Starfol Plusz KFT considers it important to respect your rights to the protection of your Personal Data and your right to information self-determination. We will take any due measures to handle the personal information you provided safely, with particular reference to Act CXII of 2011 on Information Self-Determination and Freedom of Information (hereinafter "Info Act").
Our goal is to ensure that all individuals, irrespective of their nationality or place of residence, are guaranteed respect for their rights and fundamental freedoms, in particular their right to privacy in the machine processing of their Personal Data, in all areas of the services provided by Starfol Plusz KFT.
Data Protection Registration Number of the Service Provider (in progress): NAIH-
Data that can be specified on the basis of the User's decision: e-mail address, telephone number, name, place of residence, place and date of birth, product category purchased by the User upon order, method of acceptance and payment applied by the User.
The Legal Grounds, Purpose and Methods of Data Processing
Data Processing is based on a voluntary statement by Users of the Internet content on the www.yama.hu website, which contains the explicit consent of the Users to the use of their Personal Data disclosed during the use of the Site. The legal basis for Data Processing is the voluntary contribution of the Data Subject pursuant to (5) (1) (a) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.
The purpose of Data Processing is to provide the services available under the www.yama.hu website.
The Data Controller shall not use the Personal Data provided for purposes other than those described above. The release of Personal Data to third parties or authorities, unless otherwise provided by law with binding force, is only possible with the User's prior and express consent.
The Data Controller does not verify the Personal Data provided to them. Only the person providing the data is responsible for the accuracy thereof. Any User providing an e-mail address shall also assume responsibility for their exclusive use of the e-mail address for receiving services. With regard to this liability, any liability related to entries made with the provided e-mail address shall be the sole responsibility of the User who registered the e-mail address.
Principles of Data Processing
Personal Data may only be obtained and processed fairly and lawfully.
Personal Data may only be stored for specified and legitimate purposes and may not be used otherwise.
The method of storing Personal Data must be done in a way that the identification of the affected User is only possible for the time necessary for the purpose of storage.
Appropriate security measures must be taken to protect Personal Data stored in automated files in order to prevent accidental or unlawful destruction or accidental loss and unauthorised access, alteration or distribution.
Applied Data Protection Policy
The Company shall use the Personal Data essential for the use of the services of the Company based on the consent of the affected parties and exclusively for a purpose.
The Company, as Data Controller, undertakes to process the data received in accordance with the Data Protection Act and the Data Protection Policy set forth in these Regulations and not to pass them on to third parties.
The Company may in certain cases - due to an official request by the court or the police, a legal proceeding of copyright, property or other infringements or reasonable grounds of these, harm to the Company's interests, endangering the provision of its services, etc. - make the data of the User concerned available to third parties.
Prior to collecting, recording, and processing any Personal Data of the User, the Company undertakes to send clear, noticeable and unambiguous communication informing the User of the methods, purposes and principles of data collection. In addition, in all cases where data collection, processing and recording is not required by legal provisions, the Company draws the User's attention to the voluntary nature of the provision of data. In the case of mandatory data provision, the law ordering Data Processing shall also be indicated. The Data Subject shall be informed of the purpose of the Data Processing and of who will manage or process the Personal Data. Information about Data Processing is also provided by the fact that the law provides for the transfer of data from existing Data Processing or by linking the data.
In all cases where the Company intends to use the Personal Data provided for purposes other than the purpose for which it was originally collected, it shall inform the User thereof, and obtain the Customer's prior and express consent to it, or give the User the opportunity to prohibit the use.
The Company, as a Data Controller, in all cases observes the restrictions established by the law in the course of collecting, recording and processing the data, and informs the Data Subject of its activities by electronic mail at their request. The Company commits itself to refrain from imposing any sanctions on any User who refuses to provide non-mandatory data.
The Company commits itself to ensure the security of Personal Data, to take technical and organisational measures, and to establish procedural rules that ensure that Personal Data collected, recorded, or processed are protected or prevented from being destroyed, used or changed by unauthorised persons. The Company also commits itself to calling upon any third party to whom Personal Data may be transferred to fulfil their obligations in this regard.
Duration of Data Processing
Processing of Personal Data provided by the User will be maintained until the User, with the related User Name, unsubscribes from the Service. The date of erasure is 15 business days from the date of the User's unsubscription. In the case of unlawful, misleading use of Personal Data, crime committed by the User or an attack on the system, the Data Controller shall have the right to immediately erase the User's data at the same time as the termination of the User's registration; additionally, in case of suspicion of a crime or civil legal liability, the Company is also eligible to retain the Personal Data for the duration of the proceedings.
Personal Data provided by the User - even if the User does not unsubscribe from the Service - may be processed by the Company as a Data Controller until the User expressly requests stopping the processing of the Data in writing.
Ordering with Personal Information
Requests for changes in Personal Data or the erasure of Personal Data may be communicated by an express written statement in an email sent via the internal mailing system of the service. Unsubscription from sending newsletters shall be done by modifying the settings on the user interface on the website.
Once the request for erasure or modification of Personal Data has been completed, the previous (deleted) data will no longer be recovered.
The Company may use a Data Processor to ensure the continuous and proper functioning of the website, fulfilment of orders, and other activities closely related to the provision of webshop services, for example to deliver parcels:
GLS Magyarország Kft.: 2351 Alsónémedi, GLS Európa u. 2.
Rights of Users in Relation to Their Personal Data Processed by the Data Controller
Users will be able to request information from the Company as Data Controller about processing their Personal Data at any time in writing by registered mail or by mail with postal receipt sent to the address of the Data Controller (STARFOL Plusz KFT, 9600 Sárvár, Várkerület 26.) or by e-mail sent to email@example.com. A request for information sent by e-mail is considered authentic by the Data Controller only if it is sent from the registered e-mail address of the User.
The request for information may include the User's data processed by the Data Controller, their source, the purpose of the Data Processing, its legal basis and duration, the name and address of any Data Processor, the Data Processing Activities, and, in the case of transferring the Personal Data, to whom and for what purpose the Data of the User was or will be transferred to.
The Data Controller shall be obliged to provide information on the Data Processing issue in writing as soon as possible and at the latest within 30 days. In the case of an e-mail, the date of receipt shall be the first working day following the sending.
The User affected and all those to whom the data was previously transferred to for the purpose of Data Processing shall be informed of correcting, blocking, and erasing the Personal Data processed. Notification may be omitted if it does not violate the legitimate interest of the Data Subject with respect to the purpose of Data Processing.
The User may Object to Data Processing of Their Personal Data
if the processing or transfer of Personal Data is required solely to fulfil the legal obligation of the Data Controller or the legitimate interests of the Data Controller, the Receiver of the Personal Data or a third party;
if the use or transmission of Personal Data is for direct marketing, opinion polling or scientific research; as well as
in other cases otherwise provided by law.
Pursuant to the Info Act and Act V of 2013 (Civil Code), remedies of the User shall be exercised before court of law, in addition to requesting assistance with any Personal Data related issues from Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information) (1125 Budapest Szilágyi Erzsébet fasor 22/C; postal address: 1530 Budapest, Pf. 5). In addition, any data controlling issues or comments may be addressed to co-workers of the Data Controller at firstname.lastname@example.org e-mail address.