Data controller data
Monte Rosso Trade and Service Ltd. - K2 Shop Specialist Shop
Registered office, mailing address, complaint handling.
Tax number: 28827564-2-41
EU VAT number: HU28827564
Bank account number: HU98-10102103-79893804-00000004
SWIFT Code: BUDAHUHB
Phone number: +36-1-453-0819
Mobile: +36-30-995-2728
Company registration number: 01-09-375687
E-mail: k2[a]k2shop.hu
Website: https://www.site.k2shop.hu
Hosting
Name: Linux Hungary Kft
Address for correspondence: 8000 Székesfehérvár Mátyás király krt 14-16.
E-mail address: contact[a]linuxhungary.hu
+36-22-504585
Description of data processing during the operation of the webshop
This document contains all relevant information on data processing in connection with the operation of the webshop in accordance with the European Union's General Data Protection Regulation 2016/679 (hereinafter referred to as the Regulation, GDPR) and the 2011 CXII.
Information about the use of cookies
What is a cookie?
The Data Controller uses so-called cookies when you visit the website. A cookie is a set of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.
Some of the cookies do not contain any personal information and cannot be used to identify the individual user, but some of them contain a unique identifier - a secret, randomly generated sequence of numbers - that is stored on your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.
Legal background and legal basis of cookies:
We basically distinguish between three types of cookies, cookies that are essential for the proper functioning of the Website, cookies for statistical purposes and cookies for marketing purposes.
The legal basis for the processing is your consent pursuant to Article 6(1)(a) of the Regulation in the case of statistical and marketing cookies, and the legitimate interest necessary for the functioning of the Website pursuant to Article 6(1)(f) of the Regulation in the case of cookies necessary for the functioning of the Website.
Main features of the cookies used by the website:
Cookies that are essential for the functioning of the website:
If you do not accept the use of these cookies, certain features may not be available to you.
Strictly necessary cookies: these cookies are essential for the use of the website and allow you to use its essential functions. Without them, many of the site's features will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.
Session cookie: these cookies store the visitor's location, browser language, payment currency, and their lifetime is until the browser is closed or for a maximum of 2 hours.
Cookies for statistical purposes:
Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and application owners to get a more accurate picture of their visitors' activities. The service may use cookies to collect information and report statistics about website usage without identifying visitors individually to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to generating reports from website usage statistics, Google Analytics, together with some of the advertising cookies described above, can also be used to display more relevant ads in Google products (such as Google Search) and across the web.
Cookies to improve your user experience: these cookies collect information about your use of the website, such as which pages you visit most often or what error messages you receive from the website. These cookies do not collect any information that identifies the visitor, i.e. they are completely generic and anonymous. We use the information they provide to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.
Cookies for marketing purposes:
Google Adwords cookie When someone visits our site, the visitor's cookie ID is added to our remarketing list. Google uses cookies - such as NID and SID cookies - to personalise the ads you see in Google products, such as Google Search. It uses such cookies, for example, to remember your recent searches, your previous interactions with advertisements from individual advertisers or search results, and your visits to advertisers' websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on a user's computer when they click on an ad. Some common uses of cookies include: selecting ads based on what is relevant for a particular user, improving campaign performance reporting, and avoiding displaying ads that the user has already viewed.
Remarketing cookies: may appear to previous visitors or users when browsing other sites on the Google Display Network or searching for terms related to your products or services
Facebook pixel (Facebook cookie) A Facebook pixel is code that allows the website to report conversions, create audiences, and provide the site owner with detailed analytics about how visitors use the site. The Facebook pixel is used to display personalised offers and ads to website visitors on the Facebook interface. You can read Facebook's privacy policy here: https://www.facebook.com/privacy/explanation
For more information on how to delete cookies, please follow the links below:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
Data processed for the purposes of contracting and performance
There may be more than one processing operation for the purposes of contracting and performance. Please note that data processing in relation to complaint handling and warranty management will only take place if you exercise one of these rights.
If you do not make a purchase through the webshop, but are only a visitor to the webshop, the processing for marketing purposes may apply to you if you give us your consent for marketing purposes.
For more details on processing for the purposes of contracting and performance:
Register on the website
By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to re-enter the data for a new purchase). Registration is not a condition for the conclusion of a contract.
Data processed
The Data Controller processes your name, address, telephone number, e-mail address, registration ip address, the characteristics of the product purchased and the date of purchase.
Duration of processing
Until the registrant requests the deletion of his/her data.
Legal basis for processing
Your voluntary consent, which you provide to the Data Controller by registering [processing under Article 6(1)(a) of the Regulation]
Processing the order
The processing of orders requires data processing activities in order to fulfil the contract.
Data processed
In the course of processing, the Data Controller processes your name, address, telephone number, e-mail address, registration ip address, the characteristics of the product purchased, the order number and the date of purchase.
If you have placed an order in the webshop, the processing and the provision of the data are necessary for the performance of the contract.
Duration of processing
The data will be stored permanently and deleted at the customer's request. The registrant can delete his account at any time.
Legal basis for data processing
Performance of the contract. [Processing of data pursuant to Article 6(1)(b) of the Regulation]
Issue of the invoice
The data management process is carried out in order to issue invoices in accordance with the law and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Tax Act, companies must keep accounting documents that directly and indirectly support the accounting.
Data processed
Name, address, e-mail address, telephone number, tax number in the case of companies.
Duration of data processing
Invoices issued must be kept for 8 years from the date of issue, pursuant to Article 169 (2) of the Tax Act.
Legal basis for data processing
Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issue of invoices is mandatory and must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [data processing pursuant to Article 6 (1) (c) of the Regulation].
Data processing related to the transport of goods
The data processing is carried out for the purpose of delivering the ordered product.
Data processed
Name, address, e-mail address, telephone number, delivery tracking.
Duration of processing
The Data Controller processes the data for the duration of the delivery of the ordered goods. After that, they are stored in the relevant systems.
Legal basis for processing
Performance of the contract [processing under Article 6(1)(b) of the Regulation].
Recipients and processors of data processing relating to the delivery of goods
Name of recipient: Magyar Posta ZRt
Address of the addressee.
Phone number of the recipient: +36-1/767-8200
E-mail address of the addressee: ugyfelszolgalat@posta.hu
Website of the addressee: posta.hu
The courier service will assist in the delivery of the ordered goods on the basis of a contract with the Data Controller. The courier service will process the personal data received in accordance with the privacy policy available on its website.
The recipient is GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
The address of the recipient is 2, GLS Europa u. 2, 2351 Alsónémedi, Hungary.
Recipient's telephone number: 06-29-88-67-00
E-mail address of the addressee: info@gls-hungary.com
Addressee's website: https://gls-group.eu/HU/hu/home
The courier service will assist in the delivery of the ordered goods on the basis of a contract with the Data Controller. The courier service will process the personal data received in accordance with the Privacy Policy available on its website.
Handling warranty and guarantee claims
Warranty and guarantee claims must be handled in accordance with the rules of Decree 19/2014 (IV. 29.) NGM, which also specifies how your claim must be handled.
Data processed
When handling warranty and guarantee claims, we must act in accordance with the rules of Decree 19/2014 (IV. 29.) NGM.
Under the Regulation, we are obliged to keep a record of the warranty or guarantee claim notified to us:
your name, address and a declaration that you consent to the processing of your data recorded in the report in accordance with the Regulation,
the name of the movable good sold under the contract concluded between you and us, the purchase price, the date of performance of the contract, the date of notification of the defect, a description of the defect, the right you claim under the warranty or guarantee and the manner in which the warranty or guarantee claim was settled or the grounds for refusing the claim or the right you claim under it.
If we take delivery of the product you have purchased, we must issue a receipt for it, stating your name and address,
the details necessary to identify the goods,
the date of receipt of the item and the date on which you can collect the repaired item.
Duration of processing
Warranty complaints will be processed using a specially produced Warranty Record Form. Filled blocks of forms are kept for 5 years.
Legal basis for processing
The legal basis for data processing is compliance with the legal obligations pursuant to the NGM Decree 19/2014 (IV. 29.) [Article 4 (1) paragraph and Article 6 (1) paragraph] [data processing pursuant to Article 6 (1) c) of the Decree].
Handling other consumer complaints
The data management process is used to handle consumer complaints. If you have made a complaint to us, the processing of the data and the provision of the data is essential.
Data processed
Customer's name, telephone number, email address, complaint content, product name, possibly article number.
Duration of processing
We keep warranty complaints for 5 years under the Consumer Protection Act.
Legal basis for processing
Whether you contact us with a complaint is a voluntary decision, but if you contact us, we are obliged to keep the complaint for 3 years under Article 17/A(7) of the Consumer Protection Act of 1997 (CLV of 1997) [processing under Article 6(1)(c) of the Regulation].
Data processed in relation to the justifiability of consent
During the registration, ordering, newsletter subscription, the IT system stores the IT data related to the consent for the purpose of subsequent verifiability.
Data processed
Date of consent and IP address of the data subject.
Duration of data processing
Due to legal requirements, consent must be verifiable at a later date, therefore the duration of the data storage will be stored for a period of limitation after the termination of the data processing.
Legal basis for processing
Article 7(1) of the Regulation imposes this obligation. [Processing under Article 6(1)(c) of the Regulation]
Data processing for marketing purposes
Remarketing
Data management as a remarketing activity is carried out using cookies.
Data processed
Data processed by cookies as defined in the cookie notice.
Duration of processing
The duration of the data storage period of the cookie, more information is available here:
Google general cookie notice:
https://www.google.com/policies/technologies/types/
Google Analitycs notice:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook Privacy Policy::
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Legal basis for data processing
Your voluntary consent, which you give to the Data Controller by using the website [processing pursuant to Article 6(1)(a) of the Regulation].
Other data processing
If the Data Controller intends to carry out further processing, it shall provide prior information on the material circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing).
Recipients of the personal data
Processing for the storage of personal data
Name of the data processor: Linux Hungary Kft.
Contact details of the data processor:
Phone number: +3622504585
E-mail address: contact@linuxhungary.hu
E-mail address.
Website: www.linuxhungary.hu
The Data Processor stores personal data on the basis of a contract with the Data Controller. The Data Controller has a contract with the Data Controller under the terms of a contract with the Data Controller.
Invoicing-related data processing
Name of data processor: Adminsoft Varion Case Management System
The data processor is located at 2315 Szigethalom Mária utca 28.
E-mail address of the data processor: ugyfelszolgalat[a]adminsoft.hu
Website of the data processor: www.adminsoft.hu
The Data Processor contributes to the recording of accounting documents on the basis of a contract with the Data Controller. In doing so, the Data Processor shall process the name and address of the data subject to the extent necessary for the accounting records, for the period of time pursuant to Section 169 (2) of the Act, after which it shall delete them.
Data processing in connection with online payment
Name of data controller.
1138 Budapest Váci út 135-139. building B. 5th floor.
Phone number of the data controller: +36303666611
E-mail address of the data controller: {emil}ugyfelszolgalat@simple.hu
Controller's website: www.simplepay.hu
The payment service provider is contracted by the Data Controller to assist in the execution of the online payment, for which purpose data is transferred to the online payment service provider during the purchase process. In doing so, the online payment service provider will process the billing name and address of the data subject, the order number and the date of the order in accordance with its own data processing rules.
The purpose of the data transfer is to provide the online payment service provider with the transaction data necessary for the payment transaction related to the purchase initiated with the online payment service provider.
Legal basis for the transfer: the performance of a contract between you and the Data Controller pursuant to Article 6(1)(b) of the Regulation, which includes the payment by the customer and, in the case of online payment, the transfer of data pursuant to this point is necessary for the payment.
Reliable shop programme
In order to operate the Reliable Shop program of www.arukereso.hu (Online Comparison Shopping Kft. 1074 Budapest, Rákóczi út 70-72., Tax number: 24868291-2-42, Company registration number: 01-09-186759), the e-mail address of the customer and the name of the product purchased will be transmitted to arukereso.hu after the purchase. The purpose of the data transfer is to request and display customer feedback. The personal data transmitted in this way will be processed by Online Comparison Shopping Ltd. in accordance with the Privacy and Data Protection Policy of www.arukereso.hu. The data controller of the data transferred in this context is Online Comparison Shopping Ltd.
Your rights in the course of data processing
For the duration of the processing, you have the following rights in accordance with the provisions of the Regulation:
the right to withdraw your consent
access to personal data and information relating to the processing
the right to rectification
restriction of processing,
the right to access to personal data and to obtain information on the processing of personal data, including the right to access to personal data
right to object
the right to portability.
You wish to exercise your rights, it involves your identification, and the Data Controller must necessarily communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification is only based on data that the Data Controller manages about you anyway), and your complaints about data management will be available in the Data Controller's email account within the time limit specified in this information regarding complaints. You were a customer of ours and you would like to identify yourself for complaint management or warranty management, please enter your order ID for identification. Using this, we can also identify you as a customer.
The Data Controller will respond to complaints related to data management within 30 days at the latest
The right to withdraw
You have the right to withdraw your consent to data management at any time, in which case the data provided will be deleted from our systems. However, please note that in the case of an order that has not yet been fulfilled, the cancellation may result in us not being able to deliver to you. In addition, if the purchase has already been completed, based on the accounting regulations, we cannot delete the data related to invoicing from our systems, and if you owe us a debt, then based on a legitimate interest related to the collection of the claim, we can process your data even if you withdraw your consent.
Access to personal data
You are entitled to receive feedback from the Data Controller as to whether your personal data is being processed, and if it is being processed, you are entitled to:
get access to the processed personal data and inform the Data Controller of the following information:
the purposes of data management;
categories of personal data processed about you;
information about the recipients or categories of recipients to whom the personal data has been or will be communicated by the Data Controller;
the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
your right to request from the Data Controller the correction, deletion or restriction of processing of your personal data and, in the case of data processing based on legitimate interests, to object to the processing of such personal data;
the right to submit a complaint to the supervisory authority;
if the data was not collected from you, any available information about its source;
about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.
The purpose of exercising the right may be aimed at establishing and checking the legality of data management, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.
Access to personal data is ensured by the Data Controller by sending you the processed personal data and information by email after your identification. If you have registered, we provide access so that you can view and check your personal data by logging into your user account.
Please indicate in your request that you are requesting access to personal data or information related to data management.
Right to rectification
You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.
Right to restriction of data processing
You have the right to request that the Data Controller restrict data processing if one of the following is true:
You dispute the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data, if the exact data can be determined immediately, the restriction will not apply;
the data management is illegal, but you object to the deletion of the data for any reason (for example, because the data are important to you for asserting a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of their use;
The Data Controller no longer needs the personal data for the purpose of the indicated data management, but you require them to submit, enforce or defend legal claims; or you have objected to the data processing, but the legitimate interests of the Data Controller may also be the basis for the data processing, in this case, until it is established whether the legitimate reasons of the Data Controller take precedence over your legitimate reasons, the data processing must be limited.
If data management is subject to restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
The data controller will inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on data management.
Right to erasure - right to be forgotten
You are entitled to have the Data Manager delete your personal data without undue delay if one of the following reasons exists:
the personal data are no longer needed for the purpose for which they were collected or otherwise processed by the Data Controller;
You withdraw your consent and there is no other legal basis for data processing;
You object to data processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for data processing,
the personal data was handled illegally by the Data Controller and this was established based on the complaint,
personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller.
If, for any legitimate reason, the Data Controller has made public the personal data processed about you and is obliged to delete it for any of the reasons indicated above, it is obliged to take all reasonably expected steps, including technical measures, in order to inform the data, taking into account the available technology and the costs of implementation controller and other data controllers that you have requested the deletion of the links to the personal data in question or the copy or duplicate of these personal data.
Deletion does not apply if data management is necessary:
for the purpose of exercising the right to freedom of expression and information;
the fulfillment of the obligation under EU or Member State law applicable to the data controller requiring the processing of personal data (such a case is data processing carried out in the context of invoicing, as the retention of the invoice is required by law), or for the purpose of performing a task carried out in the public interest or in the exercise of a public authority conferred on the data controller;
to present, enforce and defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data management complaint is in progress).
Right to protest
You have the right to object to the processing of your personal data based on legitimate interests at any time for reasons related to your own situation. In this case, the Data Controller may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the submission, enforcement or defense of legal claims .
If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.
Right to portability
If the data management is carried out in an automated way or if the data management is based on your voluntary consent, you have the right to ask the Data Controller to receive the data you provided to the Data Controller, which the Data Controller sends in xml, JSON or csv format at your disposal, if this is technically feasible, you can request that the Data Controller forward the data in this form to another data controller.
Automated decision making
You have the right not to be subject to the scope of a decision based solely on automated data management (including profiling) that would have legal effects on you or would similarly significantly affect you. In these cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his point of view and to submit objections to the decision.
The above does not apply if the decision:
Necessary to conclude or fulfill the contract between you and the Data Controller;
is made possible by EU or member state law applicable to the Data Controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; or based on your express consent.
Registration in the data protection register
Infotv. pursuant to its provisions, the Data Controller had to register certain data operations in the data protection register. This reporting obligation was terminated on May 25, 2018.
Data security measures
The Data Controller declares that it has taken appropriate security measures in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.
The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.
Remedies
If, in your opinion, the Data Controller has violated a legal provision relating to data management, or has not fulfilled any of your requests, you can initiate the investigation procedure of the National Data Protection and Freedom of Information Authority (address: 1363 Budapest, Pf. 9., e-mail) in order to terminate alleged illegal data management : ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).
We would also like to inform you that in the event of a violation of the legal provisions on data management, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.
Modification of data management information
The Data Controller reserves the right to modify this data management information in a way that does not affect the purpose and legal basis of data management. By using the website after the amendment enters into force, you accept the amended data management information.
If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other than the purpose of their collection, it will inform you of the purpose of the data processing and the following information before the further data processing:
on the period of storage of personal data, or if this is not possible, on the criteria for determining the period;
your right to request from the Data Controller access to your personal data, their correction, deletion or restriction of processing, and in the case of data processing based on legitimate interests, you may object to the processing of personal data, and in the case of data processing based on consent or a contractual relationship, you may request data portability provision of rights;
in the case of data management based on consent, that you can withdraw your consent at any time,
on the right to submit a complaint to the supervisory authority;
whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for entering into a contract, as well as whether you are obliged to provide personal data, as well as the possible consequences of failure to provide data;
about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.
The data processing can only start after this, if the legal basis of the data processing is consent, in addition to the information, you must also consent to the data processing.
Post office and postal delivery
We would like to draw your attention to the fact that Magyar Posta Zrt. identifies the recipient in accordance with the provisions of the data management information sheet in force at all times, therefore, where appropriate, you may request the provision of your personal data upon delivery by post or at a post office.
