Introduction
The "RUGALMAS GUMIÁRUHÁZ" Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (6728 Szeged, Vásár utca 9/4., The registration number of the General Court of Szeged: 06-09-008267, VAT number: 12939879-2-06, e-mail address: info@rubberstore.eu), as the maintainer undergoes the next briefing and acknowledges those written here as mandatory guidelines.
The European Parliament and Council of the European Union (EU)2016/679 regulation (furthermore: GDPR) says, that before starting the processing of the data, it has to be announced to the data subject (in this case with the website user, in the following: user) what legal base the data processing leans on.
The data subject has to be informed clearly and in details about all the facts, especially about the aim and legal base of the data processing, about the person entitled to the data processing and management, and about the time period of the data management.
The data subject also has to be informed about that the personal data can be managed also when getting the allowance is impossible or when it would have disproportionate cost and the processing of the personal data is
-necessary regarding the legal obligation fulfillment of the data processor or
-necessary regarding the validation of the legitimate interest of the data controller or the third person, and this assertion of interest is commensurate with the restriction of personal data protection right.
The information has to extend to the rights of the data subject regarding the data processing and the possibilities of the legal remedy.
If the personal informing of the data subjects is impossible or would have disproportionate cost, the informing can happen by disclosing the following information:
1. the aim of the data collection,
2. data subjects,
3. the time period of the data processing,
4. the possible data processing persons who are entitled to get to know the data
5. the exposition of the possible rights and legal remedies of the users regarding the data processing,
6. the legal base of the data processing
We don't give personal data to unauthorised third person.
The following data processing guide is based on the required content above. The guide can be reached at the following page: http://www.rubberproduct.eu/privacy-policy
The modifying of the guide comes in to force when published on the link above.
Interpretative definitions
„personal data”: any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
„data processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
„restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;
„profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
„controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
„processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
„recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
„third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
„consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
„personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Principles relating to processing of personal data
1. Personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
Data processing
Filling the offer requesting data sheet
Sending message via the requesting data sheet:
The 2011. year CXII. law 20. § (1) the following has to be determined as a result of using the data requesting offer:
a) the fact of the data collecting,
b) the range of those involved,
c) the aim of the data collecting,
d) the time period of the data managing,
e) the data processors entitled for getting to know the data,
f) letting those involved known about their rights in connection with the data processing.
2. The fact of the data collecting, the range of the managed data, the aim of the data processing: name, e-mail address, telephone, message, the time of the filling and sending of the data sheet, the IP address at the time of filling
3. The range of those involved: those involved who use the data sheet
4. The aim of the data collecting: the service provider uses the personal data of the users as a result of managing and the using of the website.
5. The time period of the data managing, the deadline of deleting the data: the data processor manages the data until the subject of the data doesn't request its deleting.
6. The range of the possible data processors who are entitled of getting to know the data: the personal data can be managed by the co-workers of the data processor by keeping the guidelines.
7. Informing the involved about their rights in connection with the data processing: the involved can request the deleting / modifying of the personal data via the following ways:
-by post 6728 Szeged, Vásár utca 9/4.
-via e-mail
-by phone +36-62/463-288
8. The legal base of the data processing: the contribution of the user based on the Info law. 5. § (1)
9. The data of the storage provider:
Name: INTROWEB Kft.
Address: 6724 Szeged, Gelei József utca 5. 1. emelet 3.
Telephone: +36 (20) 414 2574
E-mail:
Managing Cookies
1. „safety cookies” , „temporary or session cookies” „cookies needed for session protected with password”, „Permanent or saved cookie” , „Internal and external cookies”, to the use of those the pre contribution is not needed from the data subjects.
2. The fact of the data processing and the managed data: Unique identification number, dates, times.
3. The data subjects: those involved who use the website.
4. The purpose of the data processing: For the identification of the users and the tracking of visitors.
5. The time period of the data processing and the deadline of deleting the data:
Type of cookie: Session cookies
The legal base of the data processing: The ectronical business services and the questions about the info society services 2001. CVIII. law (Elker law.) 13/A. § (3) paragraph
The period of the data processing: The period until the closure of the visitors session. Managed data: connect.sid
Those entitled for the data processing: Personal data is not managed with the use of cookies by the data processor.
The rights of the data subject regarding the data procsessing: The data subjects have opportunity to delete cookies in the web browser Tools/Adjustment menu, generally under the Privacy Policy point.
The legal base of the data processing: Contribution is not needed from the data subject, if the exceptional aim of the use of the cookies is the communication via the electronical communication network or needed as the supplier or the subscriber especially asked for the help in service in connection with the informational society.
You can be informed about the cookie settings of the most popular web browsers the following link:
GoogleChrome:
https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop
Firefox:
https://support.mozilla.org/en-US/products/firefox/protect-your-privacy/cookies
Microsoft Internet Explorer:
Microsoft Edge:
Opera:
https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/
Safari:
https://support.apple.com/en-us/HT201265
The use of Google AdWords conversion track
1. The data processor uses the „Google AdWords” online ads programme, furthermore the Google conversion tracker. aslso The Google conversion tracker is the analyzing service of the Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
2. When a user reaches a website by the Google ads, a cookie needed for the conversion tracking appears on the computer. The validity of these cookies are restricted and don't contain any personal data, so the user can't be identified through them.
3. When the user surfs on a website and the cookie hasn't expired, then Google and the data processor see that the user clicked on the ad.
4. Every Google AdWords client gets a second cookie, so those can't be tracked on the websites of the AdWords clients.
5. The information – that was obtained with the help of conversion tracking cookies – help the conversion tracking of the AdWords and help the clients to make conversional statistics. This way the clients can be informed about the number of users forwarded to the website provided with the conversion tracking tag and clicked on the ad. But they don't get information that could identify any user.
6. If You don't want to participate in the conversion tracking then You can reject it with blocking the possibility of installing cookies. After that, You won't appear in the conversion tracking statistic.
7. Further info and the Privacy Policy of Google can be reached on this page: http://www.google.de/policies/privacy/
Google Analytics
1. This website uses the Google Analytics app, which is the analyzing service of Google Inc. („Google”). The Google Analytics uses so-called „cookies”, text files, which are saved on the computer, thus help analyzing the website visited by the user.
2. The information made with the cookies in connection with the website used by the user usually appear on one server of the Google in the USA. With activating the IP anonymizing on the website, Google previously shortens the user's IP address within the member states of EU or the other states participating in the European Economic Area.
3. The forwarding and the shortening of the full IP address on the server of the Google in the USA only happens in exceptional cases. By the mandate of the manager of this website, Google will use this information to evaluate how the user used the website, furthermore to make reports in connection with the activity of the website for the manager of the website and to fulfill further services in connection with the use of website and internet.
4. Within Google Analytics the IP address forwarded by the browser of the user isn't connected with other data of Google. The storage of the cookies can be prevented by the proper adjustment of the browser of the user, but we warn You that in this case it might happen that not all the functions of the website will be widely usable. Furthermore it can prevent Google from gathering and processing the data of the website user (including the IP address) by the cookies if you download and install the plugin found on the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
Social Websites
1. The fact of the data collecting, the range of the managed data and the aim of data collecting:
Type of personal data*The aim of the processing of the given data
Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social sites the name of the registered and the public profile picture of the user.
The sharing, likeing, following, promoting of the the social website itself, the content, products, services, sales.
2. The data subjects: those data subject who registered to any of the social sites mentioned above and like or follow the status or the website of the data processor.
3. The time period of the data processing and the deadline of deleting the data: The data subject can be informed about the source of the data, the processing of the data, the mode of the transfer and its legal base on the social site. The data processing happens on the social sites thus the regulation of the social site applies to the time period, mode of the data processing and also to the deleting and modifying possibilities of the data.
4. The legal base of the data processing: the contribution of the data subject on the social site 6. article (1) paragraph a) point.
Complaint Handling
1. The fact of the data collecting, the range of the managed data and the aim of data collecting:
Type of personal data*The aim of the processing of the given data
First and last name * Identification, contact
E-mail address * Contact, complaints about using services, consultating and managing questions
Phone number * Contact
Password * For the safe lof in to the user account
Billing data (Name, address) * Complaints about using services, consultating and managing questions
2. The data subjects: those involved who used services on the websaite and made a complaint.
3. The time period of the data processing and the deadline of deleting the data: Based on the consumer protection 1997. year CLV. law 17/A. § (7) paragraph, the protocol made of the complaint, the transcript and the copy of answer has to be kept for 5 years.
4. Those entitled for the data processing and the recipients of the personal data: The personal data can be managed by those co-workers and data processors authorised based on this guide.
The rights of the data subjects regarding the data processing:
The data subject can ask for the accessibility of the personal data regarding him/her.
Can object against the management of these personal data and also
The data subject has the right to the data portability and also to the withdrawing of the contribution at any time.
The data subject can initiate the access to the personal data, the deleting of the personal data, the modification of the personal data, the restriction of managing the personal data, the portability of the data, and objecting against data processing in the following ways:
by post: 6728 Szeged, Vásár utca 9/4. szám
by phone: 62/463-288
via e-mail: info@rubberstore.eu
The legal base of the data process: the contribution of the data subject 6. article (1) paragraph a) point, az Info law. 5. § (1) paragraph, and the consumer protection 1997. year CLV. law 17/A. § (7) paragraph.
We inform You,
the data process is based on the fulfillment of the contraction.
obligated to give personal data in order to manage the complaint about the service.
the missing of the data service comes with the consequence that we can't manage the complaint of the data subject.
Data processors
Accounting
Name: N-TAX Kft.
Address: 6722 Szeged, Attila u. 11.
E-mail address:
Storage provider
Name: Introweb Szolgáltató és Kereskedelmi Kft.
Address: 6724 Szeged, Gelei József utca 5.1.em.3.
E-mail address:
The rights of the data subject
The right of access
You are entitled to get feedback from the data processor regarding whether the handling of the personal rights are in process, and if it is, then she/he is entitled to get access to the information in the regulation and the personal data.
Right to rectification
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning You. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You shall have the right to obtain from the controller the erasure of personal data concerning You without undue delay and the controller shall have the obligation to erase personal data without undue delay based on grounds.
Right to be forgotten
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to data portability
You shall have the right to receive the personal data concerning You, which You have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her which is based on point the mentioned, including profiling based on those provisions.
Right to object in case of direct marketing
Where personal data are processed for direct marketing purposes, You shall have the right to object at any time to processing of personal data concerning You for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where You object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Automated individual decision-making , including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.
Paragraph 1 shall not apply if the decision:
1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
3. is based on the data subject’s explicit consent.
Deadline of acting
The data processor informs You without undue delay, but at least within 1 month from the arriving of the request about the acts based on the requests above.
If neeeded this can be lengthened by 2 months. The data processor informs You about the lengthening of the deadline within 1 month after getting the request.
If the data processor doesn't take acts based on your request, without undue delay, but at least from 1 month after getting the request informs You about the reasons of the missing of the act, and also about that you can have complaint at a supervisory authority and can have the right of the legal remedy.
The security of data processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
1. the pseudonymisation and encryption of personal data;
2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Privacy incident
If the privacy incident probably has a high risk at the rights of natural persons and their freedom, the data processor informs the data subject about the privacy incident without undue delay.
When informing the subject of the data, the type of the privacy incident has to be stated clearly and understandably; also the name and contact info of the officer or the other contact person; also the possible consequences of the privacy incident; also the planned acts for the remedy of the privacy incident by the data processor, including the cases when the acts are to ease the consequences of the privacy incidents.
The subject of the data doesn't have to be informed if any of the following applies:
-the data processor made proper technical and organizing acts and these acts were applied regarding the data in the privacy incident especially those acts – e.g. applying encryption –, which make the data ununderstandable to those not authorised for the personal data;
-the data processor made such acts after the privacy incident, which secure that the high risk will not happen regarding the rights of the data subject;
-the information doesn't make the disproprortionate effort necessarry. In these cases the subjects of the data have to be informed based on publicly published information or an act has to be made that secures the effective information of the data subject.
If the data processor hasn't notified the data of the subject about the privacy incident, the supervision authority can order the informing of the data of the subject after considering whether the privacy incident has probably high risk.
Complaint possibility
About the possible law violation of the data processor, the individual can have a complaint at the The National Authority for Data Protection and Freedom of Information:
The National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: