Privacy Policy of the Stageshop Trade and Service LLC website
Stageshop Trade and Service Limited Liability Company (hereinafter referred to as: “Data Controller” or “Stageshop LLC”) as the operator of the website available on the domain name “www.stageshop.hu” (hereinafter referred to as: “Website”) hereby publishes the regulations, data protection and data processing principles and information related to the data processing of individuals using the Website and related services (hereinafter together referred to as: “Data Subject”).
In connection with the data processing, Data Controller informs the Data Subjects about the personal data processed by itself, its principles and practice related to the processing of personal data, and also about the methods and possibilities of exercising the rights of data subjects.
Data Subject accepts the regulations included in this Privacy Policy by the use of the Website, and also consents to the data processing set out below.
1. Definitions
- “data controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- “personal data”: means any information relating to an identified or identifiable natural person (“Data Subject” in this document: regular customer); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “data processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “restriction of processing”: means the marking of stored personal data with the aim of limiting their processing in the future;
- “profiling”: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- “data processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- “consent of the Data Subject”: means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;
- “data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2. Data of the Data Controller
Stageshop Trade and Service Limited Liability Company
Seat: H-1011 Budapest, Corvin square 6.
Registration number: 01-09-885003
Tax number: 14018237-2-41
Represented by: Ernő Galambos chief-executive officer
E-mail address: [email protected]
3. Legal basis, purpose and period of data processing
Data Subjects may give information or data on the Website in two ways:
- Personal data expressly given or provided during the use of the Website’s services.
- Information provided to the Data Controller with respect to the use of the Website in connection with visiting the Website or its use (see section 3.2).
In all cases, the legal basis of data processing is the voluntary consent of the Data Subject on the basis of Article 6(1) a) of Regulation 2016/679 of the European Parliament and of the Council (EU) (“Regulation”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The Data Subject may withdraw his/her consent partly or completely by way of a written statement addressed to the Data Controller. He/she may also request the deletion of his/her own data in the same way.
3.1. Processed personal data
Data processing | Processed personal data | Period of data processing | Purpose | Legal basis |
Contact via e-mail | Name E-mail address Telephone number Content of the message Date of contact | The personal data provided during the contact is processed by the Data Controller until the Data Subject requests the deletion of his/her data. | Identification and contacting in order to be able to send a response message to the Data Subject. | Voluntary consent of the Data Subject. |
Purchase in the web store | Name E-mail address Telephone number Country Postcode Town Street | The personal data provided during the purchase will be processed by the Data Controller until the Data Subject requests the deletion of his/her data. | Identification of the customer Data Subject and contacting in order to be able to deliver the purchased product. | Voluntary consent of the Data Subject. |
Data collected while using the Website | Technical details such as: IP address Date and time of visit Type of browser Address of the website the Data Subject previously viewed and visited which are automatically logged when logging in or out | 5 years from the date of logging. | Website and service development. These data are not suitable for the identification of the Data Subject. | Voluntary consent of the Data Subject. |
Data Controller does not and may not use the given personal data for purposes other than those listed above. The issuance of personal data for any third parties or authorities – unless it is regulated otherwise by law – is possible with the Data Subject’s prior expressed consent.
In cases when the Data Controller intends to use the data provided for a purpose other than for which it was originally collected, Data Controller informs the Data Subject accordingly, and obtains his/her prior expressed consent. Data Controller also provides the possibility to the Data Subject to prohibit such use.
Data Controller processes personal data during the purpose of data processing, primarily during the period of relationship with the Data Subject (at the end of which the personal data provided by or relating to the Data Subject will be deleted), or until the Data Subject’s request for deletion, or until the withdrawal of his/her consent.
3.2. Data collected in relation to the use of the Website
3.2.1. Handling of cookies
The Service Provider stores a bit of information called “cookie” for the tailor-made service on the computer of the Data Subject and reads back during a later visit. If the browser sends back a cookie saved earlier, then the service provider handling the cookie has the possibility to link the current visit of the Data Subject user with his/her former ones, but exclusively in relation to its own content. Cookies typical of web-stores are the so called “Password protected workflow use” cookies and security cookies.
- Temporary (session) cookie: such cookies are deleted immediately after the Data Subject’s visit. They serve the effective and secure functioning of the Website and are unavoidable in order to operate certain Website functions or appropriate operations of certain applications.
- Persistent cookies: persistent cookies are used by the Data Controller to improve the user experience (e.g. offering optimized navigation). These cookies are stored for a longer period in the browser’s cookie file. The length depends on the browser’s settings.
Processed data: IP address, date and time of the visit.
Data subjects: All Data Subjects visiting the Website.
Purpose of data processing: distinction of Data Subjects from each other, identification of the users’ current sessions, storage of data given during such sessions, and prevention of data loss.
Period of data processing: Period of data processing lasts until the end of the visit of websites in case of session cookies, in other cases until deletion.
3.2.2. Deletion of cookies
Data Subject has the right to delete the cookie from his/her own computer, or he/she may block the application of cookies from his/her browser. In general, the handling of cookies is possible in the Tools/Settings menu under Data Protection/ History/Personal Settings by naming cookie or tracking.
The Website may contain external links (not operated by the Data Controller or the data processor). Pages accessible through these links may place their own cookies or other files on the computer, may gather data or request personal information. Data Controller is not responsible for these actions.
No personal data will be collected, processed, used or identified with the Data Subject.
The ads of Stageshop LLC can be displayed on the websites of external service providers (Google, Facebook). These external service providers (Google, Facebook) use cookies to store that the Data Subject has previously visited the Data Controller's Website and, based on this, display personalized advertisements to the Data Subject (i.e. they carry out remarketing activities).
3.2.3. Cookies placed by Facebook
You can find out more about the cookies placed on Facebook at https://hu-hu.facebook.com/policies/cookies/ where you can also find information about disabling cookies.
3.2.4. Cookies placed by Google Analytics
Google Analytics is an analyst service provided by Google Inc. (“Google”). Google Analytics uses cookies stored on the Data Subject’s computer to analyze user interactions on the Website. The legal basis of data processing for web analytical purposes is the voluntary consent of the user of the Website. Cookies for analytical purposes are anonymized and aggregated that make it difficult to identify a computer, but cannot be ruled out.
Analytical information collected by Google Analytics cookies (cookies) is transmitted to and stored on Google’s servers. Google processes this information on behalf of Stageshop LLC in order to evaluate the users' habits of visiting the Website, to compile reports about the frequency of using the Website, and to provide additional services related to the use of Stageshop LLC. Through Google Analytics, Google does not associate the IP address transmitted through the browser with other data.
Google Analytics uses cookies for analytical purposes. More information about the cookies used by Google Analytics can be found at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs
3.2.5. Google Adwords
The Website uses Google Adwords remarketing tracking codes. This is based on the ability to reach visitors later with remarketing ads on websites in the Google Display network. The remarketing code uses cookies to tag visitors. Users of the Website may disable these cookies by visiting the Google Ads Settings and following the instructions there. After that personalized offers from the Service Provider will not appear for them.
More information about the cookies (cookies) used by Google can be found at the following link: https://policies.google.com/technologies/ads?hl=hu
Google’s Privacy Policy can be found on the following link:
https://policies.google.com/privacy?hl=hu
4. Data processing
Integral Vision Kft.
Seat: 1042 Budapest, Árpád út 51-53. B épület
Registration number: 01-09-924079
Tax number: 14875667-2-41
Web: https://integralvision.hu/hu
Telephone number: (+36) 1 261 9780
Activity: storage provider
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft
Seat: 2351 Alsónémedi, GLS Európa utca 2.
Registration number: 13-09-111755
Tax number: 12369410-2-44
Web: https://gls-group.eu/HU/hu
Telephone number: (+36 29) 88 66 60
Activity: Shipping
4N-TEAM Számviteli, Ügyviteli, Számítástechnikai és Szolgáltató Kft.
Seat: 1028 Budapest, Leshegy utca 7. A.
Registration number: 01-09-871625
Tax number: 13756811-2-41
Web:
Telephone number:
Activity: Accounting
Data Controller reserves the right to include sub-processors in the data processing about which Data Controller notifies all involved through the modification of this Privacy Policy.
5. Transfer of data
In the absence of an express legal provision, the Data Controller shall only transfer data suitable for the identification of the Data Subject to third parties with the express consent of the Data Subject.
6. Rights of the Data Subject
6.1. Information and access to personal data
Data Subject has the right to be informed about the personal data stored by Stageshop LLC and receive information about their handling, to request them at any time, to check what data the Data Controller keeps records of, and to access them.
Data Subject must send his/her request for access to personal data to the Data Controller in writing, and the Data Controller provides the information in writing (by electronic means or by post), no information is provided orally in this context.
Where the right for access is exercised, the provided information shall cover the following:
• defining the scope of processed data, depending on the purpose of data processing and the service provided,
• the purpose, period and legal basis of data processing with regard to the scope of the processed data,
• transfer: the recipients to whom the personal data have been or will be disclosed,
• indication of data source.
For the first request, the Data Controller shall provide a paper or electronic copy of the personal data to the Data Subject free of charge. For any further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject requests the issuance of a copy by electronic means, the Data Controller shall provide the information to the Data Subject by e-mail in a commonly used electronic form.
After being informed, the Data Subject may, if he/she does not agree with the data processing or the accuracy of the processed data, request the rectification, supplementation, erasure, restriction of processing, object to processing of such personal data based on the procedure set out in point 6, or initiate the procedure set out in point 7.
6.2. Right to rectification
At the request of the Data Subject, Stageshop LLC shall rectify the inaccurate personal data indicated by the Data Subject in writing, and supplement the incomplete data with the content indicated by the Data Subject without undue delay.
Data controller shall communicate any rectification or supplementation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Data Controller shall inform the Data Subject about those recipients if the Data Subject requests it in writing.
6.3. Right to restriction of processing
If requested in writing, the Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
• the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
• the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
• the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.
A Data Subject who has obtained restriction of processing shall be informed by the Data Controller before the restriction of processing is lifted.
6.4. Right to erasure
If requested, the Data Subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. the Data Subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
3. the Data Subject objects to the data processing for reasons related to his/her own situation and there is no legitimate reason for the processing;
4. the Data Subject objects to the data processing concerning him or her for the purpose of direct marketing, which includes profiling to the extent that it is related to such direct marketing;
5. the personal data have been unlawfully processed;
6. where personal data have been collected in connection with the provision of information society services offered directly to children.
The above-mentioned does not apply to the extent that processing is necessary:
1. for exercising the right of freedom of expression and information;
2. for reasons of public interest in the area of public health;
3. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
4. for the establishment, exercise or defence of legal claims.
6.5. Right to data portability
Data portability enables the Data Subject to receive and further use the personal data concerning him or her, which he or she has provided to a controller, for his/her own purposes and through various service providers. In all cases, the right is limited to the data provided by the Data Subject, there is no possibility for the portability of other data (e.g. statistics, transaction data, etc.).
Data Subject has the right to:
• receive personal data concerning him or her in a structured, commonly used and machine-readable format;
• transmit those data to another controller;
• have the personal data transmitted directly from one controller to another, where technically feasible.
Data Controller only fulfils requests received via e-mail or post. For the fulfilment of the request it is required that the Data Controller identifies the Data Subject as the requestor. This requires that the Data Subject provides data that allows identification such as name, e-mail address, home address, phone number (depending on the service provided).
Data Subject may only request the portability of data which he or she has provided to the Data Controller directly during the use of certain services specified in Section 3.
The exercise of this right does not automatically lead to the deletion of the data from the systems of the Data Controller, therefore the Data Subject may use the services of the Data Controller even after exercising this right. Data will only be deleted if the Data Subject expressly requests it.
6.6. Right to object
Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing
Where the Data Subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Data Subject can exercise his/her right to object in writing (via e-mail or post).
6.7. Deadline for fulfilling the request
Data Controller shall inform the Data Subject of the measures taken without undue delay, but in any case within one month of receipt of any request under points 6.1.-6.6.
If necessary, taking into account the complexity and the number of requests, this deadline may be extended by another two months, but in this case the Data Controller shall inform the Data Subject within one month from the receipt of the request indicating the reasons for the delay. If the Data Subject has submitted the request electronically, the Data Provider shall provide the information electronically, unless otherwise requested by the Data Subject.
7. Enforcement options
Data Subject can exercise his/her rights as a Data Subject by e-mail or post. It is not possible to exercise any rights over the phone.
Data Subject can exercise his/her rights at the contact details below:
Name: STAGESHOP Kereskedelmi és Szolgáltató Kft.
Mailing address: H-1011 Budapest, Corvin square 6.
E-mail address: [email protected]
Data Subject cannot exercise his/her rights if the Data Controller is not in a position to identify the Data Subject. If the Data Subject's request is clearly unfounded or excessive (especially in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to take action. The burden of proof lies with the Data Controller. If the Data Controller has doubts about the identity of the natural person submitting the request, he/she may request additional information to confirm the identity of the requester.
If the Data Subject does not agree with the decision of the Data Controller on the basis of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (“Privacy Act”), the Regulation or the Hungarian Civil Code (Act V of 2013):
- contact the Hungarian National Authority for Data Protection and Freedom of Information (H-1055 Budapest, Falk Miksa street 9-11.; www.naih.hu) or
- take legal actions in court.
8. Data breach
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Controller shall document any personal data breaches in order to control measures related to the data breach, and to inform the supervisory authority and the Data Subject. Documentation contains the personal data involved in the data breach, the number of Data Subjects involved, the date, circumstances and effects of the data breach, and the measures taken to prevent it.
If the Data Controller considers that the incident poses high risk to the rights and freedoms of the data subjects, the Data Controller shall without undue delay but not later than 72 hours after having become aware of it, notify the Data Subject and the supervisory authority competent about the personal data breach.
9. Links from the website
Stageshop LLC is not responsible for the content, data and data protection practices of external websites available from the Website. If the Data Controller becomes aware that the site or linking to it infringes the rights of third parties or applicable laws, it will immediately remove the link from the Website.
10. Security of personal data
Data Controller undertakes to ensure the security of personal data, to take the technical and organizational measures and to establish procedural rules that ensure that the recorded, stored and processed data are protected, and to prevent their destruction and unauthorized use or alteration. Data Controller also undertakes to draw attention of all third parties to whom the data are transmitted or transferred with the consent of the Data Subject to comply with data security requirements.
Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. Processed data may only be disclosed to the Data Controller, its employees and sub-processors, and they cannot be transferred to third parties who are not entitled to disclosure.
Data Controller does everything in its power to ensure that personal data is not accidentally damaged or destroyed. Data Controller also imposes this commitment on its employees participating in the data processing.
Data Subject acknowledges and agrees that in case of providing his/her personal data on the Website – despite the fact that Stageshop LLC has state of the art security measures to prevent unauthorized access or retrieval of the data – the protection of personal data on the internet cannot be fully guaranteed.
In the event of unauthorized access or data disclosure despite our efforts, Stageshop LLC shall not be liable for such data acquisition or unauthorized access or for any damage caused to the Data Subject due to these reasons. In addition, Data Subject may disclose his/her personal data to third parties who may use it for illegal or other purposes.
Under no circumstances does the Data Controller collect sensitive data, i.e. data relating to racial or ethnic origin, belonging to a national minority, political opinion or party affiliation, religious or other beliefs, trade union membership, health status, pathological passion, sex life, and criminal record.
From the point of view of data security, it is important that when using internet in a public place on widely used computers, the Data Subject logs out of the Website after use. If Data Subject visits our site from his/her own computer, he/she will remain logged in for a period of time, depending on the application. However, even in this case, Data Subjects must be careful that strangers do not have access to their computer or perform transactions (contact, purchase, etc.) on their behalf.
11. Miscellaneous
Data Controller reserves the right to unilaterally amend this Privacy Policy with prior notice via the www.stageshop.hu website to the Data Subjects. After the amendment enters into force, the Data Subject, except in the case of an objection, accepts the contents of the amended Privacy Policy by implied acceptance, using the Website or the services.
This Privacy Policy is effective as of May 24, 2018.