PRIVACY POLICY

Date of acceptance: 11.17.2022

Data controller

 

Name: BioBach-Music Könyv-és Zeneműkiadó Bt.

Headquarters: 1037 Budapest, Farkastorki slope 2 C

Mailing address: u.az.

Business premises address: colorfulbach.com

Name of representative: Marta Ábrahám

E-mail address:info@colorfulbach.com

Telephone number: +36209495751

Hosting provider

Name: 3 in 1 Hosting Bt.

Mailing address: 2310 Szigetszentmiklós, Dévai utca 10/A

E-mail address: admin@megacp.com

 

INFORMATION REGARDING THE USE OF COOKIES

Description of data processing during the operation of the webshop

 

This document contains all relevant data management information regarding the operation of the webshop in accordance with the European Union’s General Data Protection Regulation No. 2016/679 (hereinafter: Regulation, GDPR) and CXII of 2011. TV. (hereinafter: Infotv.) based on

 

Information about the use of cookies

 

What is a cookie?

The Data Controller uses so-called cookies when visiting the website. The cookie is an information package consisting of letters and numbers that our website sends to your browser with the aim of saving certain settings, facilitating the use of our website and helping us to collect some relevant, statistical information about our visitors.

 

Some of the cookies do not contain personal information and are not suitable for identifying the individual user, but some of them contain an individual identifier – a secret, randomly generated string of numbers – which is stored on your device, thus ensuring your identification. The operational duration of each cookie is contained in the relevant description of each cookie.

 

Legal background and legal basis of cookies:

 

The legal basis for data management is your consent based on Article 6, paragraph (1) point a) of the Regulation.

 

The main characteristics of the cookies used by the website:

 

Session cookie: These cookies store the location of the visitor, the language of the browser, the currency of the payment, and their lifetime is until the browser is closed, or a maximum of 2 hours.

 

Age-restricted content cookie: These cookies record the approval of age-restricted content and the fact that the person concerned is over 18 years old, and their lifetime lasts until the browser is closed.

 

Refer cookiek: They record the external site from which the visitor came to the site. Their lifetime lasts until the browser is closed.

 

Last viewed product cookie: Records the products that were last viewed by the visitor. Their lifespan is 60 days.

 

Last viewed category cookie: Records the last viewed category. Its lifespan is 60 days.

 

Recommended products cookie: With the “recommend to a friend” function, you record the list of products you want to recommend. Its lifespan is 60 days.

 

Mobile version, design cookie: It detects the device used by the visitor and switches to full view on mobile. Its lifespan is 365 days.

 

Cookie acceptance cookie: When you arrive at the site, you accept the statement on the storage of cookies in the warning window. Its lifespan is 365 days.

 

Basket cookies: It records the products placed in the basket. Its lifespan is 365 days.

 

Smart offer cookie: It records the conditions for the display of intelligent offers (e.g. has the visitor been to the site before, does he have an order). Its lifespan is 30 days.

 

Opt-out #2 cookie: According to option #2, the system logs out the visitor after 90 days. Its lifespan is 90 days.

 

Backend identification cookie: The ID of the backend server serving the page. Its lifetime lasts until the browser is closed.

 

Google Adwords cookie When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, in Google products, such as to customize the ads displayed in Google Search. For example, it uses such cookies to remember your most recent searches, your previous interactions with ads or search results from certain advertisers, and your visits to advertisers’ websites. AdWords conversion tracking uses cookies. To track sales and other conversions resulting from the ad, cookies are saved on the user’s computer when that person clicks on an ad. Some of the common uses of cookies are: to select ads based on what is relevant to the user, to improve reporting on campaign performance, and to avoid showing ads that the user has already seen.

 

Google Analytics cookie: Google Analytics is Google’s analytical tool that helps website and application owners get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report statistical data on the use of the website without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to the reports generated from website usage statistics, Google Analytics – together with some of the advertising cookies described above – can also be used to display more relevant ads in Google products (such as Google Search) and across the Internet.

 

Remarketing cookiek-k: They may appear to past visitors or users when they browse other websites in the Google Display Network and search for terms related to your products or services

 

Cookies strictly necessary for operation: These cookies are essential for the use of the website and enable the use of the basic functions of the website. In the absence of these, many functions of the site will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.

 

Cookies for improving the user experience: These cookies collect information about the user’s use of the website, for example, which pages he visits most often or what error message he receives from the website. These cookies do not collect information that identifies the visitor, that is, they work with completely general, anonymous information. We use the data obtained from these to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

 

Session cookie: These cookies store the location of the visitor, the language of the browser, the currency of the payment, and their lifetime is until the browser is closed, or a maximum of 2 hours.

 

Age-restricted content cookie: These cookies record the approval of age-restricted content and the fact that the person concerned is over 18 years old, and their lifetime lasts until the browser is closed.

 

Refer cookiek: They record the external site from which the visitor came to the site. Their lifetime lasts until the browser is closed.

 

Last viewed product cookie: Records the products that were last viewed by the visitor. Their lifespan is 60 days.

 

Last viewed category cookie: Records the last viewed category. Its lifespan is 60 days.

 

Recommended products cookie: With the “recommend to a friend” function, you record the list of products you want to recommend. Its lifespan is 60 days.

 

Mobile version, design cookie: It detects the device used by the visitor and switches to full view on mobile. Its lifespan is 365 days.

 

Cookie acceptance cookie: When you arrive at the site, you accept the statement on the storage of cookies in the warning window. Its lifespan is 365 days.

 

Basket cookie: It records the products placed in the basket. Its lifespan is 365 days.

 

Smart offer cookie: It records the conditions for the display of intelligent offers (e.g. has the visitor been to the site before, does he have an order). Its lifespan is 30 days.

 

Opt-out #2 cookie: According to option #2, the system logs out the visitor after 90 days. Its lifespan is 90 days.

 

Backend identification cookie: The ID of the backend server serving the page. Its lifetime lasts until the browser is closed.

 

Facebook pixel (Facebook cookie) The Facebook pixel is a code with the help of which a report is prepared on the website about conversions, target audiences can be compiled, and the owner of the page receives detailed analysis data about the visitors’ use of the website. With the help of the Facebook pixel, you can display personalized offers and advertisements to website visitors on the Facebook interface. You can read Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation

 

If you do not accept the use of cookies, certain functions will not be available to you. You can find more information on deleting cookies at the following links:

 

 

Data processed for the purpose of concluding and fulfilling the contract

 

In order to conclude and fulfill the contract, several cases of data management may be implemented. We would like to inform you that data processing related to complaint management and warranty administration is only carried out if you exercise one of the aforementioned rights.

 

If you do not make a purchase through the webshop, but are only a visitor to the webshop, then the provisions of data management for marketing purposes may apply to you if you give us consent for marketing purposes.

 

The data processing carried out for the purpose of concluding and fulfilling the contract in more detail:

 

Recipients and data processors of data processing related to the delivery of goods

 

Name of recipient: Magyar Posta Private Limited Liability Company
Headquarters: Budapest, 1138 Budapest, Dunavirág utca 2-6.
Postal address: Budapest 1540

 

Website: posta.hu

 

The courier service contributes to the delivery of the ordered goods based on the contract concluded with the Data Controller. The courier service handles the personal data received in accordance with the data management information available on its website.

 

FURTHER DATA MANAGEMENT

Additional data management

If the Data Controller wishes to carry out further data processing, it will provide preliminary information on the essential circumstances of data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).

 

Recipients of personal data

Data processing for the storage of personal data

Name of the data processor: BioBach-Music Könyv-és Zeneműkiadó Bt..

Contact details of the data processor:

Telephone number: 06209495751

E-mail address: info@colorfulbach.com

Headquarters: 1037 Budapest, Farkastorki slope 2 C

Website: colorfulbach.com

The Data Processor stores personal data based on the contract concluded with the Data Controller. You are not entitled to access personal data.

 

 

Data management related to online payment

Name of the data controller: Stripe, Inc.

The headquarters of the data controller: 354 Oyster Point Boulevard South San Francisco, California, 94080, USA

Website of the data controller: stripe.com

Online bank card payments are made through the Stripe system. The bank card data will not reach the service provider. 

Categories of processed personal data:

  • Customer data required for delivery: recipient (customer) name, delivery address,
  • phone number, e-mail address
  • Customer data required for issuing an invoice: recipient (customer) name,
  • billing address (if the invoice is issued by the Data Processor, the Data Controller
  • on behalf of)
  • Purchase-related data: time, purchased product, price, characteristics
  • Mode of delivery, status
  • Payment method, status, amount
  • Order ID
  • Data related to delivery

Duration of processing personal data

The Data Controller instructs the Data Processor to store the processed data in the Webshippy System for 1 year after the fulfillment of the order. The Webshippy System provides the possibility for the Data Controller to keep the data related to the order beyond the 1-year retention period for orders that are fulfilled through the Webshippy System. The Data Controller can delete data from the register at any time after the expiration of 1 year, thus the Webshippy System provides the Data Controller with the opportunity to comply with the data management period defined by it.

RIGHTS OF THE DATA SUBJECTS

Your rights during data management

Within the period of data management, you are entitled to the following rights according to the provisions of the Regulation:

  • the right to withdraw consent
  • access to personal data and information about data management
  • right to rectification
  • restriction of data management,
  • right to erasure
  • right to protest
  • right to portability.

If you wish to exercise your rights, it involves your identification, and the Data Controller must necessarily communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification can only be based on data that the Data Controller manages about you anyway), and your complaints about data management will be available in the Data Controller’s email account within the period specified in this information regarding complaints. If you were a customer of ours and would like to identify yourself in order to handle complaints or warranty, please enter your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller will respond to complaints related to data management within 30 days at the latest.

The right to withdraw consent

You have the right to withdraw your consent to data management at any time, in which case the data provided will be deleted from our systems. However, please note that in the case of an order that has not yet been fulfilled, the cancellation may result in us not being able to deliver to you. In addition, if the purchase has already been completed, based on the accounting regulations, we cannot delete the data related to invoicing from our systems, and if you owe us a debt, then based on a legitimate interest related to the collection of the claim, we can process your data even if you withdraw your consent.

Access to personal data

You are entitled to receive feedback from the Data Controller as to whether your personal data is being processed, and if it is being processed, you are entitled to:

  • get access to the processed personal data and
  • inform the Data Controller of the following information:
    • the purposes of data management;
    • categories of personal data processed about you;
    • information about the recipients or categories of recipients to whom the personal data has been or will be communicated by the Data Controller;
    • the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
    • your right to request from the Data Controller the correction, deletion or restriction of processing of your personal data and, in the case of data processing based on legitimate interests, to object to the processing of such personal data;
    • the right to submit a complaint to the supervisory authority;
    • if the data was not collected from you, any available information about its source;
    • about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.

The purpose of exercising the right may be aimed at establishing and checking the legality of data management, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

Access to personal data is ensured by the Data Controller by sending you the processed personal data and information by email after your identification. If you have registered, we provide access so that you can view and check your personal data by logging into your user account.

Please indicate in your request that you are requesting access to personal data or information related to data management.

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

Right to restriction of data processing

You have the right to request that the Data Controller restrict data processing if one of the following is true:

  • You dispute the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data, if the exact data can be determined immediately, the restriction will not apply;
  • the data management is illegal, but you object to the deletion of the data for any reason (for example, because the data are important to you for asserting a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of their use;
  • The Data Controller no longer needs the personal data for the purpose of the indicated data management, but you require them to submit, enforce or defend legal claims; obsession
  • You have objected to the data processing, but the Data Controller’s legitimate interests may also be the basis for the data processing, in which case until it is determined whether the Data Controller’s legitimate reasons take precedence over your legitimate reasons, the data processing must be limited.

If data management is subject to restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

The data controller will inform you in advance (at least 3 working days before the restriction is lifted) of the lifting of the restriction on data management.

Right to erasure – right to be forgotten

You are entitled to have the Data Manager delete your personal data without undue delay if one of the following reasons exists:

  • the personal data are no longer needed for the purpose for which they were collected or otherwise processed by the Data Controller;
  • You withdraw your consent and there is no other legal basis for data processing;
  • You object to data processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for data processing,
  • the personal data was handled illegally by the Data Controller and this was established based on the complaint,
  • personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller.

If, for any legitimate reason, the Data Controller has made public the personal data processed about you and is obliged to delete it for any of the reasons indicated above, it is obliged to take all reasonably expected steps, including technical measures, in order to inform the data, taking into account the available technology and the costs of implementation controller and other data controllers that you have requested the deletion of the links to the personal data in question or the copy or duplicate of these personal data.

Deletion does not apply if data management is necessary:

  • for the purpose of exercising the right to freedom of expression and information;
  • the fulfillment of the obligation under EU or Member State law applicable to the data controller requiring the processing of personal data (such a case is data processing carried out in the context of invoicing, as the retention of the invoice is required by law), or for the purpose of performing a task carried out in the public interest or in the exercise of a public authority conferred on the data controller;
  • to present, enforce and defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data management complaint is in progress).

Right to protest

You have the right to object to the processing of your personal data based on legitimate interests at any time for reasons related to your own situation. In this case, the Data Controller may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the submission, enforcement or defense of legal claims .

If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

Right to portability

If the data management is carried out in an automated way or if the data management is based on your voluntary consent, you have the right to ask the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller sends in xml, JSON or csv format at your disposal, if this is technically feasible, you can request that the Data Controller forward the data in this form to another data controller.

Automated decision making

You have the right not to be subject to the scope of a decision based solely on automated data management (including profiling) that would have legal effects on you or would similarly significantly affect you. In these cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his point of view and to submit objections to the decision.

The above does not apply if the decision:

  • Necessary to conclude or fulfill the contract between you and the Data Controller;
  • is made possible by EU or member state law applicable to the Data Controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession
  • based on your express consent.

Registration in the data protection register

Infotv. pursuant to its provisions, the Data Controller had to register certain data operations in the data protection register. This reporting obligation was terminated on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.

The Data Controller will do everything within its organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.

Remedies

If, in your opinion, the Data Controller has violated a legal provision on data management or has not fulfilled any of your requests, you can initiate the investigation procedure of the National Data Protection and Freedom of Information Authority (address: 1363 Budapest, Pf. 9., e-mail) in order to terminate alleged illegal data management : ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

We would also like to inform you that in the event of a violation of the legal provisions on data management, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court. 

Modification of data management information

The Data Controller reserves the right to modify this data management information in a way that does not affect the purpose and legal basis of data management. By using the website after the amendment enters into force, you accept the amended data management information.

If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other than the purpose of their collection, it will inform you of the purpose of the data processing and the following information before the further data processing:

  • on the period of storage of personal data, or if this is not possible, on the criteria for determining the period;
  • of your right to request from the Data Controller access to your personal data, their correction, deletion or restriction of processing, and in the case of data processing based on legitimate interests, you may object to the processing of personal data, and in the case of data processing based on consent or a contractual relationship, you may request data portability provision of rights;
  • in the case of data management based on consent, that you can withdraw your consent at any time,
  • on the right to submit a complaint to the supervisory authority;
  • about whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for entering into a contract, as well as whether you are obliged to provide personal data, and what possible consequences the failure to provide data may have;
  • about the fact of automated decision-making (if such a procedure is used), including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for you.

The data processing can only start after this, if the legal basis of the data processing is consent, in addition to the information, you must also consent to the data processing.