Privacy Policy

Data Manager

Name: Krisztián Lesku EV. 

headquarters: 2483 Gárdony, Paál László utca 8

Registration number: 52317132, registered by the Ministry of the Interior

Mailing address, complaint handling: 2483 Gárdony, Paál László utca 8

E-mail: info@ohlive.hu

Phone: +36 70 6199721

Website: www.ohlive.hu

Privacy Officer: under the GDPR Regulation, the Operator is not obliged to appoint a Data Protection Officer

Effective as of April 15, 2019.

The Data Controller reserves the right to change and modify the Data Management Information by unilateral decision.

The scope of the Data Management Prospectus covers the data management arising from the commercial activity of the Operator. THE www.ohlive.hu user accepts the provisions of the Data Management Prospectus at any time by entering, registering and purchasing the site and expresses its consent to it.

The legal basis for data management is the voluntary consent of the data subject based on the prior information of the Data Controller. The Data Controller does not check the personal data provided to him or her, and excludes his / her responsibility and the legality of the data management of the partners. The data subject is entitled to withdraw his consent at any time. Withdrawal of consent does not affect the legality of the pre-withdrawal data management based on consent.

The Data Manager will only collect and process your data if you have given your consent. We can assure you that we will do our utmost to comply with the strict requirements of data management and confidentiality, and in all cases we will comply with all legal provisions related to data protection. We use all collected personal information solely to provide our customers with the highest quality of service and to optimize our services to meet your needs and expectations. The Data Controller is committed to respecting the right to information self-determination. Your personal information will be treated confidentially and will not be transferred to a third party unless it is necessary for the performance of the contract for certain business partners, subcontractors (eg courier services). For them, only the data they need to perform their tasks are transmitted. We are not entitled to use, store or forward any data received from us in any form whatsoever.

Legal background:

  • Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)
  • CXII. Act on the Right to Self-Determination of Information and Freedom of Information

concepts:

Data Controller: a natural or legal person, public authority, agency or any other body that defines the purposes and means of the processing of personal data independently or with others.

Data Management: any set of operations or operations that are performed on personal data or data files in an automated or non-automated manner, such as collection, recording, systematization, distribution, storage, transformation or alteration, query, access, use, communication, distribution, or otherwise batch, alignment or interconnection, restriction, deletion or destruction.

Data Processor: a natural or legal person, public authority, agency or service provider who handles personal data on behalf of the Data Controller.

Personal data: any information relating to an identified or identifiable natural person ("affected"); identifies a natural person who, directly or indirectly, in particular by reference to an identifier, such as name, number, positioning data, online identifier or one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of a natural person identified.

Subject: Any natural person identified or identifiable by any specific, direct or indirect personal data.

The consent of the data subject: a voluntary, concrete and clear indication of the will of the data subject by which he or she expresses his / her consent to the processing of the personal data affecting him or her by means of an act expressing the declaration unambiguously.

Addressee: natural or legal person, public authority, agency or any other body with or with whom personal data are disclosed, whether or not a third party is involved.

Third party: any natural or legal person, public authority, agency or any other body which is not the same as the data subject, the controller, the processor or the persons authorized to process personal data under the direct control of the controller or processor.

Principles of data management

Personal information:

  • should be conducted in a lawful and fair manner and in a transparent manner for the data subject ("legality, fairness and transparency")
  • only for a specific purpose, for the purpose of exercising rights and fulfilling an obligation ("purpose limitation")
  • they must be relevant and relevant to the purposes of the data management and must be limited to what is necessary ("data saving")
  • must be accurate and, if necessary, up to date ("accuracy")
  • Storage must be in a form that permits identification of data subjects for only the time necessary to achieve the purposes for which the personal data are processed ("limited storage")
  • management must be carried out in such a way as to ensure that personal data are properly protected, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality")

The data supply on the website is voluntary and the Data Manager handles the personal data with the consent of the data subject. In the case of a person under the age of 16, the Data Controller shall in no case collect the personal data of the data subject. Personal data is not transferred to a data controller or data processor in a third country and is not passed on to third parties unreasonably.

Legality of data management

1. The processing of personal data shall be lawful only if and to the extent that at least one of the following is fulfilled:

  1. (a) the consent of the data subject to the processing of his or her personal data for one or more specific purposes;
  2. (b) the processing is necessary for the performance of a contract in which the data subject is required by one of the parties or at the request of the data subject before the conclusion of the contract;
  3. (c) the processing is necessary for the performance of a legal obligation to the controller;
  4. (d) the processing is necessary for the protection of the vital interests of the data subject or another natural person;
  5. (e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of a public authority conferred on the controller;
  6. (f) the processing is necessary for the legitimate interests of the controller or of a third party, unless such interests have priority over the interests or fundamental rights and freedoms of the data subject, in particular where the child concerned is concerned.

 

Data security measures

The Data Controller stores the personal data provided by the data subject at its headquarters and takes appropriate measures to ensure the security of the data, as well as to protect the personal data of those affected, including unauthorized access. The Data Controller ensures that the principles of data management are respected and that personal data cannot be made accessible to an undetermined number of individuals.

 The purpose of data management

The purpose of data management is solely to prove the services of the Webshop, its contractual relations and the fulfillment of the order and the subsequent proof of the order terms. In the course of data management, we strive to handle only the personal data necessary for the purpose.

Therefore, data management is as follows:

  • contact, contact, and customer identification
  • order processing, preparation of a contract
  • invoice
  • transport of goods; delivery of ordered product
  • for handling complaints and handling.

The range and duration of data processed

During data management, the Data Manager manages your name, address, telephone number, e-mail address, the characteristics of the purchased product, the date of purchase, the order number, the payment and delivery method, the IP address of the data subject and the content of the complaint. In any case, only the data strictly necessary for the execution will be managed for the required or statutory period.

  • When contacting: the information you provide, such as email, name, phone number (until the contact is closed).
  • Ordering details: name, address, telephone number, e-mail address, characteristics of the purchased product, order number and date, and payment and delivery method (5 years for civil limitation periods).
  • Invoice issue: name, address, telephone number, e-mail address (pursuant to Section 169 (2) of Act C of 2000 on Accounting, it shall be kept for 8 years from the date of issue of the invoice).
  • Delivery of goods during delivery: name, address, telephone number, e-mail address (until delivery of ordered goods).
  • Complaint handling: name, address, telephone number, e-mail address, content of complaint and recorded minutes (pursuant to Section 17 / A (7) of Act CLV of 1997 on Consumer Protection, we are obliged to keep the complaint for 5 years).
  • During registration, you will receive an email address and the personal information you have provided in your account, such as name, address, and orders placed. You may change or delete your data at any time in the Webshop user interface.
  • When registering, subscribing and subscribing to the newsletter, we store the information related to the consent - the date of consent and the IP address of the data subject - in order to be able to prove it later, in accordance with the legal requirements (until the consent to the data management is withdrawn).

Cookies, remarketing

The Data Controller uses the so-called cookies (cookies) on the website to save certain settings, facilitate the use and optimization of our Webshop. In addition, we collect statistical information about our visitors using Google Analytics. The data recorded in this way (eg IP address, date of visit, in some cases browser type) is not suitable for user identification and cannot be linked to other personal data. Google will only pass this information on to third parties if required by law or processed by third parties on behalf of Google.

The remarketing activity is implemented with the help of cookies (Google Adwords), which is based on the voluntary contribution you give to the Data Controller using the website. The Operator uses cookies to display advertisements to users of the Webshop via Google and Facebook. Data collection and storage can be revoked at any time, cookies may be disabled in Google services, and the affected person has the option to delete cookies in their browser.

Google general cookie information: https://www.google.com/policies/technologies/types

Google Analitycs: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Facebook prospectus: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

More data management

If the Data Controller wishes to perform further data management, it will provide prior information on its essential information. Personal data will only be transferred to a third party if the data subject has explicitly agreed to it or is authorized by law to transfer the data.

We will inform you that the Competent Authorities will be required to fulfill written requests for information in writing by the Data Controller. The Data Controller cannot be held responsible for the resulting data transmission and possible consequences.

Data Controller for Data Transfers in Info In accordance with Article 15 (2) - (3), it shall keep a record of the legality of the transmission of data.

Data processing activities

Data Processors and third-party service providers cooperate with the Data Controller to perform the activities of the Webshop, such as delivering ordered goods, invoicing and executing online payments. We will do our best to ensure that personal data transmitted are handled in accordance with the law and used only for the purpose of performing their duties.

Data Processors, External Providers Used by the Operator:

  • FoxPost Co. (3200 Gyöngyös, Batsányi János utca 9)
  • SPRINTER Futárszolgatás Kft. (1097 Budapest, Táblás utca 39.)
  • Express One Hungary Kft. (1239 Budapest, Európa utca 12.)
  • iLogistic Kft. (2051 Biatorbágy, Verebély László utca 2)
  • Barion Payment Zrt. (1117 Budapest, Infopark promenade 1.)
  • Octonull Kft. (1085 Budapest, József körút 74. I. em. 6.)
  • Facebook (Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland)
  • Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America)

Your rights

In the course of data management, you have the following rights under the GDPR Regulation:

  • access to personal data
  • right to rectification
  • the right to be deleted ("forget")
  • right to restrict data management
  • right to data storage
  • right to protest

Right of access of the data subject

The data subject has the right to receive feedback from the Data Controller about whether personal data is being processed and, if such data is being processed, to have access to the personal data processed and to the following information:

  1. (a) purposes of data management;
  2. (b) the categories of personal data concerned;
  3. (c) the categories of recipients or recipients to whom or with whom personal data have been communicated, including in particular third-country recipients or international organizations;
  4. (d) where applicable, the planned duration of the storage of personal data or, where this is not possible, the criteria for determining that period;
  5. (e) the right of the data subject to apply to the Data Controller for rectification, erasure or restriction of personal data relating to him or her and may object to the processing of such personal data;
  6. (f) the right to lodge a complaint with a supervisory authority;
  7. (g) if the data were not collected from the data subject, all available information on their source;
  8. (h) the fact that automated decision-making, including profiling, and at least in these cases the logic used and understandable information on the significance of such data management and the expected consequences for the data subject.

The Data Controller shall make a copy of the personal data subject to data management available to the data subject. The Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. If the data subject has submitted the application by electronic means, the information shall be made available in a widely used electronic format, unless otherwise requested by the data subject. The right to request a copy must not adversely affect the rights and freedoms of others.

Right to rectification

The data subject shall have the right, at his request, to correct the inaccurate personal data relating to him without undue delay. Taking into account the purpose of data management, the data subject is entitled to request the supplementation of incomplete personal data, including by means of a supplementary declaration.

Right to be deleted ("forget")

1. The data subject shall have the right, at his request, to delete personal data relating to him without undue delay and the controller shall delete personal data relating to the data subject without undue delay if one of the following grounds exists: \ t

  1. (a) personal data are no longer needed for the purpose for which they were collected or otherwise processed;
  2. (b) the data subject's consent is withdrawn by the data subject and there is no other legal basis for the processing;
  3. (c) the data subject objects to the processing of the data and there is no legal reason for the data to be given priority
  4. d) personal data have been unlawfully treated;
  5. (e) the personal data must be erased in order to fulfill a legal obligation under Union or Member State law applicable to the Data Controller;
  6. f) the collection of personal data related to the provision of information society services.

2. Where the controller has disclosed personal data and is obliged to cancel it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to inform the controllers managing the data, taking into account the costs of technology and implementation available. that the data subject has requested them to delete the relevant personal data links or a copy or a duplicate of such personal data.

3. Paragraphs 1 and 2 shall not apply where the processing is necessary: \ t

  1. (a) to exercise the right to freedom of expression and information;
  2. (b) the fulfillment of an obligation under Union or Member State law which governs the processing of personal data and for the performance of a task carried out in the public interest or in the exercise of a public authority conferred on the controller;
  3. (c) on grounds of public interest in the field of public health;
  4. (d) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right referred to in paragraph 1 is likely to render such processing impossible or seriously jeopardized; or
  5. e) bringing, enforcing or protecting legal claims.

Right to restrict data management

1. The data subject may, at his request, be restricted by the data controller if one of the following conditions is met: \ t

  1. (a) the data subject contests the accuracy of the personal data, in which case the restriction applies to the period that allows the controller to verify the accuracy of the personal data;
  2. (b) the processing is unlawful and the data subject is against the deletion of the data and instead requests a restriction on their use;
  3. c) the Data Controller no longer needs personal data for data management purposes, but the data subject requests them for the submission, validation or protection of legal claims; or
  4. d) the data subject objected to; in this case, the limitation shall apply for the period until it is established whether the legitimate reasons of the controller prevail over the legitimate reasons of the data subject.

2. Where the processing of data is subject to restrictions, such personal data shall, with the exception of storage, only with the consent of the data subject or for the submission, validation or protection of legal claims or for the protection of the rights of another natural or legal person, or of the public interest of the Union or a Member State can be treated.

(3) The Data Controller shall inform the data subject at whose request the data management has been restricted pursuant to paragraph (1), prior to the release of the restriction on data management.

Right to data storage

The data subject shall be entitled to receive personal data relating to him / her which is made available to him / her by a data controller in a structured, widely used, machine-readable format and shall be entitled to forward such data to another controller without being hampered by the controller whose provided personal information to you if:

  1. (a) the legal basis for the processing is based on consent or contract; and
  2. b) data management is automated.

When exercising the right to portability of data, the data subject is entitled to request, where technically feasible, the direct transmission of personal data between controllers.

Exercising the right to portability of data should not prejudice the right to erasure. The right to portability of data shall not apply where the processing is necessary for the performance of a task carried out in the exercise of public authority or of the exercise of public authority conferred on the controller.

The right to portability of data must not adversely affect the rights and freedoms of others.

Right to protest

The data subject shall have the right to object at any time to the handling of his or her personal data based on legitimate interests, including profiling. In this case, the controller may not further process the personal data unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject or which are intended to bring, validate or defend legal claims. related.

If the processing of personal data is done for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data relating to him or her, including profiling, if related to direct marketing.

If the data subject objects to the handling of personal data for the purpose of direct marketing, then personal data will no longer be processed for this purpose.

If the processing of personal data is for scientific and historical research purposes or for statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her for personal reasons, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Automated decision making

The data subject shall have the right not to be subject to a decision based solely on automated data management, including profiling, which would have legal effect on him or would equally be significantly affected by it.

The preceding paragraph shall not apply if the decision:

  1. (a) necessary for the conclusion or performance of a contract between the data subject and the controller;
  2. (b) it is made possible by Union or national law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms of the data subject and his legitimate interests; or
  3. (c) is based on the explicit consent of the data subject.

Remedies

If you believe that the Data Controller has violated any statutory provisions on data management or has failed to comply with any of its requests, you may contact your National Data Protection and Freedom of Information Authority or initiate an investigation procedure with your complaint directly to eliminate the alleged unlawful data management (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c., Phone: +36 1 391 1400, email: ugyfelszolgalat@naih.hu, Website: www.naih.hu).

Please be advised that in case of unlawful data processing you are entitled to go to court and initiate a civil lawsuit against the Data Controller. The case may also be initiated by the person concerned before the court of the place of residence or domicile.

contact

If you decide to remove newsletters from us or delete your personal information at any time, please notify us of your request info@ohlive.hu by email.

Also, if you have any questions, complaints about compliance with this policy, or if you only want to make comments on improving the quality of our prospectus, please contact us at the following email address: info@ohlive.hu.

We welcome all inquiries and, to the best of our ability, satisfy the expectations of our visitors and customers.

Download