Your data is safe on webshoptoapp.com
Data processing on the website https://webshoptoapp.com/
Effective: from February 2, 2024 until revoked
Data Controller:
Name: e-Szolgálat Kft.
Registered office: 2800 Tatabánya, Dózsakert 64./2., Hungary
Customer service phone number: +43 650 276 3203
Customer service email address: info@webshoptoapp.com
The data controller is not obliged to appoint a data protection officer. By visiting the website, its visitor accepts this data processing information. The service’s clients are legal entities, entrepreneurs. Providing personal data is voluntary, and data processing does not concern natural persons; by providing the data, they acknowledge the data processing. However, visitors to the site may also be natural persons, and general rules apply to them.
| Data processing and its purposes: | Legal basis for data processing: | Scope of processed data: | Duration of data processing: |
| Contact-related data processing: User identification, Contacting the User | Consent of the data subject GDPR Article 6(1)(a) point. | User’s name, User’s email address | For 24 hours following the end of the contact. |
| Order-related data processing: Selling products, services on the website, identifying the buyer | Performance of a contract GDPR Article 6(1)(b) point. | Buyer’s first and last name, phone number, email address, Messenger, Skype ID | 5 years from the conclusion of the contract formed by sending the order. |
| Payment transactions: Conducting data communication necessary for payment transactions between the service provider and the payment service provider, ensuring the traceability of transactions. | Consent of the data subject GDPR Article 6(1)(a) point. | Name of the invoice owner, billing address, phone number, email address, price of the purchased service, transaction amount and date. The bank account number is provided by the Data Subject through their own bank.The Data Controller does not process or store invoice data. | For a maximum of 8 years following the issuance of the accounting document to fulfill the contract. |
| Communication with the customer: Providing information related to orders and future available products, informing about offers | Legitimate interest GDPR Article 6(1)(f) point. | Customer’s name, phone number, email address, Messenger, Skype ID. | Until the existence of the contract with the Customer or until the exercise of the right to object by the data subject, that is, until the exercise of the right to object under Article 21(2)-(3) of the GDPR (whichever is earlier). |
| Invoicing activity: Issuing invoices, preserving accounting documents | Compliance with legal obligations GDPR Article 6(1)(c) point. | Billing name, address, tax number, email address, price of the purchased service, date of purchase | For 8 years following the issuance of the accounting document. |
| Participation in sweepstakes: Promoting products, website, rewarding winners, delivering prizes, | Consent of the data subject GDPR Article 6(1)(a) point. The data subject may withdraw consent at any time, without prejudice. | Data specified in the sweepstakes rules. (Typically name, email address, Public profile on Social Media. Postal data in case of prize delivery) | Data specified in the sweepstakes rules. (Typically name, email address, Public profile on Social Media. Postal data in case of prize delivery) |
| Community building on social media platforms | Consent of the data subject GDPR Article 6(1)(a) point. The data subject may withdraw consent at any time, without prejudice. | Data from the data subject’s public profile | Until the data subject unsubscribes. |
I. ADDRESSEES (OTHER DATA CONTROLLERS AND DATA PROCESSORS)
The Data Controller engages external Data Processors to perform certain tasks.
1.) HOSTING SERVICE (Ensuring the operation of the website, storing data generated during the use of the website)
Data Processor: AB Plusz Bt., (registered office: 2049 Diósd, IV. Béla király utca 48, website: www.abplusz.hu)
The Data Processor’s data processing information can be found here: https://www.abplusz.hu/adatkezelesi_tajekoztato
Engagement of the Data Processor is necessary to make the website available and operate it properly.
The Data Processor performs data storage. The location of data storage is the Data Processor’s server.
2.) PAYMENT VIA THE STRIPE SYSTEM (Settlement of the price of the ordered service)
Data Processor: STRIPE – https://stripe.com/en-at/privacy – invoicing data and payment information.
Engagement of the Data Processor occurs because we use Stripe’s secure system for payments.
The following data is provided to the Data Processor: 1. name of the bank account owner 2. bank account number 3. details of the bank where the account is held
3.) INVOICING SERVICE (Issuing invoices)
Data Processor: FINANZ.AT, DH Media Publishing GmbH, Austria / info@finanz.at
The Data Processor’s data processing information can be found here: https://www.finanz.at/datenschutz/
Engagement of the Data Processor is necessary for the proper issuance of invoices.
The following data is provided to the Data Processor: Billing name, address/headquarters, tax number, email address (if included on the invoice)
4.) RECEIVING AND SENDING MESSAGES
Data Processor: Messenger (Facebook)
The Data Controller’s data processing information can be found here: https://www.facebook.com/about/privacy/update
Data Processor: Skype Communications S.a.r.l. – Microsoft Corporation, Palo Alto California, USA
The Data Controller’s data processing information can be found here: https://privacy.microsoft.com/hu-hu/privacystatement
Data Processor: Zoom Video Communications Inc. 55 Almaden Blvd, Suite 600 San Jose, CA 95113
The Data Controller’s data processing information can be found here: https://zoom.us/privacy
Data Processor: Google Meets (Google Inc.,) Mountain View, California, USA
The Data Processor’s data processing information can be found here: https://policies.google.com/privacy
Engagement of the Data Processor occurs for video calling and messaging purposes. During messaging, the data provider may disclose other personal data voluntarily and on an ad hoc basis, in addition to their name.
5.) RECEIVING AND SENDING EMAILS
Data Processor: Google Inc., Mountain View, California, USA
The Data Processor’s data processing information can be found here: https://policies.google.com/privacy
The Data Processor is engaged to access and process data included in emails.
6.) APPEARANCE AND COMMUNICATION ON SOCIAL MEDIA PLATFORMS (Facebook, Instagram, Linkedin)
1. Data Processor: Facebook Inc., Menlo Park, California, USA (Facebook, Instagram)
The Data Processor’s data processing information can be found here: https://www.facebook.com/about/privacy/updatehttps://www.facebook.com/help/instagram/155833707900388/
2. Data Processor: Linkedin Corporation, Sunnyvale, CA, USA
The Data Processor’s data processing information can be found here: https://privacy.linkedin.com/gdpr
The Data Processor is engaged to access the data subject’s public profile, including publicly provided name and other data, to access their publicly made comments, shares, and other reactions, and to send messages through the social media platform. During messaging through the social media platform, the data provider may disclose other personal data voluntarily and on an ad hoc basis, in addition to their name.
II. DATA TRANSFER TO THIRD COUNTRIES:
Among the Data Processors, Google Inc. (Email service, Messaging), Facebook Inc. (Community building, Messaging), Skype Communications S.a.r.l. (Video calling, Messaging), Zoom Video Communications Inc. (Video calling), and Linkedin Corporation (Community building, Messaging) are located in third countries (USA).
III. AUTOMATED DECISION-MAKING AND PROFILING:
There is no automated decision-making and profiling on the website.
IV. DATA SECURITY MEASURES:
The Data Controller plans and executes data processing operations in a manner that ensures the protection of individuals’ privacy in accordance with the GDPR and other applicable data processing regulations. The Data Controller ensures the security of data and takes technical and organizational measures and establishes procedural rules necessary to enforce the GDPR and other data and privacy protection regulations. The Data Controller protects personal data with measures proportionate to the risk, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and against becoming inaccessible due to changes in the technology used. In this regard, the Data Controller stores the personal data of the data subject in password-protected and/or encrypted databases. The Data Controller protects data with firewalls, antivirus programs, and encryption mechanisms within the framework of proportional protection against risks.
V. RIGHTS OF THE DATA SUBJECT RELATED TO DATA PROCESSING:
The GDPR contains detailed provisions regarding the data subject’s rights and remedies and their limitations (especially Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, and 82 of the GDPR). The data subject may request information about their data at any time, may request correction, deletion, or restriction of their data, and may otherwise object to data processing based on legitimate interests.
Below, we summarize the most important provisions.
The Data Controller particularly draws the data subject’s attention to the following:
The data subject is entitled to object at any time to the processing of personal data concerning them based on the legitimate interests of the Data Controller, for reasons related to their particular situation. In this case, the Data Controller may not further process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. If the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
1.) RIGHT TO INFORMATION:
If the Data Controller processes personal data concerning the Data Subject, the Data Controller is obliged to provide the Data Subject with information – even without the Data Subject’s request – on the key features of the data processing, including the purpose of the data processing, its legal basis, duration, the identity and contact details of the Data Controller and its representative, the contact details of the data protection officer, the recipients of the personal data, the legitimate interests pursued by the Data Controller and/or third parties in case of data processing based on legitimate interest, and the Data Subject’s rights and remedies regarding data processing (including the right to lodge a complaint with the supervisory authority), as well as, if the Data Subject is not the source of the data, information about the source and categories of personal data concerning the Data Subject, if the Data Subject does not already have this information. The Data Controller provides this information by making this privacy notice available to the Data Subject.
2.) RIGHT OF ACCESS:
The Data Subject is entitled to receive confirmation from the Data Controller as to whether personal data concerning them are being processed, and if so, to access the personal data and certain information regarding the data processing, including the purposes of the processing, the categories of personal data concerned, the recipients of the personal data, the (planned) duration of the processing, the Data Subject’s rights and remedies (including the right to lodge a complaint with the supervisory authority), and information about the source of the data if it was not collected from the Data Subject. Upon request, the Data Controller shall provide the Data Subject with a copy of the personal data undergoing processing. The Data Controller may charge a reasonable fee based on administrative costs for any further copies requested by the Data Subject. If the request is made electronically, the information must be provided in a widely used electronic format, unless otherwise requested by the Data Subject. The right to request a copy shall not adversely affect the rights and freedoms of others.
3.) RIGHT TO RECTIFICATION:
The Data Subject has the right to request the Data Controller to correct without undue delay any inaccurate personal data concerning them. Taking into account the purposes of the processing, the Data Subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
4.) RIGHT TO ERASURE:
The Data Subject has the right to request the Data Controller to erase without undue delay personal data concerning them, and the Data Controller is obliged to erase personal data without undue delay if certain conditions are met. The Data Controller must, among other things, erase personal data upon the Data Subject’s request if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; if the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing; or if the personal data have been unlawfully processed; or if the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing; or if the personal data must be erased for compliance with a legal obligation in Union or Member State law.
The above shall not apply if the processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject; c) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; d) for the establishment, exercise, or defence of legal claims.
5.) RIGHT TO RESTRICTION OF PROCESSING:
The Data Subject has the right to request the Data Controller to restrict processing if one of the following applies: a) the accuracy of the personal data is contested by the Data Subject, in which case the restriction shall be for a period enabling the Data Controller to verify the accuracy of the personal data; b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the Data Controller no longer needs the personal data for the purposes of the processing, but the Data Subject requires them for the establishment, exercise, or defence of legal claims; or d) the Data Subject has objected to processing pending the verification of whether the legitimate grounds of the Data Controller override those of the Data Subject. If processing is restricted under the above, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. The Data Controller shall inform the Data Subject in advance if processing is to be resumed following the restriction requested by the Data Subject.
6.) RIGHT TO OBJECT:
The Data Subject has the right to object at any time, for reasons relating to their particular situation, to the processing of personal data concerning them by the Data Controller based on the Data Controller’s legitimate interest. In such cases, the Data Controller may no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defence of legal claims. Where personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning them for such marketing. If the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
7.) RIGHT TO LODGE A COMPLAINT:
If the Data Subject’s rights are infringed, they have the right to lodge a complaint with the competent data protection supervisory authority (in Hungary, the National Authority for Data Protection and Freedom of Information; “NAIH”) and to seek judicial remedy. Contact details for the NAIH (Address: on website Email: ugyfelszolgalat@naih.hu, Website: http://naih.hu/).
VII. MANAGEMENT OF COOKIES:
In addition, the Data Controller informs data subjects that cookies are used on the website. Cookies are files that store information in the data subject’s web browser. Cookies are a means of information exchange between the web server and the user’s browser. The information sent by cookies helps internet browsers to be more easily recognizable, thus allowing users to receive relevant and personalized content. Cookies make browsing more convenient. With the help of cookies, website operators can also create anonymous statistics about the habits of website visitors. Most cookies do not contain personal information and cannot identify users. The stored data is necessary for easier browsing.
Websites may use the following types of cookies:
Temporary cookies, which remain on the data subject’s device until they leave the website.
Persistent cookies, which may remain on the data subject’s web browser for a longer period depending on the data subject’s web browser settings, or until the data subject deletes them.
Third-party cookies placed by third parties on the data subject’s device (e.g., Google Analytics). These are placed in the data subject’s browser when the visited website uses services provided by third parties.
Cookies can be classified as follows:
a) Essential session cookies: These are essential for navigating the website and for the functioning of the website’s features. Without accepting these, the website, or certain parts thereof, may not display or may display incorrectly.
b) Analytical or performance monitoring cookies: These help the Data Controller distinguish website visitors and collect data on how visitors behave on the website. They do not collect personally identifiable information since the data is stored in aggregated and anonymous form.
c) Functional cookies: The purpose of these cookies is to improve the user experience. They detect and store, for example, how the data subject accessed the website or the data subject’s previously provided and requested data. These cookies do not track the data subject’s activity on other websites. However, the information they collect may contain personally identifiable data that the data subject has shared.
d) Targeted or advertising cookies: These enable the website to provide the data subject with information that best matches their interests. Explicit consent from the data subject is required as these cookies collect detailed information about the data subject’s browsing habits. This website records the IP address, visit time, visited page, visitor country, browser version, and operating system type for analytical and security reasons. This is necessary for asserting legitimate interests, providing high-quality services, and for analytical purposes.
The Data Controller uses cookies in accordance with the provisions of the Data Protection Act, the Information Act, and the GDPR.
For websites operating within the European Union, including the website operated by the Data Controller, consent from users is required to use cookies and to store them on the user’s computer or other device. Cookies can be deleted or disabled in the web browser used. Web browsers typically allow cookies to be placed by default. This can be disabled in the browser settings, as well as existing cookies can be deleted. Additionally, it can be set to notify the user when a cookie is sent to the device.
However, it is important to emphasize that disabling or restricting these files may impair the browsing experience and may also cause errors in the functionality of the website. The settings are generally found in the browser’s “Options” or “Settings” menu. Each web browser is different, so to ensure the appropriate settings, the Data Controller requests that the data subject use the “Help” or “Support” menu of their browser, or click on the relevant link below:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internetexplorer-delete-manage-cookies
Firefox: https://support.mozilla.org/en-US/products/firefox/protect-yourprivacy/cookies
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Safari: https://support.apple.com/kb/PH5042?locale=en_USMozilla: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Privacy Notice for Comments
When submitting a comment, in addition to the information provided in the comment form, the commenter’s IP address and browser identifier string are collected for spam detection purposes.
An anonymized string generated from the commenter’s email address (also called a hash) is sent to the Gravatar service if it is in use on the site. The terms of the Gravatar service can be viewed at the following address: https://automattic.com/privacy/. After the comment is approved, the content of the comment and our profile picture will be displayed publicly.
Media
If an image is uploaded to the website by a registered user, any EXIF data containing GPS location data should be avoided. Visitors to the website can download and extract location data from images on the website.
Cookies
If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g., videos, images, articles, etc.) from external sources. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who do we share user data with? If a password reset is requested, the reset email will contain the IP address. How long do we keep personal data? When commenting, the comment and its metadata will be retained indefinitely in the system. The purpose of this is to make all subsequent comments known and approved by us, so they do not end up in the list of comments to be moderated. The personal data of registered users (if any) is also stored in their own user profiles on the website. Every user can view, edit, or delete their personal data at any time (except they cannot change their own username). Website administrators can also view and edit this information. What rights does the user have regarding their own data? When registering an account or writing a comment on the website, you can request to receive a file containing the personal data in an export format, which includes any data previously provided by the user. You can also request that any previously provided personal data be deleted. This does not apply to data that we are required to retain for administrative, legal, or security reasons. Comments submitted by visitors may be checked by an automated spam detection service.