Introduction

This Privacy Policy describes the activities of Still Design Hungary Kft. (hereinafter referred to as the “Data Controller”) in relation to the processing of personal data.  You will be informed about what personal data we process, for what purposes and on what legal basis, for how long, who can access the personal data processed, who can access them, and we will provide you with detailed information about your rights in relation to data processing.

How do we handle personal data ?

Still Design Hungary Kft. processes the information (e.g. personal identification data, contact details, etc.), i.e. personal data, that comes to its knowledge in the course of its activities, relating to a natural person in accordance with the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation – GDPR) and the applicable Hungarian data protection legislation.

If you have a question that is not clear from this notice, please contact us and we will answer it. Although Still Design Hungary Kft. is committed to providing the highest quality of service, we cannot be held liable for any damages resulting from the use of this system.

Information on data processing not detailed in this notice will be provided at the time of data collection.

Pursuant to Article 6(3) of the Data Protection Act and Article 8(1) of the GDPR, the consent or subsequent approval of the legal representative is not required for the validity of the legal declaration containing the consent of a minor aged 16 or over, and the consent of the person having parental authority over the child is required for the validity of the legal declaration containing the consent of a minor under the age of 16. Still Design Hungary Kft. does not process data of minors, however, during an online contact (e.g.: contact via the site by email) it is not possible to verify the consent, therefore the user is responsible for its correctness.

Still Design Hungary Kft. selects and operates the IT tools used to process personal data in the course of providing the service in such a way that the processed data:

– is accessible to the authorized persons (availability);

– its authenticity and authenticity are ensured (authenticity of data processing);

– its integrity can be verified (data integrity);

– is protected against unauthorised access (data confidentiality).

– ensure appropriate data backup of IT data and the environment, operated with the necessary parameters based on the retention period of each data item, thus guaranteeing the availability of the data within the retention period and permanently destroying it at the end of the retention period.

This privacy notice governs the processing of the following page:

www.sdhacrylic.com

Data controller and contact details:

Name: still Design Hungary Kft.

Location: 2142 Nagytarcsa, Alsó Ipari Boulevard  8. E building. 10.

Tax number: 13362289-2-13

Company registration number: 13-09-209433

Represented by: Zoltán Varga, Managing Director

E-mail:  info@sdhacrylic.com

Data processors:

  • – Administrator
  • Name: Róbert Fekete EV.
  • 1119 Budapest, Etele street 69. 10/90.
  • No: 38015880
  • – Website operator
  • Name: MediaCenter Hungary Kft.
  • Registered office: 6000 Kecskemét, Sosztakovics str.3. II/6.
  • Company registration number: 09-09-114492
  • – Domain provider
  • Name: MediaCenter Hungary Kft.
  • Registered office: 6000 Kecskemét, Sosztakovics str.3. II/6.
  • Company registration number: 09-09-114492
  • – Accounting service
  • Name: Sommer accountancy Office
  • Registered office:8800 Nagykanizsa, Damjanich street 3. 1
  • Company registration number: 20-09-071-223
  • – Delivery of products, transport
  • Name: PMP Express Logisztikai Ltd.
  • Registered office: 4030 Debrecen, Békés street 3.
  • Company registration number: 09 09 020200
  • -Act of data processing, scope of data processed: delivery name, delivery address, telephone number, e-mail address.
  • -Data subjects: all data subjects requesting home delivery.
  • -Purpose of the processing: delivery of the product ordered.
  • -Duration of processing, deadline for deletion of data.
  • -Legal basis for processing: Article 6(1)(b) GDPR.
  • – 6.1.1.1.1.1.1 Storage provider
  • Name: MediaCenter Hungary Kft.
  • 6000 Kecskemét, Sosztakovics str.3. II/6.
  • Company registration number: 09-09-114492

-Act of processing, scope of data processed: all personal data provided by the data subject.

-The data subjects: all data subjects using the website.

-Purpose of the processing.

-Duration of processing, time limit for deletion of data.

-Legal basis for processing: Article 6(1)(c) and (f) GDPR and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

Use of cookie(s)

A cookie is a series of signals, information files, which are placed on a user’s device by service providers to allow a website to record information about a user’s browsing habits (for example, to store user preferences and settings; to help with login; to display personalised ads and to analyse the performance of the website). However, the sequence of signals stored in a cookie is only capable of recognising the user’s computer and cannot identify the user individually.

The content of cookies is securely protected against access by third parties by means of a high level of encryption. Cookies used on the Still Design Hungary Kft. website do not contain viruses and do not cause any damage to your computer.

We inform our users that the use of cookies operated by our website is in compliance with Act C of 2003 on electronic communications (“Eht.”) and Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (2016. Therefore, on the first visit to the website of Still Design Hungary Kft., at the bottom of the screen, you will find a notice that Still Design Hungary Kft. uses cookies and a link to this information. The user can consent to the use of cookies by clicking on the “YES” button. In the absence of consent, or in the event of withdrawal of consent previously given, our website will not place cookies on the user’s device

Session cookie:

This cookie is only created for the duration of your visit and is automatically deleted after the visit. It is used to make our website more user-friendly and secure. It is a private cookie based mainly on session identifiers, which expires at the latest when the session is closed (temporary, lasting a few hours). It tracks user data input, for example when filling in online forms or shopping with a virtual shopping cart. This cookie is strictly necessary for the service provider to provide an information society service explicitly requested by the user and is linked to the user’s activity (such as filling in a form or pressing a button).

Validity: until the end of the session or for a shorter period, according to the table below.

The following session cookies are set on the website:

Name of the cookieCookie function, brief description, purpose of data processingCookie lifetime, validityData accessed and processed by Cookie
GDPR Cookie Consentlogical value cookie, checks whether the visitor’s browser has (JavaScript) supportWhen you close the session on the website, the session cookie is deleted.No personal data relating to the user is recorded, only the data and activity that occurs during a session on the website.
GDPR Cookie Consentstores whether the “Yes” button on the cookie banner has been pressed by the user before100 daysNo personal data relating to the user is recorded, only the data and activity that occurs during a session on the website.

External cookie

During the use of this website, 3rd party cookies may be placed on the user’s device to facilitate the sharing of content on social networking sites or to provide visitor statistics. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user’s current visit to previous visits to the websites where the third party’s cookie is used.

Google Analytics

Independent measurement and auditing of our website’s traffic and other web analytics data is supported by external servers (www.google.com/analytics/). For more information about the data management by the external cookies used by Google, please visit http://www.google.com/intl/hu/policies.

The following third party service providers have placed the listed cookies on the website:

Name of external service providerName of the cookieCookie function, brief description, purpose of data processingCookie lifetime, validityData accessed and processed by Cookie 
Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043 USA) www.google.com/analytics To distinguish users2 yearsUser’s IP address, website path, time and duration of browsing, performance metrics of pages visited. 
  Block specific incoming requests1 minute  
  To distinguish users24 hours  
      

Processing, legal basis, duration, controller, data subject’s rights

  • Legal basis for data processing when using cookies:

the data subject’s voluntary consent, given by active, active behaviour by clicking on the “YES” button when the short information about the use of cookies is displayed.

  • Duration of data processing when cookies are used:

By way of derogation from the above tables

  • In connection with the use of cookies, you are entitled to data processing on the website:

MediaCenter Hungary Kft. (registered office: 6001 Kecskemét, Sosztakovics u.3. II/6.)

Company registration number: 09-09-114492). The data can be accessed by MediaCenter Hungary Kft. and its data processors.

  • – Rights of the data subject:
  • The data subject may request access to personal data relating to him or her, rectification, erasure or restriction of processing of his or her personal data, and may withdraw his or her consent to processing at any time. Still Design Hungary Kft. (registered office: 1214 Budapest, Merkúr utca 4.fszt.2.; Cg.01-09-731398) shall respond to the data subject’s requests without undue delay, but no later than one month from the receipt of the request, and shall give reasons for its decision if it does not comply with any request made by the data subject. Data subjects have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., phone: +36 (1) 391-1400, fax: +36 (1) 391-1410, email: ugyfelszolgalat@naih.hu, website: www.naih.hu).

Handling cookies

– You can delete the cookie from your computer or disable the use of cookies in your browser. You can usually manage cookies by going to the Tools/Preferences menu of your browser and selecting Privacy/Preferences/Custom Settings, and then selecting the cookie, cookie or tracking option.

    – Enabling cookies is not strictly necessary for the site to work, but it does improve your browsing experience and performance. You can delete or disable these cookies, but if you do so, certain features of the site may not function as intended.

    – The information stored by cookies is not used to identify you and the sample data is entirely under our control. The information stored by cookies is used only for the purposes described here.

    – If you do not wish to receive certain types of cookies, you can set your browser to prevent the setting of a unique identifier or to warn you when the website wishes to send you a cookie. 

    – To learn more about these features and to fine-tune your cookie settings, please refer to the instructions or help screen of your web browser, or use the link below to turn on and off online behavioural advertising from each service provider:

    – http://www.youronlinechoices.com/hu/ad-choices  

Help on setting cookies:

    – Chrome: https://support.google.com/accounts/answer/61416?hl=hu ,

    – Edge: Settings -> Advanced settings -> Cookie -k (“Enable cookies” / “Block all cookies” / “Block only external cookies” or: F12 – Troubleshooting – Cookies

    – IE11: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies ; https://support.microsoft.com/hu-hu/help/260971/description-of-cookies

    – Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

Definitions of terms

  • – controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;
  • – processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • – ‘processing’ means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • – personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • – recipient: a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
  • – consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
  • – a personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles governing the processing of personal data

Personal data:

– The processing must be lawful, fair and transparent for the data subject (“lawfulness, fairness and transparency”);

    – collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the original purposes in accordance with Article 89(1) (‘purpose limitation’);

    – the processing must be adequate, relevant and limited to what is necessary for the purposes for which it is intended (‘data minimisation’);

    – be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay (‘accuracy’);

    – it must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects (‘limited storage’);

    – processing must be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (‘integrity and confidentiality’), by implementing appropriate technical or organisational measures.

    – the controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

Contact through the website

The purpose of data processing is to provide Still Design Hungary Kft. with the opportunity to contact persons who wish to receive information about the services of the data controller via e-mail through the website.

If the controller intends to use the personal data it processes for a purpose other than the one specified above, it will inform the data subjects of the other purpose and of any other relevant additional information in the usual local way before the processing for the other purpose.

Legal basis and duration of processing, scope of data processed 

The legal basis for processing is the prior and voluntary consent of the data subject. However, in case of failure to provide data and consent, no contact is possible.

The processing takes place from the time of contact until the consent is withdrawn or the purpose ceases to exist.

The data controller processes the following data in connection with the contact:

  1. surname and/or first name
  2. e-mail address

The data controller will only transfer the data subject’s data to third parties on the basis of the data subject’s prior written consent or in the case of a legal obligation.

The data subject may request access to, erasure, modification or restriction of the processing of personal data, data portability or objection to processing in the following ways:

by e-mail: info@sdhacrylic.com

Complaints handling

The fact of collection, the scope of the data processed and the purpose of the processing:

Personal dataPurpose of data processing
Surname and first nameIdentification, contact.
E-mail address Identification, contact.
Billing name and addressIdentifying, handling quality complaints, questions and problems with the products ordered.

Stakeholders:

All data subjects who complain on the website.

The data subjects who have submitted their data:

Copies of the record, transcript and reply to the objection will be kept for 5 years.

The identity of the potential controllers of the data, the recipients of the personal data:

The personal data may be processed by the staff of the controller, in compliance with the above principles.

Description of the data subjects’ rights in relation to data processing:

The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her and object to the processing of such personal data, and the data subject has the right to data portability and the right to withdraw consent at any time.

The data subject may request access to, erasure, rectification or restriction of the processing of personal data, data portability and object to processing in the following ways:

by e-mail: info@sdhacrylic.com

Legal basis for processing:

Article 6(1)(c) GDPR.

Please note that the provision of personal data is based on a contractual obligation.

The processing of personal data is a precondition for the conclusion of the contract.

Failure to provide the data will result in our inability to deal with your complaint.

Social networking sites

The fact of data collection, the scope of data processed: the name registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc. social networking sites, and the user’s public profile picture.

Data subjects: all data subjects who have registered on Facebook/Instagram etc. and have “liked” the website.

The purpose of the data collection: to share or “like” and promote certain content, products, promotions or the website itself on social networking sites.

The duration of the processing, the time limit for the deletion of the data, the identity of the possible controllers of the data and the rights of the data subjects in relation to the processing of the data. The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.

Legal basis for processing: the data subject’s voluntary consent to the processing of his or her personal data on social networking sites.

Customer relations and other data management

If the data controller has any questions or problems when using our services, the data subject can contact the data controller using the methods provided on the website (telephone, e-mail, postal address).

The data controller will delete the data provided in e-mails, messages, telephone calls, etc. received, together with the name and e-mail address of the interested party and any other personal data voluntarily provided, after a maximum of 2 years from the date of the communication.

Any processing of data not listed in this notice will be notified at the time of collection.

In exceptional cases, the Service Provider is obliged to provide information, data or documents in response to a request from a public authority or other bodies authorised by law.

In these cases, the Service Provider shall only disclose personal data to the requesting party – provided that the latter has indicated the precise purpose and scope of the data – to the extent and to the extent that is indispensable for the purpose of the request.

Deadline for taking action

The controller shall inform you of the action taken on such requests without undue delay and in any event within 1 month of receipt of the request.

If necessary, this may be extended by 2 months. The controller shall inform you of the extension, stating the reasons for the delay, within 1 month of receipt of the request.

If the controller does not take action on your request, it shall inform you without delay and at the latest within one month of receipt of the request of the reasons for its failure to act and of your right to lodge a complaint with a supervisory authority and to seek judicial remedy.

Informing the data subject about the personal data breach

Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the personal data breach without undue delay.

The information given to the data subject shall clearly and prominently describe the nature of the personal data breach and provide the name and contact details of the data protection officer or other contact person who can provide further information; describe the likely consequences of the personal data breach; describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

The data subject need not be informed if any of the following conditions are met:

the data controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;

the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;

the provision of information would require a disproportionate effort. In such cases, the data subjects shall be informed by means of publicly disclosed information or by means of a similar measure which ensures that the data subjects are informed in an equally effective manner.

Where the controller has not yet notified the data subject of the personal data breach, the supervisory authority may, after having considered whether the personal data breach is likely to present a high risk, order the data subject to be informed.

Reporting a data protection incident to the authority

The data protection incident shall be notified by the controller to the supervisory authority competent under Article 55 without undue delay and, where possible, no later than 72 hours after the data protection incident has come to its attention, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.

Rights and remedies of the data subject in relation to data processing

Rights

Withdrawal of consent

Data subjects are entitled to withdraw their consent to the processing at any time during the period of processing, but the withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent before the withdrawal.

Access

The data subject has the right to receive feedback from the Data Controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:

  1. a) the purposes of the processing;
  2. b) the categories of personal data concerned;
  3. c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
  4. d) where applicable, the envisaged duration of the storage of the personal data or, if this is not possible, the criteria for determining this duration;
  5. e) the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
  6. f) the right to lodge a complaint with a supervisory authority;
  7. g) where the data have not been collected from the data subject, any available information concerning their source.

Correction

The data subject shall have the right to obtain from the Data Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data based on the legitimate interests of the Controller. In such a case, the Controller may no longer process the personal data, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Cancellation and restrictions

The data subject shall have the right to obtain from the Data Controller the erasure of personal data relating to him or her without undue delay and the Data Controller shall be obliged to erase personal data relating to him or her without undue delay if one of the following grounds applies:

  1. a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. b) the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
  3. c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
  4. d) the personal data have been unlawfully processed;

(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

  1. f) the personal data were collected in connection with the provision of information society services directly to children.

The above provisions shall not apply where the processing is necessary:

– for the exercise of the right to freedom of expression and information;

– to comply with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it; or

– for the establishment, exercise or defence of legal claims.

The data subject shall have the right to obtain, at his or her request, restriction of processing by the controller where one of the following conditions is met:

  1. a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
  2. b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
  3. c) the Controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  4. d) the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.

Where processing is subject to restriction, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The Data Controller shall inform the data subject at whose request the processing has been restricted in advance of the lifting of the restriction.

Data portability

The data subject shall have the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data, if:

  1. a) the processing is based on consent or on a contract; and
  2. b) the processing is carried out by automated means.

In exercising the right to data portability, the data subject has the right to request, where technically feasible, the direct transfer of personal data between controllers.

Please note that if it is not technically feasible for the data subject to receive the data, the right to data portability cannot be exercised.

Legal remedies

Data subjects may lodge a complaint with the National Authority for Data Protection and Freedom of Information in the event of a breach of the law on the processing of personal data:

Name: National Authority for Data Protection and Freedom of Information

Headquarters.

Postal address: 1374 Budapest, Pf. 603.

Email: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

In addition, data subjects may initiate legal proceedings against the Controller or its data processors before the courts of the place of residence or domicile of the data subject, at their choice.

Effective 25 May 2018.

Amended 15 October 2020.