of formal judicial, police requests, legal proceedings, infringements of copyright, property or other legal infringements or reasonable suspicion thereof, prejudice to the interests of the Company, endangering the provision of its services, judicial and other official decisions, unless otherwise provided by law, or in case of the User's prior explicit consent, make available the User's available data to third parties.
The Company shall endeavour to ensure that the processing and processing of the User's data are protected under the applicable legislation, in order to ensure that the Company and the Chamber operate a security system.
Protection of personal data.
The Company fulfils its obligations under the applicable data protection laws by:
keep personal data up to date;
safely store and dispose of them;
does not collect or store excessive amounts of data;
protect personal data from loss, misuse, unauthorised access and disclosure, and ensure that appropriate technical measures are taken to protect personal data.
The Company shall take appropriate technical and organizational measures to protect the User's personal data against accidental or unlawful destruction or accidental loss and modification, or unauthorized transfer or access, in particular, when processing is part of the transmission of data on the network — and against any unlawful form of processing.
Accordingly, the Company applies, among other things, different levels of access rights to the data, which ensures that only persons with the appropriate privileges have access to the data, who need to know the data in order to ensure that the data arises from their work or in relation to their obligations they can fulfill.
User rights
Pursuant to the data protection laws, the User is entitled to:
request access to your personal data,
request rectification of your personal data,
request the deletion of your personal data,
request the restriction of the processing of personal data,
object to the processing of your personal data,
ask for data portability,
object to the processing of your personal data (including protest against profiling and other rights in relation to automated decision-making),
withdraw its consent or lodge a complaint with the competent supervisory authority.
a) Right of access
The User has the right to receive feedback from the controller as to whether the processing of his/her personal data is in progress and to request access to his/her personal data if such processing is in progress.
The User has the right to request a copy of the personal data subject to data processing. The Data Controller may request further information from the User for identification purposes, or may charge a reasonable fee for further copies at the expense of administrative costs.
b) Right to rectification
The User has the right to request the data controller to rectify inaccurate personal data concerning the User. Depending on the purpose of data processing, the User is entitled to request the addition of incomplete personal data, including by means of an additional statement.
c) Right to erasure (“right to be forgotten”)
The User has the right to request the data controller for the erasure of his personal data and the controller is obliged to delete these personal data. In this case, the data controller cannot provide additional services to the User.
d) Right to restriction of processing
The User has the right to request the restriction of the processing of his personal data. In this case, the controller shall mark the personal data concerned, which may only be processed for certain purposes.
(e) Right to object
The User has the right to object to the processing of his/her personal data at any time, including profiling, or to request the controller not to process his/her personal data.
In addition, if User's personal data are processed by the Company or the Chamber on the basis of legitimate interest, the User is entitled to object at any time to the processing of his/her relevant personal data for this purpose.
Furthermore, the User is entitled to request human intervention in individual cases related to automated decision-making. Please note that the controller does not use automated decision-making mechanisms.
f) Right to data portability
The User shall have the right to receive the personal data provided in a structured, widely used, machine-readable format (i.e. digital format), and shall have the right to request the transfer of such data if it is technically feasible to another controller without being impeded by the Company or the Chamber.
g) Right to withdraw consent
If the User's personal data is processed on the basis of his consent, he may withdraw his consent at any time by clicking on the link in the newsletter or by changing the settings of his Portal account or mobile device without justification. Withdrawal of consent shall not affect the lawfulness of the consent-based data processing prior to withdrawal.
If the User withdraws his consent to the Company and the Chamber regarding the processing of his personal data, then the Company and the Chamber may not be able to provide the requested services at all or only partially.
h) Right to lodge a complaint addressed to the supervisory authority
If the User believes that his personal data has been misused, he may also apply to the local data protection authority and lodge a complaint, in particular in the Member State of his habitual residence, place of work or where the alleged infringement occurred.
In Hungary, you can also contact the National Authority for Data Protection and Freedom of Information: H-1125, Hungary, Budapest, Szilágyi Erzsébet fasor 22/C.; telephone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: ugyfelszolgalat@naih.hu).
Contact
If the User wishes to exercise his rights in matters related to data protection or to lodge a complaint, he may contact the Company's appointed staff member by mail sent to the e-mail address given below. In addition, you may also contact the Company in the form of a letter posted to the addresses given below.
E-mail: peter.kubovics@cooltix.hu
Correspondence address: H-1027 Budapest, Kapás utca 41. III. em. 16
Other stipulations:
In the event of a personal data breach, the Company shall notify and keep a record of the data breach to the supervisory authority in accordance with the law. In the cases provided for by law, it shall also inform the users concerned.
The controller regularly checks its online platforms and the information provided thereon and shall make every effort to ensure that the information is up-to-date and genuine. However, you may find information in online interfaces that is no longer current. The Company accepts no financial responsibility for such information.
Visitors of online interfaces and Users may visit other Portals not operated by the Company from the online interfaces. The Company shall not be responsible for the correctness of the data provided there, for the content of the web pages or for the security of the data provided by the visitors of the online platforms and the Users on the Company's online surfaces. Therefore, if you use these websites, please check the privacy policy of that company.
This Privacy Policy is effective from 2nd February 2020