Privacy Policy

(Last updated 10/02/2024)

Data Controller:
Name: Erinnie Consulting Kft.
Address: Hungary, 3728 Kelemér, Petőfi Sándor Street 4.
Address for correspondence: Hungary, 3728 Kelemér, Petőfi Sándor Street 4.
E-mail: info@erinnie.com
Website: https://erinnie.com

Description of the data processing carried out in the operation of the webshop
This document contains all relevant information on data processing in connection with the operation of the webshop in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation, GDPR) and the Act of 2011 CXII (hereinafter: Infotv.).

Information about the use of cookies

What is a cookie?
The Data Controller uses so-called cookies when you visit the website. A cookie is a set of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.

Some of the cookies do not contain any personal information and cannot be used to identify the individual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.

Legal background and legal basis for cookies
We distinguish between three basic types of cookies: cookies that are essential for the proper functioning of the Website, cookies for statistical purposes and cookies for marketing purposes. The legal basis for processing is your consent under Article 6(1)(a) of the Regulation in the case of statistical and marketing cookies, and the legitimate interest necessary for the functioning of the Website under Article 6(1)(f) of the Regulation in the case of cookies necessary for the functioning of the Website.

List of cookies used by erinnie.com:
[You can set the list of cookies that you accept at any time in the “Settings” section of the “Cookies” pop-up window that appears when you visit the website.]

Contact

If you contact us by email with questions about our products. You can order from the webshop at any time without contacting us.
The data processed when contacting us: name and e-mail address.
Duration of processing: data will be processed only until the contact is completed.
Legal basis for processing: your voluntary consent given to the Data Controller by contacting us. [Processing under Article 6(1)(a) of the Regulation]

Registration
You can buy our products without registering on our site.

Processing the order
The processing of orders requires data processing activities in order to fulfil the contract.
Data processed. If you have placed an order in the webshop, the processing and the provision of the data are necessary for the performance of the contract.
Duration of data processing: the data will be processed for 5 years according to the statute of limitations in civil law.
Legal basis for processing: performance of the contract. [Processing under Article 6(1)(b) of the Regulation]

Issue of the invoice
The data management process is carried out in order to issue invoices in accordance with the law and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Tax Act, companies must keep accounting documents that directly and indirectly support the accounting.
Data processed: name, billing address, e-mail address.
Duration of data processing: invoices issued must be kept for 8 years from the date of issue of the invoice, pursuant to Article 169(2) of the Act.
Legal basis for processing: pursuant to Article 159(1) of Act CXXVII of 2007 on Value Added Tax, the issue of invoices is mandatory and must be kept for 8 years pursuant to Article 169(2) of Act C of 2000 on Accounting [processing pursuant to Article 6(1)(c) of the Regulation].

Handling consumer protection complaints
The data management process is carried out in order to handle consumer complaints. If you have made a complaint to us, the processing of the data and the provision of the data is essential.
Data processed: customer name, telephone number, email address, complaint content. Duration of processing: complaints are kept for 3 years under the Consumer Protection Act.
Legal basis for processing: whether you contact us with a complaint is a voluntary decision, but if you contact us, we are obliged to keep the complaint for 3 years under Article 17/A(7) of the Consumer Protection Act of 1997 (CLV of 1997) [processing under Article 6(1)(c) of the Regulation].

Data processed in relation to the justifiability of consent
When you order and subscribe to the newsletter, the IT system stores the IT data relating to the consent for the purposes of subsequent verifiability.
Data processed: date of consent and IP address of the data subject.
Duration of data processing: due to legal requirements, the consent must be verifiable at a later stage, therefore the duration of data storage is stored for a period of limitation after the termination of data processing.
Legal basis for processing: Article 7(1) of the Regulation imposes this obligation. [Processing under Article 6(1)(c) of the Regulation]

Newsletter subscription
Data processed for newsletter subscriptions: name and e-mail address.
Duration of processing: data is processed only until the newsletter is unsubscribed.
Legal basis for processing: your voluntary consent given to the Data Controller by contacting us. [Processing pursuant to Article 6(1)(a) of the Regulation]

Newsletter unsubscribe

You can unsubscribe from the newsletter and promotional emails by clicking on the “Unsubscribe” button at the bottom of the newsletter. After that, your data will no longer be processed and you will no longer receive promotional and newsletter emails from us. You can unsubscribe from the newsletter and promotional emails at any time free of charge.

Data processing for marketing purposes
Processing of data related to the sending and display of personalised advertising: the processing of data is carried out in order to send advertising content that is relevant to the interests of the data subject.
Data processed: name, e-mail address.
Duration of processing: until the withdrawal of consent.
Legal basis for processing: your specific and voluntary consent given to the Data Controller at the time of collection [processing pursuant to Article 6(1)(a) of the Regulation]

Remarketing
Data processing as a remarketing activity is carried out by means of cookies.
Processed data: data processed by the cookies as defined in the Cookie Notice.
Duration of processing:
The duration for which a cookie is stored, more information is available here:

Google general cookie notice:
https://www.google.com/policies/technologies/types/

Google Analitycs:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Legal basis for processing: your voluntary consent which you provide to the Data Controller by using the website [processing under Article 6(1)(a) of the Regulation].

Other data processing
If the Data Controller intends to carry out further processing, it shall provide prior information on the material circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing).

Recipients of personal dataThe data processor for the storage of personal data
Sybell Informatika Kft.
Hungary 1158 Budapest, Késmárk u. 7/B 2nd floor room 206.
Email: info@sybell.hu
Website: www.sybell.hu
The Data Processor stores personal data on the basis of a contract with the Data Controller. The Processor is not entitled to access the personal data.

Data transfers to third countries
The only third country to which data is transferred is the United States of America. Adequacy decisions have been made with the USA on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which are also adhered to by Google (https://policies.google.com/privacy/frameworks), Facebook (https://www.facebook.com/about/privacyshield), and Pinterest (https://policy.pinterest.com/hu/privacy-policy).

Accounting-related data management
The data processor is Perfekt TORIM Accounting
Budapest, Úttörők Street 5/b, 1225
info@accurate.hu
https://accurate.hu/
On the basis of a written contract with the Data Controller, the Data Processor shall assist in the accounting of accounting documents. In doing so, the Data Processor shall process the name and address of the data subject to the extent necessary for the accounting records, for the period of time pursuant to Section 169 (2) of the Act, after which it shall delete them without delay.

Invoicing data processor
KBOSS.hu Kft.KBOSS LLC – KBOSS HU, 1031 Budapest, Záhony Street 7.
info@szamlazz.hu, dpo@kboss.hu
https://www.szamlazz.hu/1010.HU, Budapest.
In doing so, the Data Processor shall process the name and address of the data subject to the extent necessary for the accounting records, for the period of time pursuant to Section 169 (2) of the Act, and shall delete them thereafter.

Data processing related to the operation of the CRM system:
The data processor is Sybell Informatika Kft.
1158 Budapest, Késmárk Street 7/B 2nd floor room 206.
Email: info@sybell.hu
Website: www.sybell.hu
The Data Processor contributes to the registration of orders on the basis of a contract with the Data Controller. In doing so, the Data Processor shall process the name, address, telephone number, number and date of orders of the data subject within the limitation period of civil law.

Automated decision-making
We do not engage in automated decision-making in the course of our activities.

Your rights in the processing of your data
During the period of processing, you have the following rights under the Regulation:

Right to withdraw your consent: you have the right to withdraw your consent at any time, in which case the data will be deleted from our systems. If you withdraw your consent, we will delete your personal data from our records.

Right of access: you have the right to receive feedback from the controller as to whether or not your personal data are being processed and, if such processing is ongoing, you have the right to access your personal data and the information listed in the Regulation.

Right to rectification: you have the right to have inaccurate personal data relating to you corrected by the controller without undue delay upon your request.

 The right to data portability: you have the right to receive personal data concerning you that you have provided to a controller in a structured, commonly used, machine-readable format, and the right to transmit these data to another controller without hindrance from the controller to whom you have provided the personal data.

The right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on the aforementioned provisions.

Right to restriction of processing: you have the right to obtain, at your request, restriction of processing by the controller if one of the following conditions is met:

You contest the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;

the processing is unlawful and you oppose the erasure of the data and instead request the restriction of their use;

the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;

you have objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the controller’s legitimate grounds override your legitimate grounds.

Data security measures
The Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage and inaccessibility resulting from changes in the technology used.
The Data Controller will make every effort, within its organisational and technical possibilities, to ensure that its Data Processors also take appropriate data security measures when working with your personal data.

Remedies
If you believe that the Data Controller has violated a legal provision on data processing or has failed to comply with a request, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information in order to stop the alleged unlawful processing (postal address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, telephone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

 Amendments to the Privacy Notice
The Data Controller reserves the right to amend this Privacy Notice in a way that does not affect the purpose and legal basis of the processing. By using the website after the amendment has entered into force, you accept the amended privacy notice.

Processing may only start thereafter, if the legal basis for the processing is consent, to which you must give your consent in addition to the information.