Privacy notice

Data Controller
Name: Arosa Kft.

Registered office: 3526 Miskolc, Mechatronikai park 14.

Mailing address, complaints: 3526 Miskolc, Mechatronikai park 14.

E-mail: husuzem@arosakft.hu

Phone number: +36307034752

Website: http://www.naragh.hu

Hosting provider
Name: Arosa Ltd.

Mailing address: 3526 Miskolc, Mechatronikai park 14.

E-mail address: admins@arosakft.hu

Phone number: +36209565066

Description of data controlling in the operation of the webshop
This document contains all relevant information on data controlling in relation to the operation of the webshop in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation, GDPR) and the Act CXII of 2011 (hereinafter: Infotv.).

Information about the use of cookies
What is a cookie?

The Data Controller uses so-called cookies by the visiting of the website. A cookie is a set of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.

Some of the cookies do not contain any personal information and cannot be used to identify an individual user, but some of them contain a unique identifier - a secret, randomly generated sequence of numbers - that is stored on your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.

Legal background and legal basis for cookies:

The legal basis for data controlling is your consent pursuant to Article 6(1)(a) of the Regulation.

Main features of the cookies used by the website:

If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please click on the links below:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Data processed for the purposes of contracting and performance
There may be several data controlling operations for the purposes of contracting and performance. Please note that data controlling in relation to complaint handling and warranty management will only take place if you exercise one of these rights.

If you do not make a purchase through the webshop, but are a visitor to the webshop, the marketing processing may apply to you if you provide us with your consent for marketing purposes.

More details on data controlling for the purposes of contracting and performance:

Registration on the website
By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to re-enter the data for a new purchase). Registration is not a condition for the conclusion of a contract

Data controlled
In the course of data controlling, the Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the goods purchased and the date of purchase.

Duration of processing
Until your consent is withdrawn.

Legal basis for data controlling
Your voluntary consent, which you provide to the Data Controller by registering [processing under Article 6(1)(a) of the Regulation]

Issuing the invoice
The data controlling process is carried out in order to issue the invoice in accordance with the law and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Sztv. (Accounting Act), companies must keep accounting documents that directly and indirectly support the accounting.

Data controlled
Name, address, e-mail address, telephone number.

Duration of data controlling
Invoices issued must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Sztv. (Accounting Act). Legal basis for data controlling Pursuant to Article 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issue of invoices is mandatory and must be kept for 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting [processing pursuant to Article 6 (1) (c) of the Regulation].

Further data controlling
If the Data Controller intends to carry out further data controlling, it shall provide prior information on the essential circumstances of the controlling (legal background and legal basis of the data controlling, purpose of the data controlling, scope of the data controlled, duration of the data controlling).

Recipients of personal data
Data controlling for the purpose of storing personal data Name of the data controller: Arosa Kft.

Contact details of the data controller:

Phone number: +36209565066
E-mail address: admins@arosakft.hu
Registered office: 3526 Miskolc, Mechatronikai park 14.
Website:
The Data Processor stores personal data based on a contract with the Data Controller. It is not entitled to know the personal data.

Data processing related to invoicing
The data processor’s name: Rool Informatika Kft.
The data processor's registered office: 4275 Monostorpályi, Sziget u. 2.
The data processor's telephone number: +36202614351
The data processor's e-mail address: helpdesk@rool.hu
The data processor's website:

The Data Processor shall contribute to the recording of accounting documents on the basis of a contract with the Data Controller. In doing so, the Data Processor shall process the name and address of the data subject to the extent necessary for the accounting records, for the period of time pursuant to Section 169 (2) of the Sztv. (Accounting Act), and shall delete them thereafter.

Your rights during data controlling
During the period of controlling, you have the following rights under the Regulation:

• the right to withdraw consent
• the right to portability.
• right to rectification
• restriction of controlling,
• right to deletion
• right to object
• the right to portability.
  If you wish to exercise your rights, this will involve your identification and the Data Controller will need to communicate with you. Therefore, in order to identify you, you will be required to provide personal data (but identification will only be based on data that the Controller already holds about you) and your complaints about the processing will be available on the Controller's email account for the period of time specified in this notice in relation to complaints. If you have been a customer of ours and would like to be identified for the purposes of complaint handling or warranty handling, please also provide your order ID for identification purposes. We can use this to identify you as a customer.

The Data Controller shall respond to complaints about data processing within 30 days at the latest. If you wish to exercise your rights, this will involve your identification and the Data Controller will need to communicate with you. For this purpose, identification will require the provision of personal data (but identification will only be based on data that the Controller already holds about you) and your complaints about the data controlling will be available on the Controller's email account for the period of time specified in this notice in relation to complaints. If you have been a purchaser of ours and would like to be identified for the purposes of complaint handling or warranty handling, please also provide your order ID for identification purposes. We can use this to identify you as a purchaser. The Data Controller shall respond to complaints about data controlling within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the data will be deleted from our systems. Please note, however, that in the case of an outstanding order, withdrawal may result in our inability to deliver to you. In addition, if the purchase has already been made, we may not be able to delete the billing data from our systems under accounting regulations, and if you have a debt to us, we may process your data in the event of withdrawal of consent on the basis of a legitimate interest in the recovery of the debt.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether or not your personal data is being processed and, if it is being processed, you have the right to:

• have access to the personal data processed; and
• the following information to be provided by the Data Controller:
• the purposes of the processing;
• the categories of personal data processed about you;
• information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Controller;
• the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period;
• your right to request the Controller to rectify, erase or restrict the processing of personal data concerning you and to object to the processing of such personal data where the processing is based on legitimate interests;
• the right to lodge a complaint with a supervisory authority;
• if the data was not collected from you, any available information about its source;
• the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing.
  The purpose of exercising the right may be to ascertain and verify the lawfulness of the processing, and therefore, in the event of repeated requests for information, the Data Controller may charge reasonable compensation for the provision of information.

Access to personal data is provided by the Data Controller by sending you, by email, the personal data and information processed after you have identified yourself. If you are registered, we will provide access so that you can view and verify the personal data we process about you by logging into your account.

Please indicate in your request whether you want access to your personal data or information about data management.

Right to rectification

You have the right to have inaccurate personal data relating to you corrected by the Data Controller without delay upon your request.

Right to restriction of processing

You have the right to have the Controller restrict processing at your request if one of the following conditions is met:

• You contest the accuracy of the personal data, in which case the restriction will apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data, if the accuracy can be established immediately, no restriction will be imposed;
• the processing is unlawful, but you object to the deletion of the data for any reason (for example, because the data are important to you for the purposes of pursuing a legal claim) and you do not request the deletion of the data but instead request the restriction of their use;
• the Controller no longer needs the personal data for the purposes for which they are processed, but you require them for the establishment, exercise or defence of legal claims; or
• You have objected to the processing, but the Data Controller may also have a legitimate interest in the processing, in which case, until it is established whether the legitimate grounds of the Data Controller prevail over your legitimate grounds, the processing shall be restricted.
  If the processing is restricted, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The Data Controller will inform you in advance (at least 3 working days before the lifting of the restriction) about the lifting of the restriction.

Right to erasure - right to be forgotten

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Controller;
• You withdraw your consent and there is no other legal basis for the processing;
• You object to processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for the processing,
• the personal data were unlawfully processed by the Controller and this has been established on the basis of the complaint,
• the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller.
  If the Data Controller has disclosed personal data about you for any lawful reason and is required to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers that you have requested the deletion of the links to or copies of the personal data in question.

Erasure does not apply where the processing is necessary:

• to exercise the right to freedom of expression and information;
• to comply with an obligation under Union or Member State law that requires the controller to process personal data (such as processing in the context of invoicing, where the storage of the invoice is required by law) or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
• to lodge, enforce or defend legal claims (e.g. if the Data Controller has a claim against you and has not yet settled it, or if a consumer or data management complaint is pending).
  Right to object

You have the right to object to the processing of your personal data based on legitimate interests at any time on grounds relating to your particular situation. In such a case, the Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, where it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for those purposes.

Right to portability

If the processing is automated or if the processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON or csv format, and if technically feasible, you may request that the Data Controller transfer the data in this format to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that would have legal effects concerning you or similarly significantly affect you. In such cases, the controller must take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express his or her point of view and to object to the decision.

The above does not apply if the decision:

• necessary for the conclusion or performance of a contract between you and the Data Controller;
• is permitted by Union or Member State law applicable to the Controller which also lays down appropriate measures to protect your rights and freedoms and legitimate interests;
• or based on your explicit consent.
  Registration in the Data Protection Register
  Pursuant to the provisions of the Data Protection Act, the Data Controller was required to notify certain of its data processing activities to the data protection register. This notification obligation ceased as of 25 May 2018.
  Data security measures
  The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

The Data Controller will make every effort to ensure that its Data Processors also take appropriate data security measures when working with your personal data, as far as organisational and technical possibilities allow.

Remedies
If you believe that the Data Controller has violated a legal provision on data processing or has failed to comply with a request, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information to terminate the alleged unlawful processing (mailing address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

You are also informed that you may bring a civil action against the Data Controller before a court in the event of a breach of the legal provisions on data processing or if the Data Controller has not complied with a request.

Amendments to the Privacy Notice
The Data Controller reserves the right to amend this Privacy Notice in a way that does not affect the purpose and legal basis of the processing. By using the website after the amendment comes into force, you accept the amended privacy notice.

If the Data Controller intends to carry out further processing of the collected data for purposes other than those for which they were collected, the Data Controller will inform you of the purposes of the processing and the following information prior to the further processing:

• the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration;
• your right to request from the Controller access to, rectification, erasure or restriction of processing of personal data concerning you and, in the case of processing based on legitimate interest, to object to the processing of personal data and, in the case of processing based on consent or a contractual relationship, to request the right to data portability;
• in the case of processing based on consent, that you can withdraw your consent at any time,
• the right to lodge a complaint with a supervisory authority;
• whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether you are under an obligation to provide the personal data and the possible consequences of not providing the data;
• the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information about the logic used and the significance and likely consequences for you of such processing.
  Processing can only start after this, if the legal basis for the processing is consent, and you must give your consent in addition to the information.