Our website address: https://kattuska.com
In drafting the provisions of this information notice (hereinafter: “Information Notice”), the Company has taken particular account of the provisions of Regulation 2016/679 of the European Parliament and of the Council of the European Union (“General Data Protection Regulation” or “GDPR”), Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Information Act”) and Act V of 2013 on the Civil Code (“Civil Code”).
You automatically consent to the processing of your personal data when you request a quotation from us, place an order and have your finished furniture or machinery delivered to us for installation.
If you do not consent to the processing of your data, we will not be able to provide you with a quotation, conclude a contract with you or deliver finished furniture to you.
Our Company follows the following principles in the processing of your data:
processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
data processor: a service provider used by our Company, which is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller;
personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;
processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
transfering data: making data available to a third party as defined in this notice
data subject’s consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
data subject: the natural person in respect of whom personal data are processed;
data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom or with whom the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
adattörlés: az adat felismerhetetlenné tétele oly módon, hogy a helyreállítása többé nem lehetséges;
data retention: the marking of data with an identifier in order to allow its further processing, either permanently or for a limited period of time.
data marking: the marking of data with an identification mark to distinguish it.
data destruction: the complete physical destruction of the medium containing the data.
The data controller declares that it handles personal data in accordance with the data management information and complies with the GDPR, Infotv. as well as the provisions of all other relevant laws, with particular attention to the content of this point:
Personal data must be handled legally and fairly, as well as in a transparent manner for the data subject.
Personal data may only be processed for specific, clear, lawful and previously announced purposes.
The purpose of processing personal data must be appropriate and relevant, and data processing can only be to the extent necessary.
Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted immediately.
Personal data must be stored in such a way that the identification of the data subjects is limited to the shortest period determined by the data management purpose.
Further processing of personal data other than that contained in this information is considered lawful if the data processing is necessary to comply with a legal obligation, for the purpose of public interest, for scientific research or statistical purposes, or for the submission and enforcement of legal claims.
The processing of personal data must be carried out in such a way that the appropriate security of personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of data.
The principles of data protection shall be applied to all information relating to identified or identifiable natural persons.
An automatic decision-making system operates during the management of your data, which does not require your prior consent. After the order contract, during the delivery phase, your contact details will be transferred to our procurement team so that we can deliver the ordered products to their destination.
If you do not consent to automatic decision-making, please let us know when ordering. In this case, we cannot deliver the products.
We transmit your data via our email service system (you can find out about the GDPR compliance of the Gmail service provider at this link: https://cloud.google.com/security/gdpr/).
We store your data in our internal registration system. We secure your data on our server in electronic form with authorization management and password protection. The data controller stores the personal data provided by you on its company server at its premises (2120 Dunakeszi, Repülőtér út 1.)
We also provide your data on the tültezz.hu program page – to ensure compliance with the law. You can find information about the data protection policy of szamlazz.hu here: https://www.szamlazz.hu/adatvedelem/
Your data is managed only by Enter Team Kft., we do not disclose it to third parties.
Only our employees have access to the data you provide in order to carry out their planning, procurement, installation and installation tasks.
Only GDPR and Infotv are used to manage personal data. in order to exercise a right or fulfill an obligation, while respecting the principle of purpose-boundness, it takes place for a predetermined purpose, to the extent and for the time necessary to achieve the purpose. At every stage of data management, it must comply with the purpose of data management – and if the purpose of data management ceases or the data management is otherwise illegal, the data will be deleted by the Company.
Prior to the start of data management, the Company informs the data subject of the purpose and legal basis of the data management, the scope of the managed data, as well as additional information regarding the data management through this information sheet.
The purpose, the legal basis, the parties involved, and the data management period of each data management carried out by the Company are indicated separately, under the activities. The rights of the data subjects are detailed in the “Data management rights” section of these regulations, as they are the same for all data management activities.
In the case of data processing based on the consent of the data subject, the data subject may withdraw his previously given consent in writing at any time – even in a letter sent to the contact e-mail address. In case of withdrawal of consent to the processing of personal data, the data processed on the basis of consent will be deleted.
The Data Controller and data processors and their employees are entitled to access the data.
The person ordering the service, as a data subject, may request information about the processing of his personal data, may request from the Data Controller access to his personal data, their correction, deletion or restriction of data processing in the case of data processing based on consent, and may object to the processing of such personal data, as well as the data subject on his right to data portability.
The person concerned may withdraw his data processing consent at any time, but this does not affect the legality of data processing carried out on the basis of consent before the withdrawal.
In the case of consent-based data processing, the data subject has the right to have the data controller delete inaccurate personal data relating to him without undue delay upon request, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if the legal basis for data processing has ceased.
The modification or deletion of personal data can be initiated in writing and the declaration regarding the merits of data management can only be made in writing. The written declaration can be made in the traditional form on paper, as well as via the e-mail address specified in point 1 of this information.
Bank card data provided during purchases on the webshop operated by the Company is managed by CIB Bank.
It is important to emphasize that the withdrawal of consent-based data management authorization by the data subject does not terminate the data subject’s existing contract with the Company, so the fact of the withdrawal does not affect the payment obligation to the Company either. The fact of non-payment in itself grounds the processing of the data subject’s data, as it takes place in connection with the delay in payment to the Company. The condition for the start of data management is the initiation of the order.
Affected customers can order the Company’s services and products online. The performance of the service and the sale of the product begin with the signing of the contract between the Company and the person concerned.
The Data Controller processes the following data of the data subjects as follows:
Purpose: In relation to the sale of services and products provided by the Company, the exercise of the rights existing under the contract and arising therefrom, the fulfillment of obligations, the enforcement of the legitimate interests of the Company, the prevention, investigation and investigation of abuses
Range of processed data: Name, residential address, e-mail address; telephone number
Legal basis: based on GDPR Article 6 (1) points a) and b) for the consent of the affected person and the fulfillment of contractual obligations with the affected person
Scope of stakeholders: The stakeholders in a contractual legal relationship
Data management period: 5 years from the completion of the order
Data controller: Enter Team Kft.
Data transmission: For data processors with a contractual legal relationship with the Company and those entitled to independent data management based on the law
The following persons are entitled to access the data: The Data Controller and its employees who have a work or commission relationship with it; the data processor and its employees; Tóth Katalin
Data storage method: Electronic
Profiling: None
Automated decision making: None
The following data of the customers is processed by the Data Controller for the purpose of maintaining personal contact:
Purpose: Identification, contact.
Scope of processed data: Tóth Katalin, hello@kattuska.hu
Legal basis: fulfillment of contractual obligations according to GDPR Article 6 (1) point b) and the obligation to provide information to the data subject.
Scope of stakeholders: The stakeholders in a contractual legal relationship
Data controller: Enter Team Kft
The following persons are entitled to access the data: The Data Controller and its employees who have a work or commission relationship with it; the data processor and its employees
Duration of data management: Until the end of the service
Method of data storage: Electronically
Profiling: None
Automated decision making: None
In connection with the service it provides, the Data Controller is obliged to issue invoices to the user, based on which the Data Controller is the KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (headquarters: 1031 Budapest, Záhony utca 7.), which operates the invoicing program.
and must use the cooperation of CIB Bank Zrt., which manages banking operations, which organizations qualify as data management organizations in their own right.
Method of storage of invoicing data: Electronically
The Data Controller manages the following personal data of the data subject in the context of invoicing:
name;
Home address;
amount of claims;
consideration for the service.
Purpose: Fulfillment of the legal condition for the enforcement of claims arising from the contract
Legal basis: GDPR Article 6 (1) point c) fulfillment of the legal obligation imposed on the data controller and fulfillment of legitimate interest according to GDPR Article 6 (1) point f)
Scope of stakeholders: The stakeholders in a contractual legal relationship
Data management period: Until the end of the 8th year following the issue of the invoice
Data controller: The Company
Data processors: KBOSS.hu Kft. and CIB BANK Zrt.
Data transmission: KBOSS.hu Kft. and CIB BANK Zrt.
The persons entitled to access the data are: The Data Controller and its employees who have an employment or commission relationship with it
Data storage method: Electronic
Profiling: None
Automated decision making: None
Social media is a media tool where the message is spread through social users. Social media uses the Internet and online exposure to transform users from content receivers to content editors.
Social media is an interface of Internet applications that contains content created by users, such as Facebook, Google+, Twitter, etc.
Social media can include public speeches, lectures, presentations, product or service presentations.
The range of personal data published on social media is as follows:
Purpose: To promote the Company and the website operated by it
Legal basis: Voluntary consent of the customer concerned
Scope of stakeholders: Affected customers who follow the social page separately
Data management period: According to the regulations that can be viewed on the given social media page
Information regarding deletion: The Company is obliged to remove the data in question to the best of its ability after the request for deletion or the withdrawal of consent.
Data controller: The Company
Those entitled to access the data: According to the regulations that can be viewed on the given social media page
Data storage method: Electronic
Data transmission: The company operating the relevant social media site
Profiling: None
Automated decision making: None
It is important to take into account that when the user uploads or submits any personal data, he gives the operator of the social site a worldwide license to store and use such content. Therefore, it is very important to make sure that the user has full authorization to communicate the published information.
Cookies are placed on the user’s computer by the visited websites above and contain information such as page settings or login status.
Cookies are therefore small files created by visited websites. By saving browsing data, they improve the user experience. With the help of cookies, the website remembers the website settings and offers locally relevant content.
The provider’s website sends a small file (cookie) to the computer of website visitors in order to determine the fact and time of the visit. The service provider informs the website visitor about this.
Purpose: Additional service, identification, tracking of visitors
Legal basis: The user’s consent is not required if the service provider absolutely needs it to use cookies
Stakeholders: Website visitors
Data controller: None
Those entitled to access the data: The data manager does not process personal data using cookies
Data storage method: Electronic
Data transmission: None
Profiling: None
Automated decision making: None
Our website uses Google Analytics.
Google Analytics compiles a report for its customers on the habits of website users based on internal cookies.
On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it prepares reports related to website activity for the website operator so that it can provide additional services.
The data is stored on Google’s servers in an encrypted format in order to make it difficult and prevent misuse of the data.
You can disable Google Analytics as follows. Quote from the site:
Website users who do not want Google Analytics JavaScript to report their data can install a Google Analytics opt-out browser extension. The plugin prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics blocking browser extension does not prevent data from being sent to the website itself and other internet analytics services.
https://support.google.com/analytics/answer/6004245?hl=en
Google’s data protection guidelines: https://policies.google.com/privacy?hl=hu
Detailed information on the use and protection of data is available at the links above.
Data protection in detail:
https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf
Payment service providers:
CIB Bank Zrt.
H-1024 Budapest, Petrezselyem utca 2-8.
H-1537 Pf. 394.
SWIFT: CIBHHUHB
Registering company court: Company Court of the Capital City Court
Company registration number: Cg. 01-10-041004
Stock exchange membership: Budapest Stock Exchange Zrt.
Activity license number: 957/1997/F, III/41. 044-10/2002.
The payment operations performed by the data subject are processed by the payment systems provided by the payment service providers in accordance with this point for the Company’s payment accounts. The data can only be accessed by the employees of the Data Controller and, according to their own data management information, the employees of the payment service providers, who are all responsible for the safe handling of the data.
Purpose: Ensuring the flow of money handled by the Data Controller
Legal basis: Fulfillment of a legal obligation based on point c) of Article 6 (1) of the GDPR
Scope of stakeholders: The stakeholders in a contractual legal relationship
Scope of the data: Name of the data subject, account manager bank, bank account number and the amount paid by him
Data controller: The Company
Entitled to access the data: The Company and its employees in employment or commission relationships with it, as well as the payment service provider and its employees
Data management deadline and data deletion
Until the end of the Company’s operation. The payment service provider deletes the data after 10 years
Data storage method: Electronic
Data transmission: none
Profile creation: none
Automated decision-making: none
Invoicing:
Company name: KBOSS.hu Trading and Service Limited Liability Company
Headquarters: 1031 Budapest, Záhony u. 7.
Phone: +36 30 354 4789
E-mail: info@szamlazz.hu
The data subject can fulfill his payment obligations to the Company on the basis of the accounting certificate issued by the invoicing service provider. Only the employees of the Data Controller and, according to their own data management information, the employees of the service provider can access the data, but they are all responsible for the safe handling of the data.
Purpose: Complying with the accounting rules and fulfilling tax obligations
Legal basis: Fulfillment of a legal obligation based on point c) of Article 6 (1) of the GDPR
Scope of stakeholders: The stakeholders in a contractual legal relationship
Scope of the data: The name and address of the data subject and the amount to be paid by them
Data controller: The Company
Data transmission: KBOSS.hu Kft.
The persons entitled to access the data are: The Company and its employees who have an employment or commission relationship with it
Deadline for data management and deletion of data: The data will be deleted by the invoicing service provider after 8 years.
Data storage method: Electronic
Data transfer: None
Profiling: None
Automated decision making: None
Booking:
Company name: DIGITAX Solutions Könyvviteli Szolgáltató Kft.
Headquarters: 1132 Budapest, Victor Hugo u. 11.
Phone: +36 70 525 3617
Email: attila@digitax.tax
The Company can fulfill its obligation to declare and pay taxes according to the accounting documents completed by the person concerned by sending the declarations prepared by the accounting service provider to the tax authority and fulfilling its obligation to pay taxes based on the declarations. Only the employees of the Data Controller and, according to their own data management information, the employees of the service provider can access the data, but they are all responsible for the safe handling of the data.
Purpose: Complying with the accounting rules and fulfilling tax obligations
Legal basis: Fulfillment of a legal obligation
Stakeholders: Customers
Scope of the data: Name and address of the person concerned, and the amount to be paid by them, their bank and bank account number
Data controller: The Company
Data transfer: Digitax Kft.
The persons entitled to access the data are: The Company and its employees who have an employment or commission relationship with it
Deadline for data management and deletion of data: The accounting service provider deletes the data after 8 years
Data storage method: Electronic and paper-based
Data transmission: None
Profiling: None
Automated decision making: None
IT processing:
Company Name: WordPress / Automattic Inc.
Headquarters: 60 29th Street #343, San Francisco, CA 94110
Phone: (877) 273 3049
Ensuring the operation of the website in the information technology sense for the concerned User, data management operations manifested in the technical operations necessary for the operation of the website and the provision of the services provided through it.
Purpose: The data processing is related to the use of the services provided by the website by the Users who visit the website
Legal basis: Fulfillment of a legal obligation based on point c) of Article 6 (1) of the GDPR
Scope of stakeholders: The stakeholders in a contractual legal relationship
Scope of the data: The data processing affects all the data specified in this information.
Data controller: Enter Team Kft.
Entitled to access the data: The Company and its employees in employment or commission relationships with it, as well as the data processor and its employees
Data management deadline and data deletion: https://automattic.com/privacy/
Data storage method: Electronic
Data transmission: none
Profile creation: none
Automated decision-making: none
The right to request information: The data subject can request information from the Data Controller via the provided contact details about the data processed by him or by the data processor commissioned at his disposal, which data of the data subject, on what legal basis, for what data management purpose, from what source, for how long, and for how long the name and address of the data processor and its activities related to data management, the circumstances, effects of the data protection incident and the measures taken to prevent it, and in the case of forwarding the personal data of the data subject – the legal basis and recipient of the data transfer. At the request of the data subject, the Data Controller will send information to the e-mail address provided by the data subject immediately, but no later than within 30 days. Information is provided free of charge once per calendar year, in additional cases where information is requested, reimbursement may be established. However, the reimbursement already paid is refundable if an illegality is established with regard to the handling of the data, or if the data needs to be corrected for a reason attributable to the Data Controller.
Right to rectification: The data subject can ask the Data Controller to change some of his data via the contact details provided. At the request of the data subject, the Data Controller will act on this immediately, but within 30 days at most, and send information to the e-mail address provided by the data subject.
Right to erasure: The data subject may request the deletion of his data from the Company via the contact details provided. At the request of the person concerned, the Company will do this immediately, but within 30 days at most, and will send information about it to the e-mail address provided by the person concerned.
Personal data can be deleted if:
The right to blocking: The data subject can ask the Company to block their data via the contact details provided. The blocking lasts as long as the reason specified by the data subject makes it necessary to store the data. At the request of the data subject, the Company will do this immediately, but within 30 days at most, and the Company will send information about this to the e-mail address provided by the data subject.
The right to object: The data subject can object to data processing via the contact details provided. The Company examines the protest as soon as possible, but no later than 15 days after the submission of the request, makes a decision on its validity, and informs the person concerned of its decision by e-mail.
The processing of personal data can be objected to if the processing or transmission of personal data is necessary solely for the fulfillment of the legal obligation of the Data Controller or for the enforcement of the legitimate interests of the Data Controller, data recipient or a third party, unless data processing is mandatory; personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research; as well as in other cases defined by law.
If it can be established that the data subject’s protest is well-founded, the data processing will be terminated, the data will be locked, and all those to whom the personal data affected by the protest were previously transmitted, and who are also obliged to take measures to enforce the right to protest, will be notified about the protest and the measures taken based on it.
The right to enforce rights related to data management, complaint
In the event of illegal data processing experienced by the data subject, notify the Company so that the legal status can be restored within a short period of time. The Company will do everything in its power to solve the outlined problem in the interest of the person concerned.
If, according to the data subject’s opinion, the legal status cannot be restored, notify the authority of this at the following contact details:
National Data Protection and Freedom of Information Authority
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: same service (at) naih.hu
URL https://naih.hu
coordinates: N 47°30’56”; N 18°59’57”
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation)
– CXII of 2011 Act on the right to self-determination of information and freedom of information
LXVI of 1995 on the protection of public records, public archives and private archive material. law
335/2005 on the general requirements for document management of bodies performing public duties. (XII. 29.) Government decree
year CVIII Act on certain issues of electronic commercial services and services related to the information society
Act C on electronic communications
The persons concerned can exercise their legal rights under Act V of 2013 on the Civil Code, GDPR and Infotv. based on this, they can exercise it before a court, and they can apply to the National Data Protection and Freedom of Information Authority:
National Data Protection and Freedom of Information Authority
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.: 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/
If the court is chosen, the lawsuit can also be initiated – at the choice of the concerned User – before the court of the residence or place of stay of the concerned user, since the adjudication of the lawsuit falls within the jurisdiction of the court.