1. GENERAL INFORMATION
In order to inform you of all aspects concerning the processing of your personal data, please read the below points carefully. For further information concerning other aspects of using the Webshop, please also see the separate policies included on the Webshop, such as the Terms and Conditions.
The Controller with regard to the Webshop is Földi Petra Orsolya e.v. (private entrepreneur, registered office and postal address: 1172 Budapest, Kecel u. 41., Hungary, registration number: 51807599, tax number: 68481290-1-42, e-mail: petrafoldi @ theraincoat.com, hereinafter: “THERAINCOAT” or “we” or “us”).
Personal data shall mean any information relating to an identified or identifiable natural person (i.e. the Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of data shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor shall mean a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The data subject’s consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
NAIH refers to the Hungarian National Authority for Data Protection and Freedom of Information. The competent Authority in respect of THERAINCOAT is NAIH.
3. PRELIMINARY INFORMATION ON PROCESSING OF PERSONAL DATA
THERAINCOAT is processing your personal data regarding the below listed operations, according to the following conditions:
3.1. Purposes for which your personal data is required
- Operating the Webshop: managing the personal data of the Controller’s customers in relation with purchasing a product, shipping, invoicing or contacting you (e.g. regarding the delivery of your order, in case of an eventual return or asking your feedback after delivery).
- Newsletters: users can subscribe and unsubscribe through an online automated process at their own discretion.
- Cookies: for detailed information about cookies, please see point 4. herein below.
3.2. Legal basis of the data processing operation
- In case of operations mentioned in point 3.1.a): according to Article 6, point b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”), processing is necessary for the performance of a contract to which the Data subject is party.
- In case of point 3.1.b): the legal basis of the data processing operation is your consent.
- Regarding 3.1.c): the legal basis of the data processing operation is your consent, except for strictly necessary cookies (see point 4.2).
3.3. Personal data concerned
- In case of operations mentioned in point 3.1.a): your name, address, phone number, e-mail address, delivery address.
- In case of point 3.1.b): your e-mail address.
- Regarding 3.1.c): by using the cookies placed on your device, the following data may be recorded automatically: the starting and ending time of your visit, your IP address, in some cases the type of browser and operating system used, the subpages visited, and the time spent there. Please note that since cookies are placed at your device, these are at your entire disposal.
3.4. Processors and persons to whom your data may be disclosed
The entity providing data hosting services for the Webshop is Shopify Inc. (registered seat: 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada).
The payment gateway of the Webshop is powered by PayPal (run by PayPal Europe S.à r.l. et Cie, S.C.A., address: 22-24, Boulevard Royal L-2449 LUXEMBOURG, registered by Commission de Surveillance du Secteur Financier or CSSF under No B00000351) and / or by SimplePay (run by OTP Mobil Szolgáltató Kft., registered seat: 1093 Budapest, Közraktár u. 30-32., Hungary, registration No: 01-09-174466, tax No: 24386106-2-43).
The delivery of the products is organized via recognized courier companies such as GLS, DPD, TNT or UPS. or by Fürgefutár.hu Kft. (registered seat: 1122 Budapest, Maros utca 12., registration No: 01-09-946845, tax No: 22966331-2-42) as third-party service provider of THERAINCOAT who delivers the products worldwide through the above-mentioned courier companies, or by the Hungarian Post.
We may also use the services of Google LLC (registered seat: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Facebook Inc. (registered seat: 1601 S. California Ave, Palo Alto, CA 94304, USA) for marketing and remarketing purposes.
3.5. Duration of the data processing operations
As for data provided during the ordering process, please note that the retention time for accounting documents (such as invoices) is 8 years, as required by the applicable accounting provisions.
If you subscribed for newsletters, your e-mail address will be processed for this purpose until you unsubscribe.
As for cookies, strictly necessary cookies are session cookies, which are stored in temporary memory and are erased when you close the web browser. Other cookies may have a different expiry but typically they are placed on your device until deletion.
Please note that you as Data subject may request at any time from THERAINCOAT as Controller the erasure of your personal data.
4.1. About cookies
Cookies are files created by websites you visit. They can make your online experience easier by saving browsing information. Cookies may be used to store your passwords and user ID’s, preferences, ordering status, personalization or website tracking (e.g. targeted marketing).
Please also find detailed explanations concerning cookies on the following websites:
4.2. Categories of cookies used on the Webshop
There are several types of cookies:
Cookies that do not require approval are strictly necessary cookies, i.e. cookies that are essential, enabling features without which you would not be able to use the Webshop as intended. They are only saved on your computer while you are actually browsing the Webshop. Cookies that require consent: cookies which are not absolutely essential in order to use the Webshop but fulfil important functions. Without these cookies, features that enable the Webshop to be used easily will no longer be available.
The use of strictly necessary cookies is essential for the Webshop to work and THERAINCOAT does not use these cookies to collect personal information about you. These are used for technical purposes such as keeping track of your current shopping session and enabling you to proceed to checkout and pay for products. These cookies are session cookies, which typically store information in the form of a session and they are stored in temporary memory and are erased when you close the web browser.
THERAINCOAT also uses functional cookies which enable the Webshop to save information which has already been entered (such as languages choices). This allows THERAINCOAT to tailor your website experience specifically to your preferences.
Performance cookies are aiming at gathering information about how the Webshop is used. These cookies are gathering information only for statistical purposes and do not gather any information that can personally identify you. The performance cookies used include Google Analytics and other third-party analytics providers to help measure how users interact with the content of the Webshop. For further information on Google Analytics, please visit Google’s information page.
Google AdWords and Facebook are marketing and retargeting third party service providers of THERAINCOAT. For further information about Google ads that you may see, please visit Google’s support page. To learn more about data protection and the settings options relating to Facebook ads, please check Facebook’s information page.
4.3. How to change your cookie settings and withdraw your consent
Please note that if you turn cookies off, this may limit the service that the Webshop is able to provide to you and may affect your visitor experience.
5. RIGHTS AND REMEDIES
5.1. Entitlements of Data subjects and exercise of their rights
With regard to personal data processed by the Controller or by the Processor acting on the Controller’s behalf or following the Controller’s instructions, the Data subject shall, under the conditions set out in the Info Act:
- have the right to be informed of the circumstances of data processing before the commencement of processing (“right to prior information”);
- have the right to request the Controller to make available his personal data and information concerning the processing thereof (“right of access”);
- have the right to obtain from the Controller rectification and/or amendment of his or her personal data upon request (“right to rectification”);
- have the right to obtain from the Controller restriction of his or her personal data upon request (“right to restriction of data processing”);
- have the right to obtain from the Controller erasure of his or her personal data upon request (“right to erasure”).
In order to ensure the exercise of the rights of Data subjects, the Controller shall implement appropriate technical and organizational measures, such as:
- to provide any information and any communication to the Data subject in an intelligible and easily accessible form, using concise, clear and plain language, and
- to evaluate any request submitted by the Data subject concerning the exercise of his or her rights within the shortest possible time, not exceeding 25 (twenty-five) days, and to notify the Data subject of its decision in writing, or electronically, if the Data subject made the request by electronic means.
5.2. Authority proceedings and judicial remedy
In exercising his or her rights, the Data subject shall be able to:
- request NAIH to investigate the lawfulness of processing by the Controller, if the Controller prevented the exercise of his or her rights, or refused his or her request for exercising those rights; and
- request NAIH to open administrative proceedings for data protection, if he or she is of the opinion that the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions is in breach of the provisions of law or binding legislation of the European Union on the processing of personal data.
The Data subject may bring action before the court against the Controller, or the Processor - in connection with processing operations falling within the Processor’s scope of responsibilities - if he or she is of the opinion that the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions processes his or her personal data in breach of the provisions of law or binding legislation of the European Union on the processing of personal data.
The burden of proof to ascertain that data processing is in compliance with the provisions of law or binding legislation of the European Union on the processing of personal data, lies with the Controller and/or the Processor.
If the court rules in favor of the plaintiff, it shall establish the infringement and shall order the Controller and/or the Processor: (a) to bring about the cessation of the unlawful processing operations; (b) to restore the lawfulness of data processing, and/or (c) to perform certain well-defined activities so as to ensure the exercise of the Data subject’s rights, and shall rule on any claim for damages, restitution, if applicable.
5.3. Liability and restitution
If the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions is in breach of the provisions of law or binding legislation of the European Union on the processing of personal data, thus causing damage to others, they shall be liable for such damage.
If the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions is in breach of the provisions of law or binding legislation of the European Union on the processing of personal data, and thus violates the rights of others relating to personality as a result, the person whose rights relating to personality are violated may demand restitution from the Controller and/or the Processor acting on the Controller’s behalf or following the Controller’s instructions.
The Controller shall be exempt from liability for damages or for payment of restitution if he proves that the damage was caused by or the violation of rights relating to personality is attributable to reasons beyond his control.
The Processor shall be exempt from liability for damages or for payment of restitution if able to evidence that he has acted during processing operations in compliance with all obligations specifically directed to Processors by law or binding legislation of the European Union pertaining to processing personal data, and in due observation of the Controller’s lawful instructions.
No compensation shall be paid, and no restitution may be demanded where the damage was caused by, or the violation of rights relating to personality is attributable to, intentional or negligent conduct on the part of the person whose rights relating to personality had been violated.
The data management regarding the Webshop is governed by the applicable European and Hungarian legislation, including especially the provisions of GDPR and the Info Act. Any dispute between you and THERAINCOAT shall be submitted to the competent Hungarian courts.
Communication, engagement and actions taken through external social media platforms that THERAINCOAT participates on (such as Facebook, Instagram or YouTube) are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively. The Webshop may use social sharing buttons which help share web content directly from the Webshop to the social media platform in question. Before using such social sharing buttons, please note that you do so at your own discretion and the social media platform concerned may track and save your request to share a web page respectively through your social media platform account.