1. INTRODUCTION

The operator of www.floorstore.hu (hereinafter referred to as the “Website”), Floorstore Kft. as the data controller (hereinafter referred to as the “Data Controller”), publishes this Privacy Statement and Privacy Policy (hereinafter referred to as the “Privacy Statement”), which the Data Controller acknowledges as binding. The Data Controller shall take all measures reasonably necessary to ensure the security of the personal data processed by the controller. Before accessing our Website, please read this Privacy Policy, which explains in clear and simple language how we handle your personal data!

In the Privacy Statement, the Data Controller shall inform the data subjects in a clear and detailed manner of all relevant facts concerning the processing of the data.

The Data Controller processes the data of the persons registered on the Website in the course of its operation in order to provide them with an adequate service. The Service Provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council. 

This Privacy Statement has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right of informational self-determination and on freedom of information.

Name and contact details of the Data Controller:
Name: Floorstore Kft. (tax number: 24083872-2-20; company registration number: 20 09 072941)
Registered office: H - 8900 Zalaegerszeg, Jégmadár u.26.
Website name and address: www.floorstore.hu
Phone: +36 30 300 1309
E-mail address: info@floorstore.hu

2. DEFINITIONS

• Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Data subject: any natural person who can be identified, directly or indirectly, on the basis of specific personal data.

• Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

• Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

• Data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular collection, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprints, palm prints, DNA samples, iris scans).

• Data erasure: making data unrecognizable in such a way that recovery is no longer possible.

• Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;

• Data processing: means performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

• Data file: the totality of the data managed in a register.

• Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

• Recipient: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

• Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

• Information Society service: means any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

• Electronic commercial services: means any information society service provided in the form of business operations where the purpose is to encourage the sale, purchase or exchange of and access by other means to any goods of a fungible nature that are capable of being delivered - including money and securities and natural resources that can be utilised as capital goods - also including services, immovable property and rights.

• GDPR (General Data Protection Regulation): the new Data Protection Regulation of the European Union;

3. USERS SUBJECT TO PROCESSING ACTIVITIES

The user is a person registered on the Website, or a natural person who is not registered but who uses the services of the Website and who can be identified, directly or indirectly, on the basis of specific personal data.

4. PRINCIPLES OF PROCESSING ACTIVITIES

The Data Controller declares that the personal data will be processed in accordance with the provisions of the Privacy Statement and in compliance with current legislation, with special attention to the following:

 
• Personal data shall be processed lawfully and fairly, in a manner that is transparent to data subjects.  
• Personal data may only be collected for certain, clear and lawful purposes.  
• The purpose of the processing of personal data shall be relevant and only to the necessary extent.  
• The personal data shall be accurate and up to date. Inaccurate personal data shall be deleted without delay.  
• Personal data shall be stored in such a way that data subjects may be identified only for the necessary length of time. The storage of personal data for a longer time may only take place for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.  
• Personal data shall be processed in a manner that ensures the appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.  
• The principles of data protection shall apply to any information concerning an identified or identifiable natural person.

5. IMPORTANT INFORMATION ON DATA PROCESSING

• The purpose of data processing is to maintain contact, provide information and additional services.
• The legal basis for processing is the consent of the data subject.
• The scope of data subjects shall be the registered users of the Website (newsletter subscribers, enquirers via form).
• The duration of the data processing and the erasure of data: The duration of the data processing shall be always a function of the specific purpose of use, but the data shall be deleted without delay once the given purpose has been achieved. The data subject may revoke his/her consent to the processing data at any time, by way of a message sent to the e-mail address provided as contact. If there is no legal obstacle to the deletion, the personal data shall be erased.
• The data may be accessed by: the Data Controller and his/her employees.
• The data subject may request from the Data Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
• The data subject may revoke his/her consent to the processing of data at any time; however, this shall not affect the affect the lawfulness of the processing of data based on consent before such revocation.
• The data subject shall have the right to lodge a complaint with a supervisory authority.
• If the data subject wishes to use the advantages offered by way of requesting a quotation, i.e. wishes to use this service of the Website, it is necessary to enter the required personal data. The data subject is not required to supply personal data, and the failure to supply such data may not have any adverse consequences on him. The use of certain functions of the Website, however, is not possible without providing the personal data.
• The data subject shall have the right to obtain from the Data Controller, without undue delay, the rectification or the supplementation of inaccurate personal data concerning him/her.
• The data subject shall have the right to obtain from the controller the erasure of any inaccurate personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, if there is no other legal basis for the processing.
• he rectification or erasure of personal data may be initiated via e-mail, telephone or postal mail, using the contact information provided above.

6. REQUESTING A QUOTATION VIA THE WEBSITE

The Data Controller shall use the data collected through the contact form submitted via the Website solely for the purpose of maintaining contact and providing information and shall not store the data in a database.

7. SENDING NEWSLETTERS

As the Website Operator, we hereby declare that the information and descriptions published by us fully comply with the relevant legal provisions. We also declare that when subscribing to a newsletter, we are not able to verify the authenticity of the contact details or to establish whether the details provided relate to an individual or a company. Any company that contacts us will be treated as a client partner. 

The purpose of the data processing is to send professional brochures, electronic messages containing advertising, information, newsletters, from which you can unsubscribe at any time without any consequences. You can also unsubscribe without any consequences if your company has ceased to exist, you have left the company or someone other than you provided us with your contact details.

The legal basis for data processing is your consent. Please note that the user may give his/her prior and explicit consent to be contacted by the Service Provider with promotional offers, information and other mailings at the e-mail address provided at the time of registration. Consequently, the user may consent to the processing of the personal data necessary for this purpose by the Service Provider.

Please note that if you choose to receive a newsletter from us, you must provide us with the necessary information. If you do not provide this information, we will not be able to send you a newsletter.

Duration of data processing: Data processing will continue until consent is withdrawn. You may withdraw your consent to data processing at any time by sending an e-mail to the contact e-mail address.

Data will be deleted when consent to data processing is withdrawn. You may withdraw your consent to data processing at any time by sending an e-mail to the contact e-mail address.

You can also withdraw your consent by following the link in the newsletters sent to you.

Persons entitled to access the data: the Data Controller and his/her employees.

Method of storage of data: electronic.

The rectification or erasure of personal data may be initiated via e-mail, telephone or postal mail, using the contact information provided above.

Data processor: The Controller is: Floorstore Kft.

Scope of the data processed           Specific purpose of the processing
Name                                                     Identification, contact
E-mail                                                    Identification, contact
Date of subscription                           Technical information operation
IP address                                            Technical information operator

Please note that the e-mail address does not have to contain any personal information. For example, it is not necessary for the e-mail address to include your name. You are completely free to choose whether or not to provide an e-mail address that contains information that could identify you. The e-mail address - which is used for contact purposes - is absolutely necessary for you to receive the newsletter or professional information sent to you.

8. ENTITY AUTHORISED TO DATA PROCESSING

The entity authorised to process personal data is Floorstore Kft. as data processor (tax number: 24083872-2-20, company registration number: 20 09 072941, registered office: 8900 Zalaegerszeg, Jégmadár utca 26.; hereinafter referred to as the “Data Processor”). The personal data to be processed may be known to the relevant legal representative(s), employees/agents/contractors of the Data Processor. The Data Processor shall not disclose personal data to third parties without the express consent of the data subject.

9. DURATION OF DATA PROCESSING

The Data Controller shall process the personal data provided by the user on the basis of the user's consent until the purpose of the data processing is fulfilled or the user's consent is withdrawn.
The Data Controller shall process the personal data provided by the user during registration until the termination of the use of the Website, in particular until the deletion of the registration.
The Data Controller may, unless otherwise regulated by law, also control the data recorded a) to fulfil their relevant legal obligations, or b) to enforce the rightful interest of the Data Controller or third party if the enforcement of these interests is proportionate to the restriction of the protection of personal data without further specific consent, even after the data subject withdrew their consent. /Section 6 (5) of Act CXII of 2011/ The Data Controller shall retain and process the personal data provided by the user for the purpose of fulfilling the accounting obligations pursuant to Section 169 of Act C of 2000 for a period of 8 years or within the limitation period provided for in Act XCII of 2003 on the Rules of Taxation.

10. DATA TRANSMISSION, DATA LINKING

The Data Controller does not sell, rent, or make available in any form user information to other companies or individuals.

The Data Controller shall take reasonable steps to ensure adequate security of the data and shall take technical and organisational measures to ensure the enforcement of the data protection rules and principles and to facilitate the security of personal data.

Please note that the Data Controller will only transfer personal data to a third party or parties with the consent of the data subject.

11. COOKIES

Cookies are placed on the user’s computer by the websites visited and contain information such as the page settings or login status.

Cookies are therefore small files created by the websites visited. They improve the user experience by saving browsing data. Cookies help the website remember your site settings and offer you locally relevant content.

A small file (cookie) is sent by the provider’s website to the computer of the website visitor in order to establish the fact and time of the visit. The provider informs the website visitor of this.

Subjects concerned by data processing: visitors to the Website.

Purpose of the processing: to provide additional services, identification and tracking of visitors.

Legal basis for processing: the user’s consent is not required if the use of cookies is strictly necessary for the provider.

Scope of the data processed: unique identifier, time, preferences.

The user has the possibility to delete cookies from his/her browser at any time in the Settings menu.

Persons entitled to access the data: the Data Controller is not processing personal data by using cookies.

Method of storage of data: electronic.

12. SOCIAL MEDIA SITES

A social networking site is a media tool where the message is spread through social users. Social media uses the Internet and online publishing to transform users from content receivers to content editors.

Social media is the interface of web applications that host user-generated content, such as Facebook, Google+, Twitter, etc.

Social media can take the form of public speeches, presentations, demonstrations, product or service launches.

The forms of information published on social media may include forums, blog posts, images, video and audio, message boards, email messages, etc.

As mentioned above, the scope of the data processed may include, in addition to personal data, the public profile picture of the user.

Subjects concerned by data processing: all registered users.

The purpose of the data collection is to promote the Website or a related website.
The legal basis for the processing: the voluntary consent of the data subject.

Duration of data processing: in accordance with the rules available on the relevant community site.
Deadline for deletion of data: in accordance with the rules available on the relevant community site.
Persons entitled to access the data: in accordance with the rules available on the relevant community site.
Rights relating to the processing of data: in accordance with the rules available on the relevant community site.
Method of storage of data: electronic.

It is important to note that when a user uploads or submits any personal data, he/she grants the operator of the social media site a valid, worldwide permission to store and use such content. Therefore, it is very important to make sure that the user has full permission to disclose the information posted.

13. GOOGLE ANALYTICS

Our Website uses the Google Analytics application.

Our Website uses the Google Analytics application.

On the basis of the internal cookies, Google Analytics prepares a report for its clients concerning the habits of the users of the Website. 

On commission from the operator of the Website, Google uses such information to evaluate how the users are using the Website. As a further service, it also prepares reports for the operator of the website concerning the activities on the Website, in order for the operator to offer additional services.

The data are stored on Google’s servers in an encoded format, in order to make it difficult and ultimately to prevent any abuse of the data.

Google Analytics may be banned as follows. Quotation from the site:

Users who do not want Google Analytics to prepare a report on their visits can install the Google Analytics Opt-out browser add-on. This browser add-on instructs the scripts of Google Analytics JavaScript (ga.js, analytics.js, and dc.js) not to transfer any traffic information to Google. The add-on can be used in most recent browsers. The Google Analytics Opt-out Browser Add-on does not prevent the sending of data for the Website and other internet analysis services.

https://support.google.com/analytics/answer/6004245?hl=hu

Google’s Privacy Policy: https://policies.google.com/privacy?hl=hu

Detailed information on the use and protection of the data can be found at the above URL.

14. MORE DETAILED INFORMATION ON PRIVACY

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

15. RIGHTS RELATED TO DATA PROCESSING

Right to request information

You can request information from us via the points of contact indicated concerning what data are processed by our company, on what legal basis, for what purpose, from what source and for what duration. 

We will send the information requested without delay, but in any case, within 30 days, to the e-mail address you provided.

Right to rectification

Using the points of contact, you can request that any of your data be rectified. We will take the necessary measures without delay, but in any case, within 30 days, and send information to the e-mail address you provided.

Right to erasure

Using the points of contact, you can request that any of your data be erased. We will comply with such without delay, but in any case, within 30 days, and send information to the e-mail address you provided.

Right to restriction

Using the points of contact, you can request that any of your data be restricted. The duration of the restriction of your data shall be until such restriction is necessary based on the reasons you provided. We will comply with such without delay, but in any case, within 30 days, and send information to the e-mail address you provided.

Right to objection

Using the points of contact, you can object against the processing of your data. We will examine your objection without delay, but in any case, within 15 days, determine if it is well-founded, and inform you of the decision via e-mail.

16. ENFORCEMENT OF RIGHTS RELATED TO DATA PROCESSING

If you become aware of any unlawful processing of data, please notify our company in order to make it possible to restore lawfulness as soon as possible. We will do everything in order to ensure that the problem outlined is resolved.

If you become aware of any unlawful processing of data, please notify our company in order to make it possible to restore lawfulness as soon as possible. We will do everything in order to ensure that the problem outlined is resolved. If, in your opinion, the lawful situation cannot be restored, please notify the authority at the following points of contact:
National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
URL https://naih.hu

17. PROVISIONS OF LAW SERVING AS THE FOUNDATION FOR THE DATA PROCESSING

– REGULATION (EU) NO 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation)
– Act CXII of 2011 on Informational Self-Determination and Freedom of Information
– Act LXVI of 1995 on Public Documents, Public Archives and the Protection of Private Archival Materials
– Government Decree 335/2005 (XII. 29.) on the general requirements pertaining to filing systems used by agencies performing public functions.
– Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
– Act C of 2003 on electronic communications.

The date of entry into force of this Privacy Statement is 26.02.2020. The Data Controller reserves the right to make changes at any time.