Privacy Policy

Data processing notice of the nonplusz.hu website

The present ‘Notice’ is based on EU regulation 2016/679 (‘GDPR’) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1. PREAMBLE, recitals

The present Notice has been prepared and issued by ‘Nonplusz Fashion Ltd. (Kft.)’ (‘Data Controller’), in order to duly inform, with regard to the data processing detailed below and in accordance with Article 13 GDPR, the data subjects of the processing of their data and the rights they are entitled to with regard to the data processing.

The personal data the Data Controller became aware of is processed by it in compliance with the legal provisions in effect at the given time, including, but not limited to, the provisions of the GDPR, and of Act CXII of 2011 on the right of informational self-determination and on the freedom of information (‘Infotv.’).

2. Name and contact details of the data controller and of its representative

Based on Article 4 Point 7 GDPR, the data of the Data Controller with regard to the data processing in question are the following:

Nonplusz Fashion Korlátolt Felelősségű Társaság / Private Limited Company

3. NAME AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER

dr. Firtkó Tibor attorney-at-law

4. the data processed, the purpose and the legal basis of the data processing, the source of the data

    With regard to the data processing mentioned in the present Notice, the Data Controller processes the personal data of the data subjects (‘Personal Data’) for the following purpose and based on the following legal basis:

    #

    Data processing operation

    The purpose of the data processing

    The data processed

    Legal basis

    Source of the data

    1.

    Collecting and processing data necessary for maintaining contact and for the performance of the transaction between the Parties

    The purpose of the processing of personal data is the delivery of the products chosen by the data subject and the fulfilment of the related payment obligation and warranty obligations, if any. Including, but not limited to, facilitating efficient communication between the Data Controller and the customer, communicating with regard to the transaction.

    The Data Controller processes only that personal data which is necessary for maintaining contact with the customer, and for the delivery of the products, and for the fulfilment of the related payment obligation and warranty obligations, if any, and with which data the Data Controller is provided only by the data subject. Accordingly, no data except for the name of the data subject, their telephone number and e-mail address, billing address, delivery address, and payment details (bank card data)./span>

    The legal basis of the data processing: Article 6 (1) point b) GDPR, that is, the performance of a ’contract’ between the Parties, and/or steps taken by the Data Controller, at the request of the Data Subject, prior to the conclusion of the transaction between the Data Controller and the data subject.

    The Personal Data may be acquired only from the given data subject.

    5. THE RECIPIENTS OF THE DATA, THE CATEGORIES OF THE RECIPIENTS

    The personal data indicated in section 4 of the Notice are transferred, based on the engagement by the Data Controller, to Shopify International Limited, are managed and operated by the webshop software of this company, and the registered office of this company is at 2nd Floor 1-2 Victoria Buildings Haddington Road Dublin 4, D04 XN32, Ireland, and/or to OTP MOBIL Simplepay, as detailed in the general terms and conditions. The business entities mentioned are also necessarily Data Controllers with regard to the personal data of the data subjects.

    Concerning the marketing activity of the Data Controller, other necessary Data Controllers with regard to the personal data processed by the Data Controller:

    Data processors: TWe would like to inform the data subjects that, at the time of the issuing of the present notice, the Data Controller has not engaged any data processor with regard to the processing of the personal data in question, however, the group of data processors may vary. The up-to-date list of data processors at any given time is to be accessible on the website of the Data Controller.

    The Data Controller may transfer the personal data in question to the following third parties:

    • authorities (e.g. consumer protection authority, MEKH, police etc.)
    • courts
    • public prosecution authorities

    6. DATA SECURITY MEASURES

    Only the authorised experts managing the case may access the data stored electronically, and the documents, for the purpose of performing the consultancy service (access system). Access is granted in a regulated and recorded manner. The access granted is regularly reviewed.

    7. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA OR TO AN INTERNATIONAL ORGANISATION

    No data is transferred outside the European Union / European Economic Area or to any international organisation.

    8. PERIOD OF THE DATA PROCESSING

    The Data Controller processes the Personal Data in its own database for the period of the purpose of the data processing indicated in section 4, but by no later than

    • the expiration of the period available for the assertion of claims related to the Legal Relation (six months from the date of purchase),
    • the assertion of claims related to the Legal Relation.

    Subsequent to the expiry of the period above, the Data Controller erases the Personal Data. The Data Controller is also obliged to erase the personal data referred to in the present section if the data subject duly requests so in accordance with the relevant legal basis.

    The party requesting the offer informs the data subjects that their Personal Data are processed by the Shopify International Limited webshop in accordance with its own data processing policy.

    9. RIGHTS OF THE DATA SUBJECT

    We grant the data subject the following rights with regard to the processing of the Personal Data defined in the Notice:

    • Right of access;
    • Right to receive information;
    • Right to rectification;
    • Right to erasure;
    • Right to restriction of processing;
    • Right to data portability;

    Each right of the data subjects is detailed below:

    9.1. Right of access and right to receive information

    Upon the request of the data subject, the Data Controller informs them whether their data are being processed. If so, then the Data Controller, in addition to granting access, informs the data subject of the categories of the data processed, the purpose of the data processing, the recipients of the data processing, or the categories of the recipients, the period for which the data are stored, or the criteria used to determine that period, the manner in which the rights of the data subject may be exercised, the right to submit a complaint to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), the source of the data, and of the existence of automated decision-making, including profiling. In the event that data is transferred outside the European Union and/or the European Economic Area, the data subject is also informed of the appropriate safeguards related to the transfer of data.

    9.2. Right to rectification

    The data subject is entitled to request the rectification of their data from the Data Controller if the data are inaccurate.

    If the rectification of the Personal Data processed by the Data Controller is necessary, then the data subject may request, in writing (by post or via e-mail), the rectification of the data; the correct data must also be provided.

    The data subject is obliged to notify the Data Controller of any change in any of their Personal Data processed by the Data Controller, in writing (by post or via e-mail) and without delay, but no later than within 5 days from the date of the change. The data subject at fault is liable for any damage incurred by the Data Controller due to any failure to give such notice or due to any delay in giving such notice.

    9.3. Right to erasure

    The data subject is entitled to have the Data Controller erase, upon the request of the data subject and without undue delay, the personal data concerning the data subject, and the Data Controller is obliged to erase, without undue delay, the personal data concerning the data subject in the following cases:

    • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • the data subject withdraws his or her consent on which the data processing is based, and there is no other legal basis for the data processing;

    In the event that the Data Controller has made the Personal Data public, that is, has transferred it to third parties, then, if the data subject’s right to erasure is exercised, the Data Controller takes the reasonable steps to inform those additional data controllers to whom it has transferred the Personal Data that the data subject has requested them to erase the links to the personal data in question or to erase the copies and/or the duplicates of such personal data.

    9.4. Right to restriction of processing

    The data subject is entitled to have the Data Controller restrict, upon the request of the data subject, the processing of the data if

    • the data subject contests the accuracy of the personal data;
    • the data processing is unlawful;
    • the data controllers no longer need the personal data for the purpose of the data processing, but the data subject requests such data for bringing, asserting, or defending legal claims;
    • the data subject has objected to the data processing.


    9.5. Right to data portability

    The data subject is entitled to receive, in a structured, commonly used, and machine-readable format, the personal data which concerns him or her and which he or she has provided to the Data Controller, and is entitled to transmit such data to another data controller without hindrance from the Data Controller if:

    • the data processing is based on consent; and
    • the data processing is carried out by automated means.

    The data subject is entitled to contact the Data Controller at the following addresses with regard to the exercising of the data subject’s rights listed above:

    • Nonplusz Fashion Ltd. (Kft.) (Registered office: 1087 Budapest, Százados út 3-13.), and at
    • firtko@drfirtko.hu.

    The Data Controller provides, in writing, using plain language, and without undue delay but by no later than 1 month from the submission of the request, information about the measures taken based on the request.

    10. RIGHT TO TURN TO THE DATA PROTECTION SUPERVISORY AUTHORITY, AND/OR TO COURT

    The data subjects may seek remedy at, submit a complaint regarding the data processing to, the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), the contact details of which are the following:

    • postal address: 1530 Budapest, Pf.: 5.
    • address: 1125 Budapest Szilágyi Erzsébet fasor 22/c.
    • phone number: +36 1 391 1400
    • fax: +36 1 391 1410
    • e-mail address: ugyfelszolgalat@naih.hu
    • website: http://naih.hu

    We also inform you that, in addition to and without prejudice to the information above, you are entitled to turn to court with regard to the processing of your Data in such a manner that violates the GDPR, and, if you suffered material or non-material damage arising from the violation of the GDPR by the Company, you are entitled to seek damages from the Company.

    nonplusz.hu (Nonplusz Fashion Kft.)