Privacy Statement

Introduction

Our company follows the following principles when processing your data:

a) we process your personal data lawfully and fairly and in a transparent manner for you.

b) we collect your personal data only for specified, explicit and legitimate purposes and do not process them in a way that is incompatible with those purposes.

c) the personal data we collect and process are adequate and relevant in relation to the purposes of the data processing and are limited to what is necessary.

d) our company takes all reasonable steps to ensure that the data we process are accurate and, where necessary, up-to-date, and that inaccurate personal data are deleted or rectified without delay.

e) we store your personal data in a form that allows you to be identified only for the period necessary to achieve the purposes for which the personal data are processed.

f) we ensure the appropriate security of your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical and organisational measures.

.

This is how our company processes your personal data

 a) we process your personal data, i.e. collect, record, organize, store and use it based on your prior informed and voluntary consent and only to the extent necessary and in all cases for a specific purpose.

b) in some cases, the processing of your data is based on legal requirements and is mandatory, in such cases we will specifically draw your attention to this fact.

c) or in some cases, our Company or a third party has a legitimate interest in the processing of your personal data, such as the operation, development and security of our website.

 

Name of service provider and data controller:

 Name / company name: Pál János EV

Registered office: 8360 Keszthely, Rákóczi u. 3

Tax number: 52135433-2-40

Website name, address: www.musicmall.hu

Data processing information available: www.musicmall.hu

Contact details of the data controller:

Name: Pál János EV

Head office:8360 Keszthely, Rákóczi u. 3

Mailing address: 8360 Keszthely, Rákóczi u. 3

E-mail: hangszer@musicmall.hu

Phone: +36 30 945 3613

Hosting provider contact details:

Name / company name: Tárhely.Eu Kft.

Registered office: 1144 Budapest, Ormánság utca 4. X. em. 241.

Mailing address: 1144 Budapest, Ormánság utca 4. X. em. 241.

E-mail:gdpr@tarhely.eu

We only ask our website visitors for their personal data if they would like to inquire about the site.

If you have any questions about data management, you can request further information by sending an e-mail or postal address to hangszer@musicmall.hu.

We will send you our response without delay, within 20 days (but no later than 1 month), to the contact information you provided.

 

Definitions

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

- data processing: any operation or set of operations which is performed on personal data or on data sets, whether or not by automated means, such as collection, recording, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

- data processor: any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

- controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific aspects of the designation of the controller may also be determined by Union or Member State law;

- consent of the data subject: any freely given, specific and informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear and unambiguous indication of his or her wishes, signifies agreement to the processing of personal data relating to him or her;

- data breach: any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

- recipient: any natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by such public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;

- third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.

 

Data processing guidelines

The data controller declares that it processes personal data in accordance with the data processing information and complies with the provisions of the relevant legislation, with particular attention to the following:

Personal data must be processed lawfully and fairly and in a manner transparent to the data subject.

Personal data may only be collected for specified, explicit and legitimate purposes.

The purpose of processing personal data must be adequate and relevant and limited to what is necessary.

Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted without delay.

Personal data must be stored in a form that permits identification of data subjects for no longer than is necessary.

Personal data may only be stored for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.

Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by applying appropriate technical or organisational measures.

The principles of data protection must apply to all information relating to an identified or identifiable natural person.

 

Important data management information

The primary purpose of data processing is to protect visitors to the service provider's website.

The legal basis for data processing is the consent of the data subject. Duration of data processing and deletion of data. The duration of data processing is always a function of the specific user purpose, but the data must be deleted immediately if the originally intended purpose has been achieved. The data subject may withdraw their consent to data processing at any time by sending a letter to the contact e-mail address. If there is no legal obstacle to deletion, in this case their data will be deleted. The data controller and its employees are entitled to access the data.

The data subject may request from the data controller access to personal data concerning him or her, rectification, erasure or restriction of processing, and may object to the processing of such personal data, as well as the data subject's right to data portability.

The data subject may withdraw their consent to data processing at any time, but this shall not affect the lawfulness of the data processing carried out on the basis of consent before the withdrawal. The data subject may exercise the right to lodge a complaint with a supervisory authority. The data subject shall have the right to obtain from the controller, upon request, the rectification or completion of inaccurate personal data concerning him or her without undue delay. The data subject shall have the right to obtain from the controller, upon request, the erasure of inaccurate personal data concerning him or her without undue delay, and the controller shall be obliged to erase the personal data concerning him or her without undue delay, unless there is another legal basis for the processing. The modification or deletion of personal data may be requested by e-mail, telephone or letter using the contact details provided above.

 

 

Invoice issuance

The purpose of data processing is to issue and send an invoice, electronic or paper invoice as an e-mail attachment. The legal basis for data processing is mandatory data processing based on legislation. The scope of data processing is the service provider's customer partners.

Duration of data processing: Data processing is carried out as required by law or until consent is withdrawn. You may withdraw your consent to data processing at any time by sending an email to the contact e-mail address. The data will be deleted when you withdraw your consent to data processing. You may withdraw your consent to data processing at any time by sending an email to the contact e-mail address. The deletion of billing data may be carried out in accordance with legislation. The data controller and its employees are entitled to access the data. The data is stored electronically. Modification or deletion of billing data can be initiated by email, telephone or letter using the contact options provided above.

 

Scope of data processed

Specific purpose of the data processing

Name: Identification, contact, billing. Company name Identification, contact, billing.

Address: Identification, contact, billing.

Email: Identification, contact.

Telephone: Identification, contact.

Tax number / tax identification number: Identification of the customer.

Invoice data: Identification of the invoice.

Invoice date: Technical information operation.

The data subject may object to the processing of his/her personal data, in this regard, he/she is entitled to the procedure in accordance with the data processing information detailed above and this information, as well as the legal provisions described in the information.

Cookies

Cookies are small data files (hereinafter referred to as cookies) that are transferred to your computer through the website when you use the website, and are saved and stored by your internet browser. Most of the most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow the downloading and use of cookies as a default setting, but it is up to you to refuse or block them by changing your browser settings, or you can delete cookies already stored on your computer. The “help” menu of each browser provides more information about the use of cookies.

There are cookies that do not require your prior consent. Our website provides brief information about these at the beginning of your first visit, such as authentication, multimedia player, load balancer, session cookies that help customize the user interface, and user-centric security cookies.

Cookie Type: Google Analytics is used by the website named above.

Function: This cookie, used by Google, inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), records how users use the website. Based on the information recorded in this way, reports can be created that help improve the website.

The cookie records the following information anonymously, among other things:

(i) the number of visitors to the website,

(ii) the website from which visitors to the website arrived at the website, and

(iii) the pages of the website visited by visitors to the website.

Validity (date of deletion or deadline): 1 year

Social media

A social media site is a media tool where a message is disseminated through social users. Social media uses the internet and online publishing opportunities to transform users from content receivers into content editors. Social media is an interface of internet applications that hosts user-generated content, such as Facebook, Twitter, Instagram, TikTok, Youtube, etc.

Social media can be presented in the form of public speeches, lectures, presentations, product or service presentations. Information published on social media can be in the form of forums, blog posts, images, videos and audio materials, message boards, e-mail messages, etc. In accordance with the above, the scope of the data processed may also include the user's public profile picture in addition to personal data.

Scope of data subjects: website visitors The purpose of data collection is to promote the website or a related website. The legal basis for data processing is the voluntary consent of the data subject. Duration of data processing: according to the regulations available on the given social media site. Deadline for erasing data: according to the regulations available on the given social network. Those entitled to access the data: according to the regulations available on the given social network. Rights related to data management: according to the regulations available on the given social network. Data storage method: electronic.

It is important to note that when the user uploads or submits any personal data, he gives the operator of the social network worldwide permission to store and use such content. Therefore, it is very important to make sure that the user has full authority to communicate the published information.

Google Analytics Our website does not use the Google Analytics application. In the case of Google Analytics, if the above-mentioned site does use it: Google Analytics compiles a report for its customers on the habits of the website users based on internal cookies.

On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it prepares reports related to the website activity for the website operator in order to provide additional services.

The data is stored on Google servers in an encrypted format to make it more difficult and prevent data misuse. You can disable Google Analytics as follows. Quote from the page: Website users who do not want Google Analytics JavaScript to report on their data can install the Google Analytics Opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on is available in most modern browsers.

The Google Analytics opt-out browser add-on does not prevent data from being sent to the website itself and other web analytics services. https://support.google.com/analytics/answer/6004245?hl=hu

Google's privacy policy: https://policies.google.com/privacy?hl=hu Detailed information on the use and protection of data can be found at the links above.

Privacy policy in detail: https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/goog le_privacy_policy_hu.pdf

Data Processors Hosting Provider:

Name / company name: Tárhely.Eu Kft.

Registered office: 1144 Budapest, Ormánság utca 4. X. em. 241.

Mailing address: 1144 Budapest, Ormánság utca 4. X. em. 241.

E-mail:gdpr@tarhely.eu

The data you provide is stored on a server operated by the hosting service provider. Only our employees and the employees operating the server can access the data, but they are all responsible for the secure management of the data. Name of the activity: hosting service, server service. Purpose of data management: ensuring the operation of the website. Data processed: personal data provided by the data subject Duration of data management and deadline for data deletion.

Data management is carried out until the end of the website's operation or according to the contractual agreement between the website operator and the hosting service provider. If necessary, the data subject can also request the deletion of their data by contacting the hosting service provider. The legal basis for data processing is the consent of the person concerned or data processing based on law.

We may only transfer your data within the framework specified by law, and in the case of our data processors, we ensure by stipulating contractual conditions that they may not use your personal data for purposes contrary to your consent. Further information can be found in point 2.

Our company does not transfer data abroad.

The court, the prosecutor's office and other authorities (e.g. the police, tax office, National Authority for Data Protection and Freedom of Information) may contact our company to provide information, disclose data or make documents available. In these cases, we must fulfill our data provision obligation, but only to the extent strictly necessary to achieve the purpose of the request.

Our company's collaborators and employees involved in data management and/or data processing are entitled to access your personal data to a predetermined extent - subject to an obligation of confidentiality.

We protect your personal data with appropriate technical and other measures and ensure the security and availability of the data and protect it from unauthorized access, alteration, damage, disclosure and any other unauthorized use.

As part of organizational measures, we control physical access in our buildings, continuously train our employees and keep paper-based documents locked away with appropriate protection. As part of the technical measures, we use encryption, password protection and anti-virus software. However, we would like to draw your attention to the fact that data transmission via the Internet cannot be considered completely secure data transmission. Our company does everything possible to make the processes as secure as possible, but we cannot assume full responsibility for data transmission via our website, but we adhere to strict regulations regarding the data received by our company in order to ensure the security of your data and prevent illegal access.

Managed data

Duration of data management The data storage period of the given cookie, more information is available here:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

What are your rights and remedies?

You can

Ø request information about data processing,

Ø request the correction, modification, or completion of your personal data processed by us,

Ø object to data processing and request the deletion or blocking of your data (with the exception of mandatory data processing),

Ø seek legal redress in court, Ø file a complaint with the supervisory authority or initiate proceedings (https://naih.hu/panaszuegyintezes-rendje.html).

.

Supervisory Authority: Nemzeti Adatvédelmi és Információszabadság Hatóság

Ø Registered office: 1055 Budapest, Falk Miksa utca 9-11.

Ø Mailing address: 1530 Budapest, P.O. Box: 5.

Ø Telephone: +36 (1) 391-1400 Ø Fax: +36 (1) 391-1410

Ø E-mail:ugyfelszolgalat@naih.hu Website:https://naih.hu/

.

BUDAPESTI BÉKÉLTETŐ TESTÜLET / BUDAPEST CONCILIATION BOARD

● Address: 1016 Budapest, Krisztina krt. 99.

● Telephone number: +36-1-488-21-31

● Fax number: +36-1-488-21-86

● President: Dr. György Baranovszky

● E-mail address: bekelteto.testulet@bkik.hu

.

At your request, we will provide you with information about the data we process or that we – or our commissioned data processor – process

Ø your data,

Ø their source,

Ø the purpose and legal basis of the data processing,

Ø the duration, and if this is not possible, the criteria for determining this duration,

Ø the name, address of our data processors and their activities related to data processing,

Ø the circumstances, effects of data protection incidents and the measures we have taken to address and prevent them, and

Ø in the event of the transfer of your personal data, the legal basis and recipient of the data transfer.

.

We will provide you with our information as soon as possible, within 10 days (but no later than 1 month) from the date of submission of the request. The information is free of charge, unless you have already submitted a request for information to us regarding the same data set in the current year. We will refund the cost compensation already paid by you in the event that the data has been processed unlawfully or the request for information has led to a correction. We may refuse to provide information only in cases provided for by law, indicating the legal place and informing you about the possibility of legal remedy or contacting the Authority. Our company will notify you and all those to whom the data was previously transmitted for data processing purposes of the correction, blocking, marking and deletion of personal data, unless the failure to notify does not violate your legitimate interests. If we do not comply with your request for correction, blocking or deletion, we will inform you in writing or - with your consent - electronically, of the reasons for our refusal and inform you about the possibility of legal remedy and contacting the Authority.

.

If you object to the processing of your personal data, we will examine the objection as soon as possible, within 10 days (but no later than 1 month) from the date of submission of the request, and we will inform you of our decision in writing. If we decide that your objection is well-founded, we will terminate the data processing - including further data collection and transmission - and block the data, and we will notify all those to whom we have previously transmitted the personal data affected by the objection, and who are obliged to take measures to enforce the right to object, of the objection and of the measures taken on its basis.

.

.

Legal basis for data processing - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation). - Act CXII of 2011 on the right to informational self-determination and freedom of information. - Act CVIII of 2001 on certain issues of electronic commerce services and information society services. - Act C of 2003 on electronic communications. - Act CXXVII of 2007 (hereinafter: VAT Act) and in particular Article 169 thereof (due to the obligation to issue a receipt and the data content of the invoice).

.

You can dowload the Privacy Statement PDF document:

 

MusicMall HangszerHáz 2025.01.26.