We (Stephan's Numismatic WEBSHOP) use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. More information

Privacy statement

Purpose of the regulation

The purpose of this Policy is to capture the application of the HR Security Ltd. (headquarters: 1033 Budapet, Bogdáni út 23, No. 1, business registration number: 01-09-4624373, tax number: 12065219-2-41), Stephan's Numismatic webshop privacy and data management principles and the privacy and data management policy of the Company (hereinafter referred to as "Service Provider, Data Controller").

The purpose of this Policy is to ensure that all services provided by the Provider in all areas, regardless of nationality or place of residence, to all individuals, are assured that their rights and fundamental freedoms, and in particular their privacy, are respected in the processing of their personal data.

Introduction

Article 20 (1) of Act CXII of 2011 on the Right to Information Freedom of Information and Freedom of Information stipulates that the data subject, in this case the user of the website, hereinafter "the user", must be informed prior to the processing of the data that the data is based on consent or binding.

Before the data is processed, the data subject must be clearly and thoroughly informed of all the facts related to his or her data management, in particular the purpose and legal basis of data management, the data controller and the person entitled to process it, and the duration of the data handling.

It must also be disclosed to the person concerned, pursuant to section 6 (1) of the Infotv, that personal data may also be processed even if the acquisition of the person's contribution would be impossible or disproportionate and that personal data would be restricted:

  • necessary for the fulfillment of a legal obligation for the data controller, or
  • is necessary for the legitimate interests of the data controller or third party and the enforcement of this interest is linked to the protection of personal data

The information should also include the rights and remedies available to the data subject in question.

If the personal information of the data subjects would be impossible or disproportionate (such as a website in this case), information may also be disclosed by disclosing the following information:

  1. the fact of collecting data,
  2. the circle of stakeholders,
  3. the purpose of data collection,
  4. the duration of the data handling,
  5. the person who is able to know the data,
  6. a description of the rights and remedies of data subjects involved in data processing; and
  7. if there is a place for data protection registration of the data management, the registration number of the data management.

Amendments to the prospectus will be published by publication at www.stephansnumizmatika.hu.

Definitions

Stakeholder/User: Any natural person whose personal information is stored and handled by someone.

Personal data: Any information about an identified or identifiable natural person that can be accessed or identified by the person concerned. Personal information, for example: name, address, mother's name, place of birth, time, document identifiers, phone number, email address, username, bank account details.
According to the WP29 Working Group, even dynamic IP addresses can be personal data.

WP29 Working Group: A Data Protection Working Party set up under Article 29 of the Data Protection Directive, working with the European Council and coordinating the activities of the supervisory authorities of the Member States.

Data Manager: A natural or legal person or a non-legal entity that independently or with others determines the purpose of the processing of data shall make and enforce decisions on data handling (including the equipment used) or execute with or through a data processor entrusted to it.

Data handling: Irrespective of the method used, any operation on the data or all the operations, such as collecting, capturing, recording, systematizing, storing, modifying, using, querying, transmitting, publishing, aligning, linking, blocking, deleting and destroying data, preventing further use, taking photographs, sound or images.

Data processor: The person or body that manages personal data on behalf of the data controller.

Data processing: Perform technical tasks related to data management operations, irrespective of the method and device used to perform the operations and the location of the application, provided that the technical task is performed on the data.

Privacy incident: Illegal handling or processing of personal data, including unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

Data protection

Name of the controller

Company name HR Security Kft.
Headquarters and mailing address: 1033. Budapest, Bogdáni út 23. fsz. 1.
E-mail address stephansnumismatic@gmail.com
Mobile +36706391362
Contact person Halbauer Ivett
Contact +36706391362

The scope of the personal data handled

On the basis of Section 20 (1) of Act CXII of 2011 on the right to information self-determination and freedom of information, the following should be specified in connection with the purchase of data:

  • the fact of collecting data,
  • the circle of stakeholders,
  • the purpose of data collection,
  • the duration of the data handling,
  • the person who is able to know the data,
  • describe the rights of data subjects involved in data management.

The fact of data collection – Registration

We disclose your personal information provided through the use of the Stephan's Numismatic Web Store in a confidential way and will not be handed over to third parties. An invoice is made on the ordered product, the storage of which is stored in the manner and in the manner prescribed by the applicable legislation. You can cancel your data from the system at any time in writing, but you can also unsubscribe from the list of subscribers that may be unsubscribed, without your registration being deleted.

The data that is technically recorded during the operation of the system is the data of the user's login computer generated during the use of the service and which is recorded by the data controller as an automatic result of the technical processes. Data that is automatically recorded will be logged automatically when logged in or exiting the user without a separate statement or action. These data can not be linked to other personal user information, except in cases that are legally binding. The data is only accessible to the data controller.

….

The scope of the data being processed and the purpose of data management

Personal data The purpose of data management
Name and surname It is necessary for you to contact, to purchase and to issue a regular invoice.
E-mail address Relations
Phone Keep in touch, make billing or delivery more relevant
Billing name and address The issuance of a regular invoice, the creation of the contract, the definition, modification, fulfillment of its performance, the billing of the charges arising therefrom and enforcement of its claims
Delivery name and address Enable home delivery
Date of purchase Perform a technical operation
The IP address of the purchase Perform a technical operation

The circle of stakeholders

All customers, who buying in the webshop.

Time of data handling, deadline for deleting data

With the concerned cancellation request.

Except in the case of accounting documents, this information must be retained for 8 years under Section 169 (2) of Act C of 2000 on Accounting.

Person to be able to know the data

Personal data may be handled by the data controller, respecting the above principles.

Use Google Analytics

This site uses Google Analytics, a Google web analytics service from Google Inc. Google Analytics uses cookies and text files that are saved to your computer to help you analyze the use of a site visited by the user.

Information generated by cookies associated with a web site used by the User is usually stored and stored on a US server in Google. By activating IP anonymization on a web site, Google has previously abbreviated the IP address of the User within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

In only exceptional cases, sending and shrinking the entire IP address to Google's US server will take place. On behalf of this operator of this site, Google will use this information to evaluate how the User has used the Website and to report to the website operator about reports related to the activity of the website and to perform additional services related to website and Internet usage.

In Google Analytics, you do not associate the IP address that is transmitted by the user's browser with other Google data. The storage of cookies can be prevented by setting the Browser's settings correctly, but please note that in this case, you may not be able to fully use all of this feature on this site. You can also prevent Google from collecting and processing cookie information (including your IP address) on the User's site usage by downloading and installing the browser plug-in available on the link below.

https://tools.google.com/dlpage/gaoptout?hl=hu 

Newsletter, DM activity

Pursuant to Section 6 of the Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising, a User may expressly and expressly consent to the Service Provider's promotional offers and other items at the time of registration.

In addition, the Customer may, in keeping with the provisions of this Prospectus, consent to the Service Provider's handling of personal data necessary for the transmission of promotional offers.

The Service Provider will not send unsolicited advertising messages and, without limitation or justification, you can unsubscribe free of charge for sending bids. In this case:

The Service Provider shall not delete any personal data from the Registry and any other promotional offers that are required to send the advertisement messages. You can unsubscribe from ads by clicking the link in the message.

Pursuant to Section 20 (1) of Act CXII of 2011 on the Right to Information Freedom of Information and Freedom of Information, the following should be specified in the data handling of newsletters:

  1. the fact of collecting data,
  2. the circle of stakeholders,
  3. the purpose of data collection,
  4. the duration of the data handling,
  5. the person who is able to know the data,
  6. describe the rights of data subjects involved in data management.

The fact of data handling, the range of data processed: Name, e-mail address, date, time.

The circle of stakeholders: All subscribers who signed up for this newsletter.

The purpose of data management: Send e-mails containing advertisements to the affected party, provide information about current information, products, promotions, new features, etc.

The duration of the data handling, deadline for deletion: Until the consent statement is withdrawn, that is until the date of the unsubscription.

The person who is able to know the data: Personal data can be handled by the data management staff, respecting these principles.

Describe the rights of data subjects involved in data management: You can opt-out of the newsletter at any time, free of charge.

The legal basis for data processing is the voluntary contribution of the concerned person, Section 5 (1) of Infotv and Section 6 (5) of Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising Activity:

The advertiser, the advertiser or the publisher of the advertisement, in the circle specified in the consent, keeps a record of the personal data of the persons making the declaration contributing to them. The data set out in this record, concerning the recipient of the advertisement, can be handled only in accordance with the consent statement and can be handed over until its revocation, and can only be transferred to a third party with the prior consent of the person concerned.

Community sites

Pursuant to Section 20 (1) of Act CXII of 2011 on the Right to Information Freedom of Information and Freedom of Information, the following should be specified in the context of data management of social networking sites:

  • the fact of collecting data,
  • the circle of stakeholders,
  • the purpose of data collection,
  • the duration of the data handling,
  • the person who is able to know the data,
  • describe the rights of data subjects involved in data management.

The fact of data collection, the range of data processed

Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc on a social networking site or the user's profile profile.

The circle of stakeholders: All those who are registered on Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram etc. social networking sites and liked the site.

The purpose of data collection: It is about sharing, liking, popularizing social content, content, actions, or website itself on a web site.

The duration of the data handling, the deadline for deleting the data, the person who is able to know the data and the data management rights of those concerned: The source of the data, how it is handled, how it is delivered and how it is based, can be found on the given social networking site. Data management takes place on social networking sites, so the duration of the data handling, the ways of deleting and modifying the data are governed by the rules of the respective community site.

Legal basis for data handling: The volunteer's contribution to managing your personal information on social networking sites.

Data transmission

On the basis of Section 20 (1) of Act CXII of 2011 on the right to information self-determination and freedom of information, the following should be specified in the website's data-transfer activity:

  1. the fact of collecting data,
  2. the circle of stakeholders,
  3. the purpose of data collection,
  4. the duration of the data handling,
  5. the person who is able to know the data,
  6. describe the rights of data subjects involved in data management.

The fact of data handling, the range of data processed.

The scope of the data transmitted in order to carry out the transport: Delivery name, delivery address, telephone number.

Stakeholders: All parties requesting home delivery.

The purpose of data management is: Delivery of the ordered product to your home.

Data processing time, date of deletion of data: It takes place until the delivery of the home delivery.

Personal data manager able to access the data: Personal data can be handled by the following, respecting the above principles:

MPL Hungarian Posta Logistics Kft. 1138 Budapest, Dunavirág utca 2-6.
ugyfelszolgalat@posta.hu
Phone 06/80 299 929 green number
In Budapest and its surroundings (06-1) 333-7777
Rural transportation (06-1) 333-7777

Describe the rights of data subjects involved in data handling: The person concerned may apply to the supplier of the home; from the data controller to delete your personal information as soon as possible.

The legal basis of the transfer is the User's consent, Infotv. Section 5 (1) of the Act, and Section 13 / A (3) of the CVIII Act on Certain Issues of Electronic Commerce Services and Information Society Services.

Customer relations and other data management

If the data handler is questioned when using our services, there may be a problem for the person concerned, he or she can contact the data administrator using the methods provided on the website (phone, email, social networking sites, etc.).

Data Manager is the received email, messages, phone, Facebook, etc. the information provided will be deleted with the name and email address of the interested party as well as other voluntarily entered personal data, not later than 10 years after the date of disclosure.

Data management not listed in this information is provided when data is included.

The Service Provider is obliged to provide information, communicate, transfer or provide documentation on the basis of an exceptional authority request or the authorization of the law in case of request of other bodies.

In these cases, the Service Provider is the Provider; provided the precise purpose and scope of the data are indicated; it only publishes personal data to and to the extent necessary to achieve the purpose of the request.

Data security (7.§)

The data controller plans and executes the data management operations to ensure that the privacy of the individuals concerned is protected.

The data controller ensures the security of the data (password, antivirus, Wordfence protection), takes technical and organizational measures and establishes the procedural rules necessary to enforce Info Info and other privacy and data protection rules.

Data are protected by appropriate measures by the data controller, in particular:

  • unauthorized access,
  • the change,
  • the transmission,
  • the publicity,
  • the deletion or destruction,
  • the chance of annihilation and injury,
  • against the unavailability of the technology used.

The data controller shall ensure by means of an appropriate technical solution that the data stored in the records can not be directly linked and assigned to the data subject.

In order to prevent unauthorized access to personal data, to alter the data and to prevent unauthorized disclosure or use of the data, the data controller shall ensure:

  • the development, operation of the appropriate IT and technical environment,
  • the controlled selection, supervision and supervision of staff involved in the provision of services,
  • detailed operating, risk management and service procedures.

Based on the above, the service provider ensures that the data it manages:

  • available to the holder,
  • credibility and authentication are assured,
  • can be justified, be it.

The IT system of the data controller and its hosting provider protects inter alia

  • computer fraud,
  • and other attacks:
  • a hack,
  • a spam,
  • computer viruses,
  • spying.

Rights of affected persons

The person concerned may apply to the Service Provider to provide information on the processing of his / her personal data, to request the rectification of his or her personal data, and to request the deletion or blocking of his / her personal data, except mandatory data handling.

At the request of the data subject concerned, the data controller shall provide information on the data processed by him or by the data processor entrusted by him or by the data processor, the source of the data, the purpose, legal basis, duration of the data processing, the name and address of the data processor and data management related to the data protection incident , its effects and the measures taken to remedy it, and, in the case of transmission of the personal data of the person concerned, the legal basis and the addressee of the transfer.

The data controller - if he has an internal data protection officer - through the internal data protection officer - keeps a register of data protection incidents and keeps records for the data subject, including the scope of the personal data concerned, the scope and number of persons involved in the data protection incident, , its circumstances, its effects and the measures taken to remedy it, as well as any other data specified in the law governing data management.

The data controller shall keep a record of the data transmission of the personal data it manages, the legal basis and the addressee of the data transfer, the data specified in the transmission of personal data and other data specified in the statutory provision for the data management in order to inform the data concerned.

At the request of a User, the Service Provider shall provide information about the data it manages, their source, the purpose, legal basis, duration of the data processing, the name, address and data management of the data processor, and, in the case of transmission of the personal data of the data concerned, the legal basis and the addressee of the data transfer. The Service Provider shall provide the information in writing, in the shortest possible time, but within 25 days of the submission of the request. Information is free of charge.

The Service Provider, if the personal data does not comply with the reality and the personal data corresponding to the reality is available to the data controller, corrects the personal data.

Instead of deleting, the Service Provider locks out personal data if the User so requests or if, based on the information available to him, it is assumed that deletion would violate the legitimate interests of the User. Blocked personal data can only be handled as long as there is a data management target that excludes the deletion of personal data.

Service Provider deletes personal data if its handling is unlawful, the User requests, the data is incomplete or incorrect - and this status can not be legally remedied - provided that the deletion is not excluded by law, the purpose of data management has ceased or the data storage has expired, the court or the National Data Protection and Information Authority has ordered it.

The data controller shall indicate the personal data he or she handles if the person concerned disputes its correctness or accuracy, but the incorrect or imprecise nature of the disputed personal data can not be clearly identified.

Correction, blocking, marking and deletion of the person concerned and all those who have previously been transferred to data management have to be notified. Notification may be omitted if it does not prejudice the legitimate interest of the data concerned for the purpose of data handling.
(If the data controller fails to comply with his or her request for rectification, blocking or deletion, the factual and legal grounds for rejecting the request for rectification, blocking or cancellation shall be communicated in writing within 25 days of receiving the request.In case of refusal of the request for rectification, the data controller informs the person concerned of the judicial remedy and of the possibility of appeal to the Authority.)

Legal remedy

You may object to your personal data being handled if

  1. the handling or transmission of personal data is only necessary to comply with the legal obligation of the Service Provider or to enforce the legitimate interests of the Provider, Data Provider or third party, unless data management is prescribed by law;
  2. the use or transmission of personal data is done for direct business acquisition, opinion polling or scientific research;
  3. in other cases specified by law.

The Service Provider shall examine the protest within the shortest possible time but not later than 15 days from the submission of the request, and shall make a decision on its validity and shall inform the applicant in writing. The Service Provider establishes the validity of the protest of the person concerned, discontinues data processing, including further data collection and data transfer, and locks the data and notifies the protest and the measures taken on the basis of those who have previously communicated the personal data involved in the protest. who are obliged to take action to enforce the right to protest.

If the User Service Provider disagrees with the decision it has made, he or she may appeal to the court within 15 days of the communication. The court proceeds out of order.

You can lodge a complaint against a possible infringement of the data controller with the National Data Protection and Information Authority:

National Privacy and Freedom Authority 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address 1530 Budapest, Postafiók: 5.
Phone +36 -1-391-1400
Fax +36-1-391-1410
E-mail ugyfelszolgalat@naih.hu

Judicial enforcement

The data controller must demonstrate that data management is in compliance with the law. The data collector has to prove the legality of the transfer of data.

The trial is governed by the jurisdiction of the court. The case may be initiated before the tribunal of the domicile or place of residence of the person concerned, according to his choice.

The lawsuit may also be party to lawsuits. The Authority may intervene for the sake of the merits of the matter concerned.

If the court upholds the request, the data controller is required to provide information, correction, blocking, deleting, decoding the automated data processing, taking into account the right of protest of the data subject, and the data requested by the data sender.

If the court rejects the request of the data sender, the data controller shall cancel the personal data of the person concerned within 15 days of the delivery of the judgment. The data controller is also required to delete the data even if the data sender does not appear before the court within the specified deadline.

The court may order the disclosure of its judgment by publishing the identity of the data controller if it is required by data protection interests and by a larger number of protected rights of the data subject.

Damages

If the data controller violates the personality right of the data subject by unlawful handling of the data concerned or breaches of the requirements of data security, the data subject may be subject to a charge for damages.

The controller is liable for the damage caused by the data processor to the data subject and the data controller is obliged to pay to the data subject the personal injury violation caused by the data processor. The Data Controller is exempt from liability for damages and damages if it proves that the damage or damage to the personality of the person concerned is caused by an unavoidable cause outside the scope of the data processing.

No compensation is required and no damages can be claimed in so far as the damage caused by the injured party or the infringement of the right to privacy was caused by the deliberate or gross negligent conduct of the person concerned.

Closing remarks

During the preparation of the prospectus we have been following the following legislation:

  • Act CXII of 2011 on Information Freedom of Information Act and Freedom of Information (hereinafter: Infotv.)
  • Act CVIII of 2001 on certain aspects of electronic commerce services and information society services, in particular the 13 / A.§
  • Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
  • Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity (especially Article 6)
  • Act XC of 2005 on Electronic Freedom of Information
  • Law on Electronic Communications
  • Opinion 16/2011 on the EASA / IAB Recommendation on Best Practice for Behavioral Online Advertising
  • Recommendation of the National Data Protection and Information Authority on the data protection requirements for prior information

Login

Cart items

favourites

My Favourites

Newsletter


Our partners