PRIVACY POLICY
1. THE AIM OF THIS DOCUMENT
Andrea Maszkály independent contractor (hereinafter "Controller", or "Provider") operates the Webshop www.wabisabipark.com (hereinafter "Website"), and processes the data of the Website’s visitors, readers, and those who register and download content (hereinafter "Users", or "Customers"). By registering on the Website and by making a purchase, the User consents to the processing of their billing information (surname, first name, billing address, phone number, e-mail address, purchasing data), and storing them in a database, and to receive e-mails from the Website, which can also contain information for marketing purposes. Providing data is based on voluntary contribution.
The Provider treats the data of the User as confidential, in accordance with the current laws in effect, and does not forward the data to any third party, considering law LXIII. of the year 1992 about protecting personal data and the publicity of data of general interest, and law VI. of the year 1998 about protecting individuals when computer-processing their personal data.
The aim of this document is to inform the Users in plain language about the data protecting and processing activity of the Provider, based on the (EU) 2016/679 regulation of the European Parliament and Council.
2. INFORMATION ABOUT THE CONTROLLER
  • Name of Provider: Andrea Maszkály independent contractor
  • Headquarters of Provider: 1161 Budapest, Bercsényi u. 4/A (not a store, not a receiving point)
  • Registration number: 53783840
  • Date of Registration: 13.06.2019.
  • Tax number: 69855913-1-42
  • E-mail: info@wabisabipark.com
  • Website: https://www.wabisabipark.com/en/
3. THE AIM OF DATA PROCESSING
  • Identifying the User and keeping in touch
  • Identifying entitlement of the User
  • Protecting the rights of the User
  • Handling complaints
  • Personalizing marketing and system messages sent to the User
  • Creating the conditions detailed in the GTC
  • Complying with the laws that specify the obligations of the Controller
4. PRINCIPLES OF PROCESSING DATA
  • "Legality": The Provider respects the personal rights of the Users of the Website, and handles the personal data provided by the Users confidentially, in compliance with the data protection laws.
  • "Purpose limitation": Personal data can only be processed until and in the degree it is necessary for fulfilment. Only such data can be processed which is necessary and appropriate for the aim of data processing.
  • "Data minimisation": We only process personal data that is appropriate and definitely necessary for the aims of data processing.
  • "Integrity and confidentiality": The Provider takes every technical and security step that serves the security of data, avoiding its unauthorized or unlawful use.
  • "Accuracy and storage limitation": The Provider does everything to keep the processed data accurate and up to date, and the User could only be identified for the time necessary for data processing.
  • The Provider does not check the data given by the User, it is the responsibility of the User to provide them correctly.
5. INFORMATION ABOUT ACTIVITIES REQUIRING DATA PROCESSING
5.1. When sending an e-mail from the Contact menu
Data processing activity, the aim of data processing
Using the Contact menu a direct message can be sent to the Provider. Providing data is voluntary, its aim is to allow the Provider to identify you and get in touch with you, if necessary. The Provider uses the processed e-mail addresses legally and only in the following cases: Replying to User requests, questions and complaints.
Range of processed data
The data provided by the User when contacting the Provider: name, e-mail address.
Legal basis of processing data
The Provider processes the data provided by the User in a voluntary basis when contacting the Provider. By sending a message in the Contact menu the Users consent to the processing of their data.
Duration of data processing
The Controller processes your data only until it is necessary in order to sort out any issue stated in the e-mail that was sent.
Forwarding data
The Controller does not forward the data you provided at contact to any third party, except for a situation when it is required by the law to forward the complaint to the competent authorities as part of handling complaints.
5.2. Registering
Data processing activity, the aim of data processing
A registration is not required to visit the Website, but it is required in order to make a purchase. The Customer consents to the processing of their data by registering. The aim of providing an e-mail address for the registration is to forward the purchased product to the Customer in an electronic format, and to make new purchases more convenient in the future.
Range of processed data
Personal data provided when filling in the registration form: e-mail address, password
Legal basis of processing data
The Controller processes the data provided by the User in a voluntary basis when registering. For providing the service in connection with the informative society stated above, processing data is necessary on a legal basis for fulfilling the contract created by the registration.
Duration of data processing
The personal data provided at registration is processed by the Controller until the deletion of the registration, when the contract related to the service in connection with the informative society is terminated.
Forwarding data
The Controller does not forward the personal data provided at registration to any third party.
5.3. Ordering, payment
Data processing activity, the aim of data processing
During the processing of the order data processing is required in order to fulfil the contract and to forward the product.
Range of processed data
The Controller processes the following data of the User during the order: name, address, phone number, e-mail address, purchasing data (name of product), order number and time.
Legal basis of processing data
Fulfilling the contract.
Duration of data processing
The data is stored for 5 years based on the civil law for the period of prescription.
Forwarding data
The Provider does not record any debit card data related to the payment. Payment is made through the system of PayPal.
5.4. Billing
Data processing activity, the aim of data processing
The Controller processes the data because of the obligation to issue the invoice and keep accounting documents specified by the law.
Range of processed data
The data that is necessary to issue the invoice: name, address, phone number.
Legal basis of processing data
Based on law CXXVII.159 § of the year 2007 about value added tax issuing an invoice is obligatory for the Provider.
Duration of data processing
The Provider must keep the invoices for 8 years based on law 169 § of the year 2000 about accounting.
Forwarding data
The automatically issued e-invoice during purchase gets to the Customer through the system of Számlázz.hu. Forwarding the personal data of the User apart from the above is only possible in case of obligatory data forwarding specified by the law.
5.5. Signing up for the newsletter
Data processing activity, the aim of data processing
The User can sign up for the regularly sent Newsletter service of the Provider by providing their personal data. The Controller uses the data provided during sign up only to forward the newsletter to the User.
Range of processed data
Personal data provided when signing up for the newsletter: e-mail address, name, (the birth year of the child is optional)
Legal basis of processing data
The Controller processes the User’s personal data on a voluntary basis. By providing their personal data they also consent to the data processing.
Duration of data processing
The Controller stores and processes the personal data provided when signing up for the newsletter until signing off or until withdrawing consent.
Forwarding data
The newsletter service happens on our own newsletter system. The Controller treats the personal data provided when signing up confidentially and does not forward the data to any third party.
5.6. Cookies
The Website uses cookies in order to optimize user experience. The software running the Website installs so called cookies, a range of data on the User’s computer when visiting and using the Website.
By using the Website the User voluntarily consents to the management of cookies, which are necessary for providing the service. The lifespan of the cookies expires when terminating the workflow, but the lifespan of the cookies that record data is two years. The browser can provide information about the settings of the cookies, in order to switch them off or to disable them.
Applied cookies:
  • cookies that contain data provided by the User;
  • cookies that certify workflow;
  • cookies that support payment;
  • statisztikai süti, melyek a Honlap látogatásának eseményeit rögzítik, és arról anonim módon adnak statisztikai kimutatásokat az Adatkezelőnek;
5.7. Special range of personal data
A person whose age is below sixteen years can only provide data with the permission of a person that has parental authority.
6. DURATION OF DATA PROCESSING, DATA MODIFICATION
We store User data from the fulfilment of the order until the end of the general 5-year prescription period specified by the Civil Code (Ptk. 6:22. §), but the Users can withdraw their consent any time during data processing. The e-mail address is stored until its deletion from the record is requested. After the registration the User has one week to activate the account available. After one week their data is deleted. Modification and deletion of data is possible by clicking the appropriate menu on the main page. Modification of data that was provided when purchasing without registration, or requesting information about processed data is possible at the e-mail address info@wabisabipark.com. The invoices have to be stored for 8 years from the date of issuing the invoice according to the Sztv. 169. § (’) and (2) paragraphs.
7. FORWARDING DATA, THE RANGE OF PEOPLE WHO GET TO KNOW THE DATA
The Provider handles the data of the User confidentially and, apart from how it is stated in the law, can only forward it to any third party in the following cases, and only for data processing purposes, which is acknowledge by the User by consenting to this document and the GTC.
1. The hosting service provider responsible for the technical background of the Website is also considered as a data provider, for which the data processing policy of the hosting service provider is the standard. Hosting service provider: MEDIACENTER HUNGARY Kft., (headquarters: 6000 Kecskemét, Sosztakovics utca 3. 2. em. 6., company registration number: 03 09 114492, tax number: 13922546203, e-mail: mediacenter@mediacenter.hu)
2. Payment interface: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg, e-mail: enquiry@paypal.com.
3. Billing: Számlázz.hu, KBOSS.hu Kft., Postal address: KBOSS.hu Kft., 1031 Budapest, Záhogy utca 7/C, e-mail: info@szamlazz.hu
4. The Provider is not responsible for the data processing practice of any other service providers (e.g. website maintainer, accountant) in relation with operating the system.
Apart from the above, forwarding any personal data is only possible with the consent of the User or in case it is specified by the law.
Other provisions
The Controller can only forward the personal data of the User to the authorities based on legal entitlement if requested in writing and only in the amount that is absolutely necessary for the authorities.
8. RIGHTS OF THE USER DURING DATA PROCESSING
The user has the following rights in relation with their data provided to the Controller and the processing of that data. When contacting the Controller the User needs to indicate which right they want to exercise. In such cases the Controller needs to act in accordance with the law with a 30-day deadline. The Controller must inform anyone who the personal data was forwarded to about the correction, deletion and limitation of such data.
Transparent information
The Controller must provide the User with all the information related to data processing in clear, plain language.
Accessing personal data
If the User has a registration, they can check their personal data by signing in to their user account. If they are not registered, they can request information about their processed personal data in e-mail.
The right to be informed
The User has the right to request information about the processing of their personal data. On request, the Controller must inform the User about the aim of data processing, duration of data processing, and who their data was forwarded to.
The right to modify data
The User can initiate or request the modification of their data.
The right to withdraw consent
The User has the right to withdraw the consent for processing their data, which will be removed from our system as a consequence. Data that is processed when billing or handling complaints is an exception, since the Controller needs to keep these until the time it is specified in the law.
The right to delete data
The User has the right to request the deletion of their data if the aim of data processing ends or the data processing is illegal. The Controller does not need to delete any personal data that is needed for legal purposes or when the Controller is obliged by the law to keep them. Data that is processed when billing or handling complaints is an exception from deletion, since the Controller needs to keep these until the time specified in the law.
The right to limit data processing Adatkezelés korlátozásának joga
The User can ask the Controller for the limitation of data processing. In such case the data is not deleted, but no data processing is continued except for storage.
The right to data portability
If technically manageable, the User can ask the Controller to the collect their personal data in a readable, typed format, and to forward these data to another controller on demand.
The right to make a complaint
The Provider must respond within 30 days to any complaints of the Customer that was made in written or electronic format. (customer support contact: Andrea Maszkály, e-mail: info@wabisabipark.com). In case of any dispute the consumer can turn to the competent Conciliation Board of Budapest (headquarters: 1016 Budapest, Krisztina krt. 99. III. em. 310., mail address: 1253 Budapest, Pf.: 10., e-mail address: bekelteto.testulet@bkik.hu).
The right to turn to the court
The User can turn to the court in case of the violation of their rights.
9. DATA SECURITY ACTIONS
The Controller ensures the User about the security of processing their personal data and takes every step in order to prevent unauthorized use, modification, deletion and publication of personal data. The Controller warns every other controller who the data is forwarded to, to handle the data securely.
10. LEGAL REMEDY
If you think that unauthorized data processing happened, you can turn to the court or issue a statement to the National Authority for Data Protection and Freedom of Information, and initiate an investigation.
National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Telephone: 06-1-391-1400
Telefax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
11. REGISTERING TO THE DATA PROTECTION RECORD
The registration obligation of the data processing activity of the Controllers to the data protecting record ceased on 25.05.2018.
12. THE LEGAL BASIS OF DATA PROCESSING
REGULATIONS RELATED TO THE DATA PROCESSING ACTIVITY
  • The 2016/679 regulation of the European Parliament and Council (EU) about the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR")
  • Law CXII. of the year 2011 about the right to informational self-determination and the freedom of information (hereinafter "Infotv")
  • Law V. of the year 2013 of the Civil Code
  • Law CVIII. of the year 2001 about electronic commercial service and certain questions of the services related to the informative society
  • Law C. of the year 2003 about electronic communication of information
  • Law CLV. of the year 1997 about consumer protection
  • Law XLVIII. of the year 2008 about the basic criteria and certain limitations of economic commercial activity
  • Law C. of the year 2000 about accounting (hereinafter "Sztv.")
13. The right to turn to the court
The current privacy policy comes into effect on the day it is published on the Website (20.03.2022) and it applies to every Customer. The Provider has the right to modify the current privacy policy anytime. The changes apply on the date of publication on the Website. If the User does not agree with the modification of the current privacy policy, they have the right to deletion or limitation. The User can ask questions about the current privacy policy in an electronic format at the e-mail address info@wabisabipark.com.
Date of issuing: Budapest, 20.03.2022.