Privacy policy
Our privacy policy
tshirtbazar.shop currently operates on a server in Hungary and the Operator is also a legal entity registered in Hungary.
The operator operates the service in compliance with Hungarian laws and ethical standards. The collection and processing of personal data necessary for identification while using our website complies with the current Hungarian data protection regulations (Act CXII of 2011 - Infotv., Act C of 2000 - Accounts Act, Act CVIII of 2001 - Ekertv .), is also in line with the General Data Protection Regulation (GDPR) of the European Union No. 2016/679.
The operator of tshirtbazar.shop hereby informs the visitors of the website about the practices followed in the management of personal data, the organizational and technical measures taken to protect the data, as well as the rights of the visitors in this regard and the possibilities of their enforcement. Information about Emler Bt.'s data management is continuously available at https://tshirtbazar.shop/pages/privacy-policy. Emler Bt. reserves the right to change this information at any time. Emler Bt. will immediately notify its customers of any changes.
Definitions
In connection with data management and data protection, the following concepts arise, which have the following meaning:
1.1 data subject: any natural person identified or - directly or indirectly - identified on the basis of personal data;
1.2 personal data: data that can be associated with the data subject - in particular the data subject's name, identification mark, and one or more pieces of information characteristic of his or her physical, physiological, mental, economic, cultural or social identity - as well as any conclusions about the data subject that can be drawn from the data;
1.3 consent: the voluntary and decisive declaration of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations;
1.4 protest: the statement of the data subject objecting to the handling of his personal data and requesting the termination of data management or the deletion of the processed data; 1.5 data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor it has commissioned;
1.6 data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);
1.7 data transfer: making the data available to a specific third party;
1.8 data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible;
1.9 data marking: providing the data with an identification mark for the purpose of distinguishing it;
1.10 data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;
1.11 data destruction: complete physical destruction of the data carrier containing the data;
1.12 data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
1.13 data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of the contract with the data controller - including the conclusion of a contract based on the provisions of the law;
1.14 data file: the totality of the data managed in one register;
1.15 third party: a natural or legal person, or an organization without legal personality, who is not the same as the data subject, data controller or data processor;
1.16 EEA state: on the basis of an international treaty concluded between a member state of the European Union and another state party to the Agreement on the European Economic Area, as well as the state whose citizen is the European Union and its member states and a state that is not a party to the Agreement on the European Economic Area, the European enjoys the same legal status as a citizen of a state party to the Agreement on Economic Space;
1.17 third country: any state that is not an EEA state.
1.18 Terms not defined in this information must be interpreted with the meaning defined in Infotv.
2. Name of data controller
Name: Emler Bt.
Address: 3534 Miskolc, Mária utca 32. fszt. 2.
Tax number: 22192390-2-05
Company registration number: 05-06-017408
Web: tshirtbazar.shop
3. Data management principles
3.1 Personal data can only be processed for specific purposes, in order to exercise rights and fulfill obligations. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal.
3.2 Only such personal data can be processed that is essential for the realization of the purpose of data management and suitable for achieving the purpose. Personal data can only be processed to the extent and for the time necessary to achieve the purpose.
3.3 Only persons over the age of 18 can shop on the tshirtbazar.shop website!
3.3 The data provided to use the service on the website is processed with your voluntary consent. When you place your order via email, you give us permission to process the data contained in it. The data provided in this way are necessary to fulfill your order, issue an invoice and deliver the ordered products to you. If you do not give permission for the processing of your personal data or revoke your permission, we will not be able to fulfill your order.
Emler Bt. - Infotv. in accordance with its provisions - it processes personal data if
3.3.1 the data subject consents to it.
3.3.2 If the personal data was collected with the consent of the data subject, Emler Bt.
3.3.2.1 for the purpose of fulfilling the relevant legal obligation, or
3.3.2.2 for the purpose of asserting the legitimate interest of Emler Bt. or a third party, if the assertion of this interest is proportional to the limitation of the right to the protection of personal data, it can be processed without further separate consent and also after the consent of the person concerned has been revoked.
3.3.3 In court or official proceedings initiated at the request or initiative of the data subject, the consent of the data subject shall be assumed with regard to the personal data required for the conduct of the proceedings, and in other cases initiated at the request of the data subject, the consent of the data subject shall be assumed.
3.4 Emler Bt. draws the attention of those who provide data to it, that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.
The person providing the data is solely responsible for the adequacy of the data provided. When the consumer provides his e-mail address, he also assumes responsibility for the fact that all responsibility related to orders placed from the specified e-mail address rests exclusively with the customer who used the e-mail address.
4. Scope of processed personal data, purpose, legal title and duration of data recording:
4.1 Identifiers and cookies recorded when visiting the website:
When viewing the website, the start and end times of the user's visit are automatically recorded, and in some cases - depending on the settings of the user's computer - the type of browser and operating system. The system automatically generates statistical data from this data. The operator does not connect this data with personal data.
Data management period: Browsing data and session IDs are automatically deleted when you leave the website.
4.2 Data processed in connection with the order:
Scope of processed data:
the. Surname and first name
b. E-mail address
c. Phone number
d. Delivery name and address, telephone number contact details (required for delivery of the ordered product)
e. Billing name and address, telephone number contact information (required for issuing the invoice)
f. In the case of legal entities, tax number (required for issuing the invoice)
Data management purposes: recording and distinguishing purchases, handling customer complaints, facilitating and fulfilling orders, customer contact
Legal basis for data management: consent of the data subject, legal obligation
Form of data management: .eml (email) format
Place of data management: the Emler Bt. site, the server serving correspondence related to the service on the tshirtbazar.shop website.
Deadline for data management: 5 years due to statutory accounting obligations, or withdrawal of consent.
Data storage period: maximum 10 years.
Data transfer: Delivery name, address, phone number, e-mail address to the delivery company, depending on the form of delivery. Invoicing data is transferred to the service provider issuing the electronic invoice.
Data transfer to a country outside the EU: Emler Bt. operates the online store at tshirtbazar.shop through the Shopify application, and handles its correspondence through the Gmail service of Google LLC.
Appropriate Warranties: Google LLC and Shopify Inc. are both members of the EU-U.S. Privacy Shield Framework agreement, which proves that their activities comply with the guidelines of the EU General Data Protection Regulation (GDPR).
Modification and deletion of data can be requested in writing by e-mail at info@tshirtbazar.shop (profilogo@profilogo.hu).
5. Content
5.1 tshirtbazar.shop does not assume responsibility for its previous pages that have already been deleted but were still archived with the help of Internet search programs. The operator of the search page must ensure that they are removed.
5.2 The html code of the portal available at the address tshirtbazar.shop also contains links to and from an external server independent of Emler Bt. The providers of these links are able to collect user data due to the direct connection to their server.
5.3 An external service provider assists in the independent measurement of website traffic and other web analytics data (Google Analytics).
The so-called Google Analytics uses "cookies", text files stored on your computer that enable the analysis of your website visits. The information generated by the cookie about your website visit is usually sent to a Google server in the United States and stored there. Google abbreviates the Your IP address, but only in member states of the European Union or in other countries of the Agreement on the European Economic Area. Only in exceptional cases will the system send the full IP address to a Google server in the United States and shorten it there. To the website operator on your behalf, Google will use this information to evaluate your use of the website and to compile reports on the activities carried out on the website, as well as to offer the website operator additional services related to the use of the website and the Internet.The IP address transmitted by your browser address is not linked by Google with other Google data. You can block the use of cookies by setting your browser software accordingly. You can also prevent the collection and use of data by Google (cookies and IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en
Instead of the plug-in or on the browsers of mobile devices, click on this link to install a blocking cookie, which will further prevent the collection of data within the framework of Google Analytics on this website. The blocking will remain in effect until you delete its cookie. If the cookie has been deleted, all you have to do is click the link again. You can find more information about the terms of use and data protection policy of Google Analytics on the following pages:
https://www.google.com/analytics/terms/us.html
https://www.google.com/privacy?hl=en-GB
https://www.google.com/privacy?hl=hu-HU
The data controller can provide detailed information on the management of measurement data, available at: https://www.google.com/analytics.
5.4 In order to provide customized service, the service provider stores a small data package on the user's computer, so-called places a cookie. Cookies are text files that allow us to provide you with maximum convenience when you visit our website. The cookie contains a clear letter/number combination that identifies the browser you are using. These cookies are only temporarily stored on your computer and are only transferred to our server when you visit our website. We mainly use cookies for one-time activities, which are not stored on your hard drive and are deleted immediately when you close your browser or if you do nothing on the website for a certain period of time.
The user can delete the cookie from his computer or set his browser to prohibit the use of cookies.
You can view and delete the cookies stored on your computer and control how they are used through your web browser settings. You can get more information about this from the manufacturer or through the help of your web browser.
5.5 By visiting the website and using some of its functions, the user gives his consent to the aforementioned cookies being stored on the user's computer and to the data manager having access to them. As a general rule, cookies are stored for 30 days, but the user can request their deletion at any time, and can also set and prevent cookie-related activity using a browser program. However, please note that in the latter case, without the use of cookies, you may not be able to use all of the website's services.
5.6 tshirtbazar.shop may contain links to websites of other companies. We are not responsible for the privacy measures of external websites you visit via such links! Please read the privacy policies of these external websites.
6. Administration related to data management
6.1 The person concerned can apply to EmlerBt
6.1.1 information about the management of your personal data,
6.1.2 correcting your personal data, as well as
6.1.3 deletion or blocking of your personal data - with the exception of mandatory data management.
6.2 At the request of the data subject, Emler Bt. provides information about the data subject's data managed by it or processed by the data processor commissioned by it, their source, the purpose, legal basis, duration of the data processing, the name and address of the data processor and its activities related to data processing, and - the data subject in case of transmission of your personal data - about the legal basis and recipient of the data transmission.
6.3 Emler Bt. is obliged to provide the information in writing at the request of the data subject in a form that is understandable to the public as soon as possible, but no later than 25 days after the submission of the request.
6.4 The information written above is free of charge if the person requesting the information has not yet submitted a request for information to Emler Bt. regarding the same range of data in the current year. In other cases, reimbursement may be established. The amount of reimbursement can also be fixed in the contract between the parties. The compensation already paid must be refunded if the data was handled unlawfully or the request for information led to a correction.
6.5 Emler Bt. may refuse to provide information to the data subject only in the cases specified in the Infotv.
6.6 In case of refusal to provide information, Emler Bt. will inform the data subject in writing of which provision of this law the refusal of information was based on. In the case of refusal to provide information, the data controller informs the data subject of the possibility of legal remedies in court, as well as the possibility of turning to the National Data Protection and Freedom of Information Authority (hereinafter: the Authority).
6.7 If the personal data does not correspond to the reality, and the personal data corresponding to the reality is available to the data controller, the personal data will be corrected by Emler Bt.
6.8 Personal data must be deleted if
6.8.1 handling is illegal;
6.8.2 the person concerned - in accordance with the Infotv. - requests;
6.8.3 is incomplete or incorrect - and this condition cannot be legally remedied - provided that deletion is not precluded by law;
6.8.4 the purpose of data management has ceased, or the time limit for data storage defined by law or these regulations has expired;
6.8.5 it was ordered by the court or authority.
6.9 In the case specified in point 6.8.4 of the above paragraph, the deletion obligation does not apply to the personal data whose data carrier must be placed in archival custody pursuant to the law on the protection of archival material.
6.10 Instead of deletion, Emler Bt. blocks the personal data if the data subject requests this, or if it can be assumed based on the information available that the deletion would harm the legitimate interests of the data subject. The personal data locked in this way can only be processed as long as the data management purpose that precluded the deletion of the personal data exists.
6.11 Emler Bt. marks the personal data it manages if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
6.12 Emler Bt. notifies the data subject of the correction, blocking, marking and deletion, as well as all those to whom the data was previously forwarded for the purpose of data management. The notification can be omitted if this does not harm the legitimate interests of the data subject in view of the purpose of the data management.
6.13 If Emler Bt. does not comply with the request for correction, blocking or deletion of the data subject, within 25 days of receiving the request, it will notify the factual and legal reasons for rejecting the request for correction, blocking or deletion in writing. In case of rejection of the request for correction, deletion or blocking, the data controller informs the data subject of the possibility of legal remedies in court, as well as the possibility of turning to the authority.
6.14 The data subject may object to the processing of his personal data,
6.14.1 if the processing or transmission of personal data is necessary solely for the fulfillment of the legal obligation of the data controller or for the enforcement of the legitimate interests of the data controller, data receiver or third party, except in the case of mandatory data processing;
6.14.2 if personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research; as well as
6.14.3 in other cases specified by law.
6.15 Emler Bt. examines the objection as soon as possible, but no later than 15 days after the submission of the application, makes a decision on its validity, and informs the applicant of its decision in writing.
6.16 If Emler Bt. establishes that the objection of the data subject is well-founded, it will terminate the data management - including further data collection and transmission - and block the data, and will notify all those to whom the personal data affected by the objection have been notified of the objection and the measures taken based on it. forwarded earlier, and who are obliged to take measures to enforce the right to protest.
6.17 If the data subject does not agree with the decision made by Emler Bt., or if Emler Bt. misses the relevant deadline, the data subject - within 30 days from the notification of the decision or the last day of the deadline - informs Infotv. can go to court in a specified manner.
6.18 If the data recipient does not receive the data necessary to enforce his rights due to the objection of the data subject, within 15 days from the notification, in order to access the data - Infotv. In the manner specified in § 22 - you can go to court against the data controller. The data controller can also sue the data subject.
6.19 If the data controller complies with 6.16. fails to notify pursuant to point, the data recipient may request clarification from the data controller on the circumstances related to the failure of the data transfer, which clarification the data controller is obliged to provide within 8 days after the delivery of the data recipient's request to this effect. In the case of a request for clarification, the data recipient may apply to the court against the data controller within 15 days of the provision of the clarification, but at the latest from the deadline. The data controller can also sue the data subject.
6.20 Emler Bt. may not delete the data of the data subject if the data management is mandated by law. However, the data may not be forwarded to the data recipient if the data controller has agreed to the objection or the court has established the legitimacy of the objection.
6.21 In the event of a perceived violation of rights related to the processing of their personal data, any person concerned may apply to the competent court, the Capital Court in the capital, or initiate an investigation at the National Data Protection and Freedom of Information Authority (chairman: dr. Attila Péterfalvi, 1024 Budapest, Szilágyi Erzsébet fasor 22/C., ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu).
7. Scope of data access, data processors, data transfer:
the. Emler Bt. transfers data in order to fulfill orders made via email.
b. It does not use an external processor for data processing.
c. In order to fulfill the contract, it is essential that the delivery data provided by the user be transferred to the logistics company chosen by the user and its subcontractors. Our employees, partners and service providers owe us a duty of confidentiality.
d. The invoicing data provided by the user are transferred to the service provider issuing the electronic invoice:
Billing application: Billzone.eu Online Billing System.
Operator: N-Ware Informatikai és Tanácsadó Kft., 1139 Budapest, Gömb utca 26., www.billzone.eu
e. Apart from the above, the data controller does not transfer personal data to third parties. This does not apply to possible mandatory data transmissions prescribed by law, which can only take place in exceptional cases. The court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the data protection commissioner, or other bodies based on the authorization of the law, may contact the data controller in order to provide information, communicate and transfer data, or make documents available. Before fulfilling each official data request, the data controller checks for each individual data whether the legal basis for data transmission really exists. Emler Bt. will release personal data to the authorities - if the authority has specified the exact purpose and scope of the data - only to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request.
8. Data security requirements:
8.1 Emler Bt., or the data processor in its sphere of activity, ensures the security of the data and takes the technical and organizational measures and develops the procedural rules that are necessary to enforce the Infotv. and other data and privacy protection rules.
8.2 The data must be protected by appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.
8.3 In order to protect the data files managed electronically in the various registers, an appropriate technical solution must be used to ensure that the data stored in the registers cannot be directly linked and assigned to the data subject - unless permitted by law.
8.4 During the automated processing of personal data, the data manager and the data processor provide additional measures
8.4.1 preventing unauthorized data entry;
8.4.2 preventing the use of automatic data processing systems by unauthorized persons using data transmission equipment;
8.4.3 the verifiability and ascertainability of which bodies the personal data has been or may be transmitted using data transmission equipment;
8.4.4 the verifiability and ascertainability of which personal data was entered into the automatic data processing systems, when and by whom;
8.4.5 the restoreability of the installed systems in the event of a malfunction and
8.4.6 that a report is prepared on errors occurring during automated processing.
8.5 When defining and applying measures for data security, the data controller and data processor must take into account the state of the art at all times. Among several possible data management solutions, the one that ensures a higher level of protection of personal data must be chosen, unless it would represent a disproportionate difficulty for the data controller.
9. Hosting provider data:
Hosting provider name: Shopify Inc.
Available at: https://www.shopify.com
Hosting provider address:
Shopify Data Processing (USA) Inc.
251 Little Falls Drive
Wilmington, Delaware 19808
Data management information: https://www.shopify.com/legal/privacy
10. Mail server data:
Mail service name: Gmail
Service provider name: Google LLC
Service provider address:
1600 Amphitheater Pkwy
Mountain View, California 94043
Data management information: https://policies.google.com/privacy?hl=hu&gl=ZZ