…in which we inform you, as a visitor to our website and as a user of our services, about our company’s data processing and data protection rules.

1. What principles do we follow in our data processing?

The Controller follows the principles below when processing personal data:

• we process personal data lawfully, fairly and in a transparent manner for you;

• we collect personal data only for specified, explicit and legitimate purposes, and do not process them in a manner incompatible with those purposes;

• the personal data we collect and process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

• our company takes all reasonable steps to ensure that the data we process are accurate and, where necessary, kept up to date, and inaccurate personal data are erased or rectified without delay;

• we store personal data in a form which permits your identification only for as long as necessary for the purposes of the processing;

• by applying appropriate technical and organisational measures, we ensure the appropriate security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.

Our company processes your personal data:

• on the basis of your prior, informed and voluntary consent, only to the extent necessary and in every case for a specific purpose, that is, we collect, record, organise, store and use them only for the relevant purpose;

• in certain cases, the processing of your data is based on legal obligations and is mandatory; in such cases we will specifically draw your attention to this fact;

• and in certain cases, our company or a third party has a legitimate interest in processing your personal data, for example for the operation, development and security of our website.

2. Details of the Controller

Business name: Lázár Edina E.V.
Registered office: 2370 Dabas, Szent István út 16.
Website: enamorojewels.hu
Postal address: 2370 Dabas, Szent István út 16.
E-mail address: hello@enamorojewels.hu
Tax number: 48358071-1-33
Registration number: PE48358071

The Controller is not required to appoint a data protection officer under Article 37 of the GDPR.

The Controller’s hosting provider:

Hosting provider name: Sybell Informatika
Hosting provider registered office: 1138 Budapest, Tomori utca 34. 2. emelet
Hosting provider website: sybell.hu
Hosting provider e-mail address: info@sybell.hu

In the course of processing data, and in order to provide a high standard of service to our customers, our company uses the following data processors:

Controller (1): Lázár Edina
Address (1): 2370 Dabas, Szent István út 16.
Area of responsibility (1): All activities

If we change the scope of our data processors, we will update this notice accordingly.

The data we process:

We only ask our website visitors for personal data if they wish to register, log in, or participate in a prize draw.

We do not combine the personal data provided in connection with registration or our marketing services, and identifying our visitors is generally not our purpose.

If you have any questions related to data processing, you may request further information by e-mail at info@enamorojewels.hu or by post, and we will send our reply within 15 days (but no later than within 1 month) to the contact details you have provided.

3. What are cookies and how do we use them?

Cookies are small data files (hereinafter: cookies) which are placed on your computer through the website when you use the website, and which are saved and stored by your internet browser. Most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow the downloading and use of cookies by default, but it is up to you to change your browser settings to reject or disable them, and you can also delete cookies already stored on your computer. More detailed information on the use of cookies is available in the “Help” menu of each browser.

There are certain cookies that do not require your prior consent. Our website provides brief information about these at the start of your first visit, such as authentication cookies, multimedia player cookies, load-balancing cookies, session cookies that help customise the user interface, and user-centred security cookies.

Regarding cookies requiring consent, where data processing begins already upon visiting the site, our company informs you at the start of your first visit and requests your consent.

Our company does not use and does not allow cookies that enable third parties to collect data about you without your consent.

Accepting cookies is not mandatory; however, our company cannot be held responsible if, in the absence of enabled cookies, the website does not function as expected.

What cookies do we use?

Name: _ga
Provider: enamorojewels.hu
Purpose: Registers a unique ID used to generate statistical data on how the visitor uses the website.
Expiry: 2 years
Type: HTTP

Name: _gat
Provider: enamorojewels.hu
Purpose: Used by Google Analytics to store the request rate limit.
Expiry: Session
Type: HTTP

Name: _gid
Provider: enamorojewels.hu
Purpose: Registers a unique ID used to generate statistical data on how the visitor uses the website.
Expiry: Session
Type: HTTP

Name: _fbp
Provider: enamorojewels.hu
Purpose: Used by Facebook to provide advertising products to third parties (e.g. real-time advertising).
Expiry: 3 months
Type: HTTP

Name: fr
Provider: facebook.com
Purpose: Used by Facebook to provide a range of advertising products (such as real-time bidding from third-party advertisers).
Expiry: 3 months
Type: HTTP

You can read more about third-party cookies on the relevant page here.

4. What else should you know about data processing related to our website?

You provide your personal data to us voluntarily during registration or when contacting our company, therefore we ask you to ensure that your data are true, correct and accurate when providing them, as you are responsible for them. Incorrect, inaccurate or incomplete data may prevent you from using our services.

If you provide the personal data of another person instead of your own, we assume that you have the necessary authorisation to do so.

You may withdraw your consent to data processing at any time, free of charge:

• by deleting your registration,

• by withdrawing your consent to data processing, or

• by withdrawing your consent to the processing or use of any data that must be provided during registration, or by requesting that such data be restricted.

For technical reasons, we undertake to register the withdrawal of consent within 30 days; however, please note that for the fulfilment of our legal obligations or for the enforcement of our legitimate interests, we may continue to process certain data even after consent has been withdrawn.

In the event of the use of misleading personal data, or if any of our visitors commits a criminal offence or attacks our company’s system, we will immediately delete their data simultaneously with the termination of their registration, or, if necessary, retain them for the period required to establish civil liability or conduct criminal proceedings.

5. What should you know about our direct marketing and newsletter-related data processing?

By making a statement during registration, or later by modifying the personal data stored on the newsletter and/or direct marketing registration interface (that is, by clearly expressing your intention to consent), you may give your consent for us to use your personal data for marketing purposes as well. In this case, until such consent is withdrawn, we process your data for the purpose of sending direct marketing communications and/or newsletters, and we may send you advertisements and other mailings, information notices, offers and/or newsletters (Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities).

You may give your consent to direct marketing and newsletters jointly or separately, and you may withdraw such consent(s) free of charge at any time.

Deletion of registration is in all cases considered as withdrawal of consent. However, withdrawal of consent for direct marketing and/or newsletter-related data processing is not interpreted as withdrawal of consent to data processing related to the use of our website. Consent is always given for a specific purpose, therefore registration on the website and subscription to the newsletter are two separate purposes and two separate databases, and the two cannot be linked.

For technical reasons, we undertake to register withdrawals of consent or unsubscribe requests within 15 days.

6. What should you know about prize draws?

Our company may organise promotional prize draws from time to time, the specific rules of which are contained in separate regulations. The rules of the current promotion are always available on the home page of our website via a centrally placed link.

7. Other data processing matters

We may only transfer your data within the framework defined by law, and in the case of our data processors we ensure through contractual conditions that they may not use your personal data for purposes contrary to your consent. Further information is available in Section 2.

Our company does not transfer data abroad.

Courts, the public prosecutor’s office and other authorities (e.g. police, tax authority, National Authority for Data Protection and Freedom of Information) may contact our company to request information, disclosure of data, or the provision of documents. In such cases, we are obliged to comply with our data disclosure obligation, but only to the extent strictly necessary to achieve the purpose of the request.

Contributors and employees involved in our company’s data processing and/or data handling are entitled to access your personal data to a predefined extent and are bound by confidentiality obligations.

We protect your personal data with appropriate technical and other measures, and ensure the security and availability of the data, and protect them against unauthorised access, alteration, damage, disclosure or any other unauthorised use.

As part of our organisational measures, we control physical access to our buildings, continuously train our employees, and keep paper-based documents locked away with appropriate protection. As part of our technical measures, we use encryption, password protection and antivirus software. Please note, however, that data transmission over the internet cannot be considered fully secure. Our company does everything possible to make processes as secure as possible, but we cannot accept full responsibility for data transmission through our website. At the same time, with regard to data received by our company, we apply strict requirements in order to ensure the security of your data and prevent unlawful access.

With regard to security matters, we ask for your assistance in carefully safeguarding your access password to our website and not sharing this password with anyone.

8. What are your rights and remedies?

In relation to data processing, you may:

• request information,

• request the correction, modification or completion of your personal data processed by us,

• object to the processing and request the deletion or restriction of your data (except in the case of mandatory data processing),

• seek legal remedy before a court,

• lodge a complaint with or initiate proceedings before the supervisory authority.

Supervisory Authority: Nemzeti Adatvédelmi és Információszabadság Hatóság

Registered office: 1055 Budapest,
Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf.: 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/

Upon your request, we will provide information on:

• your data processed by us, or processed by our appointed data processor,

• the source of such data,

• the purpose and legal basis of the processing,

• the duration of the processing, or, if this is not possible, the criteria used to determine that duration,

• the name, address and activities of our data processors in relation to the processing,

• the circumstances, effects and measures taken in relation to any data protection incidents and their prevention,

• and, in the case of transfer of your personal data, the legal basis and recipient of the transfer.

We will provide this information within 15 days from the submission of the request (but no later than within 1 month). Information is provided free of charge, unless you have already submitted a request for information concerning the same data set in the current year. We will reimburse any fee already paid if the data were processed unlawfully or if the request for information led to rectification. We may refuse to provide information only in cases specified by law, with indication of the legal basis, and by informing you of the possibility of judicial remedy and of turning to the Authority.

Our company will notify you, as well as all those to whom the data were previously transferred for data processing purposes, of any rectification, restriction, marking or deletion of personal data, unless the omission of such notification does not harm your legitimate interests.

If we do not comply with your request for rectification, restriction or deletion, we will communicate the reasons for refusal in writing or, with your consent, electronically, within 15 days from receipt of the request (but no later than within 1 month), and we will inform you of the possibility of judicial remedy and of turning to the Authority.

If you object to the processing of your personal data, we will examine the objection within 15 days from the submission of the request (but no later than within 1 month), and inform you of our decision in writing. If we determine that your objection is justified, we will terminate the data processing, including any further collection and transfer of data, and restrict the data, and we will notify all those to whom the personal data affected by the objection were previously transferred and who are required to take measures to enforce the right to object.

We will refuse to comply with the request if we demonstrate that the processing is justified by compelling legitimate grounds which override your interests, rights and freedoms, or which relate to the establishment, exercise or defence of legal claims. If you do not agree with our decision, or if we fail to meet the deadline, you may bring the matter before a court within 30 days from the communication of the decision or from the last day of the deadline.

Data protection lawsuits fall within the competence of the regional court, and the proceedings may also be initiated before the regional court of your place of residence or stay, at your choice. A foreign national may also lodge a complaint with the supervisory authority competent according to their place of residence.

Before turning to the supervisory authority or the court with your complaint, we kindly ask you to contact our company first in order to discuss the matter and resolve the issue as quickly as possible.

9. What are the main legal acts governing our activities?

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (GDPR)

• Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)

• Act V of 2013 on the Civil Code (Ptk.)

• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Eker tv.)

• Act C of 2003 on Electronic Communications (Ehtv.)

• Act CLV of 1997 on Consumer Protection (Fogyv tv.)

• Act CLXV of 2013 on Complaints and Public Interest Disclosures (Pktv.)

• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grtv.)

10. Amendment of the Privacy Notice

Our company reserves the right to amend this Privacy Notice, and will inform the affected parties in an appropriate manner. Information related to data processing is published on the enamorojewels.hu website.