Maform Kft. (further on referred to as the Provider) handles data of visitors and registered users (further on referred to as the Concerned) when operating on the website www.paqchair.hu and www.maform.hu (further on referred to as the Website).
In connection with data management, the Provider hereby informs the Concerned about the personal data on the Website handled by them, principles and practice of data management as well as ways and possibilities of practicing rights of the Concerned.
1. The purpose of data management
The Provider only stores and handles data provided by the Concerned for specific purposes: fulfilling the contract, enabling invoicing, delivery of products and to later prove the conditions of the accepted contract.
The purpose of automatically stored data is making of statistics and improvement of the IT system.
The Provider shall and may not use the provided personal data for purposes other than stated above. Providing any third party or the authorities with personal data is only possible with the prior and expressed consent of the Concerned, unless there is a legally binding law with a different ruling.
In every case when the Provider wishes to use the provided data for purposes other than the original data collection, the Provider shall inform the Concerned about it, and acquire their prior and expressed consent, or provides them with the opportunity to ban the usage of the data.
2. The legal ground of data management
Data management is done on voluntary declaration of the users of the Website, which is based on sufficiently provided information. This declaration includes the expressed consent of the Concerned so that their personal data be used during the usage of the Website.
Data management by the Provider is done in accordance with Act CXII of 2011(further on referred to as Info Act) on Informational Self-determination and the Freedom of Information, Section 5 point (1) a) on the basis of the voluntary consent of the Concerned "Personal data may be processed under the following circumstances: a) when the data subject has given his consent" and on the basis of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
The Provider shall not inspect the validity of the provided personal data. The validity of the provided personal data is the sole responsibility of the person providing them; the Concerned party of the contract. Upon providing their e-mail address, they shall take responsibility that only they use the service from the given e-mail address. With regards to this responsibility, all kinds of responsibility in connection with the entries from that e-mail address shall lie upon the Concerned who registered that e-mail address.
3. Naming the Provider as data manager
Company name: Maform Kft.
Seat, mailing address: 1116 Budapest, Hauszmann Alajos utca 2.
Tax number: HU14600270-2-43
Company registry number: 01-09-181322
Registering Court: Budapest Metropolitan Court as Court of Registration
Data protection registry number: NAIH-83634/2015. NAIH-84482/2015
Data of webspace provider: FoxyCart
USA, Houston, TX 77008-3642, 538 W 21st St #56961
4. Time span of data management
Data management of the data provided compulsorily upon registration begins at registration and lasts until its deletion. In the case of non-compulsory data, data management lasts from the providing of the data until the deletion of the given data upon request. Deletion of registration may be done at any time after sending a request for deletion. After receiving the request, the Provider shall delete the personal data from its system.
The logged data – besides the date of the last visit, which is automatically overwritten – is stored for 12 months from the date of logging.
The above provisions do not affect the fulfillment of storing obligations stated in legislations (such as accounting legislations) or the data management based on further consents given during the registration to the Website or any other way.
5. The scope of managed personal data
Registration and data provided during ordering
To order on the Website, the Concerned is to fill out an ordering form, during which they are to provide compulsorily the following pieces of information for the provider to be able to fulfill the order:
- Last name,
- First name,
- E-mail address,
- Delivery information,
- Billing information (if it is not the same as that of the Delivery information)
The data of the computer owned by the Concerned logging in which are generated while using the service and which are recorded by the system of the Provider as an automatic result of the technical processes. These are specifically the date and time of the visit, the IP address of the Concerned user's computer, the type of web browser, and the address of the previously visited website.
Data recorded automatically are automatically logged (i.e. recorded) upon entering and logging out of the Website without particular declaration or action of the Concerned. These pieces of information cannot be connected to any other personal user's data, unless in cases legally binding by law. These pieces of information are only accessible to the Provider.
The HTML code of the Website may include references (links) independent from the Provider, coming from or pointing to external servers. The providers of these links, due to the direct connection to their servers, are able to collect user information.
External servers help the independent measuring and auditing of data of attendance and other web analytics of the Website (Google Analytics). The data managers can provide the Concerned with information about the management of measuring data. They can be contacted at: www.google.com/analytics/
The Provider or the indicated external providers place and read back so-called "cookies" on the computer of the Concerned for the sake of customized service. If the web browser sends back a previously saved cookie, the provider handling the cookie has the ability to connect the data saved during the current visit of the Concerned with those of the previously saved ones, but only for the sake of their own content.
The "Help" function, found in most browsers' menu bar, provides information about to how the Concerned can
− disable cookies,
− accept new cookies,
− set their browser to run a new cookie set, or
− switch off other cookies.
If the Concerned does not want Google Analytics to measure the above data in the described way and for that purpose, they should install the extension blocking it in their browser.
In the case of signing up for the newsletter, the Concerned must give their full name to the Provider.
The newsletter includes direct marketing elements and advertising. During the use of the newsletter service, the Provider uses the information provided by the Concerned.
6. The scope of persons receiving the data, data transmission and data-processing
Primarily the provider and internal employees of the Provider are entitled to come to know the data; however, they shall not be published or given to any third party.
The Provider may hire a data processor (such as a system operator, a transportation company or an accountant) in the scope of fulfilling the orders or settling the accounts. The Provider is not responsible for the data management routine of these external actors.
Name of data managers:
Name: Magyar Posta Zrt.
Seat: 1138 Budapest, Dunavirág utca 2-6.
E-mail address: email@example.com
Activity: courier service
Name: Motivus Kft
Seat: 1116 Budapest, Hauszmann Alajos utca 2.
E-mail address: firstname.lastname@example.org
Name: Számlázz.hu, operated by KBOSS.hu
Seat: 2000 Szentendre, Táltos u. 22/b
E-mail address: email@example.com
Activity: e-invoice issuer
Data of the webspace provider:
Seat: United States of America, Houston, TX 77008-3642, 538 W 21st St #56961
E-mail address: firstname.lastname@example.org
Beyond the above, data transmission of personal information about the Concerned may only be done based on the consent of the Concerned or in cases legally binding by law.
7. Rights of the Concerned and legal enforcement options
7.1 The right to information
The Concerned shall be entitled at any time to request information about personal data regarding them managed by the Provider. Moreover, the Concerned can modify any piece of personal information, except the e-mail address provided during the registration, at any time in their account on the Website.
The Provider shall give information upon request from the Concerned about personal data about concerning/regarding the Concerned, the purpose of data management, its claim legal ground, time duration and that who will receive or have received their data and for what purpose. The Provider shall give the requested information in writing within 30 days after from the date of submitting the request.
The Concerned may turn to the employee of the Provider in connection with any question or observation remark about data management using the below given contact information.
7.2 The Concerned may request the deletion, correction or blocking of their data
The Concerned shall be entitled to request the correction or deletion of the incorrectly recorded data at any time using any of the below given contact information. The Provider shall delete them within 5 working days after from the receipt of the request; in this case, the data will not be recoverable. The deletion does not apply to data management necessary by legislation (such as accounting rules); those shall be kept preserved by the Provider for as long as necessary.
Furthermore, the Concerned may request the blocking of their data. The Provider shall block the personal data if the Concerned requests this or if it can be assumed by on the basis of the available information that the deletion would violate the rightful interests of the Concerned. The personal data blocked in this way may only be managed as long as the data management purpose which ruled out the deletion of the personal data is valid.
The Concerned and all those to whom the data was transmitted to for data management earlier must be informed about the correction, blocking or deletion. The notification may be omitted if it does not violate the rightful interest of the Concerned in point view of the purpose of data management.
If the data manager does not fulfill the request of the Concerned for correction, blocking or deletion, the Provider shall state give them written information about the factual and legal reasons for the refusal of the request for correction, blocking or deletion within 30 days after from receiving the receipt of the request, in writing.
7.3 The Concerned may object against managing of their personal data
The Concerned may object against managing of their personal data. The Provider shall examine the objection within the shortest possible period of time, but a maximum of 15 days, after from its submission, then and makes a decision about its grounding if it is well-founded, and informs the petitioner in writing.
The Concerned may exercise their rights at the contacts using the contact information indicated in point 3:
7.4 The Concerned may enforce their rights, based on the Information Act and the Civil Code (Act V of 2013), by turning to
1. Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu) or 2. a court.
If the Concerned, in order to use the service, provided the information of a third party during the registration or caused any damage while using the Website, the Provider is entitled to ask the Concerned for compensation. In such a case, the provider shall give all possible help to the acting authorities so that they can determine the identity of the wrong-doer.
8. Using the e-mail addresses
The Provider shall pay particular attention to the legality of the use of e-mail addresses managed by them, so they only use them to send (information or advertisement) e-mail messages in ways defined as follows.
The management of e-mail addresses is primarily for identifying the Concerned and keeping contact during fulfillment of orders and using the services, so e-mails will primarily be sent to this effect.
9. Data safety
The Provider engages itself to ensure the security of the data and to take the technical measures that ensure that the recorded, stored, and treated data be protected, and shall do everything in order to prevent their destruction, unauthorized use or unauthorized change. They also engage themselves to call any third party to whom may forward or transfer the data to fulfill their obligations of this sort/kind.
10. Other terms
The Provider reserves the right to unilaterally modify the present Privacy Notice after prior notification of the Concerned. After the modification comes into effect, the Concerned accepts the content of the modified Privacy Notice by the use of the Website as an implied conduct.
The present Privacy Notice is valid from 2015.03.24.