Decorstar Data Privacy Statement

Data controlling manual

Introduction

The COMPANY (service provider) issues the following manual.

According to the European Union and the European Council directive 2016/679 directive (27 April 2016), concerning the protection and free movement of natural persons as well as the repealed directive 95/46/EK, the following is disclosed.

This data handling manual regulates the following sites:

The manual is available on the following link: link

The modifications of the manual will take effect on publication of the site under the link above.

Data controller and contact details:

Name: Decorstar Kft., 01-09-389279

Place of business: 1171 Budapest Újlak street 46. fsz. 2. door

E-mail: [email protected]

Telephone: +36306590397

Responsible for data controlling :

Name: Decorstar Kft., 01-09-389279

Address: Place of business: 1171 Budapest Újlak street 46. fsz. 2. door

E-mail: [email protected]

Telephone: +36306590397

Definitions

  1. “personal data” shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
  1. “processing of personal data” (“processing”) shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
  1. “controller” shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;
  1. “processor” shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  1. “recipient” shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients;
  1. “the data subject’s consent” shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed;
  1. „personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised. disclosure of, or access to, personal datatransmitted, stored or otherwise processed.

Principles regarding data processing

Personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  1. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  1. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  1. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  1. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  1. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).

Data processing

Data processing for web store

  1. Purpose of data controlling:
Personal dataData processing
UsernameIdentfication, enabling registration.
PasswordSecure entry to user profile.
Surname and first nameContact, purchase and making a regular invoice.
E-mailContact.
Telephone numberContact, more efficient data exchange in connection with invoicing and delivery.
Invoice name and addressCreating regular invoices, and creating contracts, defining and modifying their contents, tracking their execution and invoicing expenses incurring.
Delivery name and addressEnabling delivery.
Date and time of purchase/orderExecuting technical procedure.
IP address at purchaseExecuting technical procedure.

Username or email address do not need to contain personal data.

  1. Data subjects: All data subjects shopping in the web store.
  1. Period of data processing: Immediately after registration. According to GDPR Art. 19, the data controller informs the data subject about the erasure of the data, electronically on any of the contacts having been given by the data subject. If the erasure apples to email address, it will also be erased.
  1. Potential persons eligible for accessing data and their addressees: Personal data can be controlled by sales and marketing employees, respecting the above principles.
  1. Information concerning the data subjects’ data protection:
  • Data subject an require the data controller to be given access to their personal data, their correction, deletion or limitation of their control, and
  • can object to controlling such data, as well as
  • has the right to free movement of data, and to repeal their consent at any time.
  1. The data subject can require access, correction, deletion or limitation of their control, their free movement, repeal against data controlling in the following way:
  • by post on the following address: ,
  • via e-mail at ,
  • by phone on
  1. Legal base:
  • GDPR 6 (1) b),
  • In case of regular invoicing Art. 6. (1) c).
  1. Information concerning the data subjects’ data protection:
  • Data subject an require the data controller to be given access to their personal data, their correction, deletion or limitation of their control, and
  • can object to controlling such data, as well as
  • has the right to free movement of data, and to repeal their consent at any time.
  1. We inform you that
  • data control is subject to your consent.
  • you must give us your personal data if you require a newsletter from us.
  • failing to provide data might incur us not being able to send you our newsletters.

Data controllers:

Delivery

  1. Activity executed by data controller: Delivering and transporting goods
  1. Name and contact details of data controller:

Royal Mail Group Ltd, 100 Victoria Embankment, London, EC4Y 0HQ.

Parcelforce Worldwide, Lytham House, 25 Caldecotte Lake Drive, Milton Keynes, MK7 8LE.

You can phone our Customer Service team on 0344 800 4466

  1. Data controlled: Addressee’s name, Delivery address, telephone number, e-mail address.
  1. Data subjects: All data subjects requesting home delivery.
  1. Purpose of data controlling: Delivering goods ordered.
  1. Period of data controlling, deadline of deletion of data: Until delivery has been executed.
  1. Legal basis of data controlling: Art. 6, (1) b).

Online payment

  1. Activity executed by data controller: Online payment
  1. Name and contact details of data controller:

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

  1. Data controlled: Addressee’s name, Delivery address, e-mail address.
  1. Data subjects: All data subjects using online shopping.
  1. Purpose of data controlling: Conducting online payments, acknowledgement of online payment, fraud-monitoring for the interest of user protection.
  1. Period of data controlling, deadline of deletion of data: Until the execution of online payment.
  1. Legal basis of data controlling: Art. 6, (1) c).

Web hosting service provider

  1. Activity executed by data controller: Hosting Service
  1. Name and contact details of data controller:

SiteGround Hosting Ltd. 18 South Street, London W1K 1DG, UK

Registered in England and Wales. Company Registration No: 09348602

  1. Data controlled: All personal data provided by the data subject.
  1. Data subjects: All users using this website.
  1. Purpose of data controlling: Publication and appropriate maintenance of website.
  1. Period of data controlling, deadline of deletion of data: Until the termination of the agreement between the data controller and the web hosting service provider, or until the data controller’s cancellation request towards the web hosting service provider.
  1. Legal basis of data controlling: Art. 6, (1) c) and f).

Controlling cookies

  1. Cookies of web stores, such as password-protected cookies, cookies needed for basket and security cookies, which do not necessitate prior consent from the data subjects.
  1. Data controlled: Individual identification number, data, time stamps
  1. Data subjects: All data subjects visiting the website.
  1. Purpose of data controlling: identification of buyers, register of basket, tracking visitors,
  1. Duration of data handling, deadline for deleting data:
Type of cookieLegal basisTimeData controlled
Session cookies Until  expiration of the visiting session.connect.sid
  1. Potential data controllers eligible for access of cookie data: personal data shall not be controlled from data collected by cookies.
  1. Informing data subjects about their rights of deleting data: Data subjects have the possibility of deleting cookies from their browser menu under the settings of Data control.
  1. Legal basis: Consent from data subjects is not required provided the only purpose of the use of cookies is communication or in case the user has specifically requested so.

Google Adwords conversion tracking

  1. Data controller uses online advertisement programme called „Google AdWords” along with its conversion tracking service, Google’s conversion tracker service is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
  1. When the User accesses a website via Google advertisement, a cookie is created on their computer. The validity of these cookies is limited, they cannot contain personal data, based on which the user cannot be identified.
  1. When the User browses the various pages of the website and the validity of the cookies has not expired, Google and the data controller can track that the user has clicked on then advertisement.
  1. Every Google AdWords client receives different cookies so that they cannot be tracked on the websites of Adwords clients.
  1. The data obtained by the conversion tracker cookies servers the purpose of creating conversion statistics for those opting for AdWords conversion tracking. This way, the clients are informed about the number of users having clicked on their advertisements suppled by conversion tracking. The clients do access information that they can use to identify any user.
  1. If you do not want to participate in the conversion tracking, they can refuse this service by blocking the installation of cookies in their browser. After this, you will not figure in the conversion tracking statistics.
  1. Further information along with Google’s data controlling declaration can be accessed on the following link: google.de/policies/privacy/

Application of Google Analytics

  1. This website uses Google Analytics, which is Google Inc.’s (“Google”) web analytics service. Google Analytics uses so-called cookies, text files, which are saved onto computers, thus assisting the analysis of the use of the visited website “cookies”
  1. The information created by the cookies belonging to the website used by the User are usually saved and stored onto one of Google’s servers in the United States of America (USA) By activating IP anonymity Google shortens the User’s IP address within the member states of the European Union or other countries part of then agreement of then European Economic Area.
  1. Only in exceptional cases are full IP addresses forwarded and shortened on Google’s servers in the USA. Assigned by this website, Google will use this information to create reports to the owner of the website regarding the activity on the website or to assist further services in connection with website or internet use.
  1. Within Google Analytics the User’s browser does not connect the IP address with other Google data. The user can block the storage of cookies by setting their browser appropriately, although we would like to advise you that in that case some functions of this website may be unavailable. The User can also block Google from collecting and processing website use data through cooked if then following browser plugin is downloaded and installed: https://tools.google.com/dlpage/gaoptout?hl=hu

Newsletter, DM activity

  1. The Client can consent to their data required for sending commercial offers being controlled, using the principles of the following guide.
  1. The service provided will not send unsolicited advertisement messages, and the User can unsubscribe from being sent offers without limitation or justification. In this case, the service provider deletes all personal data from its register and will not approach the User with commercial offers. There is a link provided n the message where the User can unsubscribe from advertisements.
  1. Purpose of data controlling:
Personal DataPurpose of data controlling
Name, email addressIdentification, enabling subscription to newsletter.
Date of subscriptionExecuting technical procedure.
IP address at subscriptionExecuting technical procedure.
  1. Data subjects: All data subjects subscribed to the newsletter.
  1. The purpose of data controlling: sending electronic messages containing advertisement (e-mail, text message, push message) to data subjects, giving information about current news, goods, discounts, new functions, etc.
  1. Period of data controlling, deadline of deletion of data: the repeal of the declaration of consent, until unsubscription.
  1. Registration number: in progress…
  1. Potential persons eligible for accessing data and their addressees: Personal data can be controlled by sales and marketing employees, respecting the above principles.
  1. Information concerning the data subjects’ data protection:
  • Data subject an require the data controller to be given access to their personal data, their correction, deletion or limitation of their control, and
  • can object to controlling such data, as well as
  • has the right to free movement of data, and to repeal their consent at any time.
  1. The data subject can require access, correction, deletion or limitation of their control, their free movement, repeal against data controlling in the following way:
  • by post on the following address: ,
  • via e-mail at ,
  • by phone on                                          .
  1. Data subject can unsubscribe from the newsletter at any time.
  1. Legal base: Art. 6 (1) a) and f)
  1. We inform you that
  • data control is subject to your consent.
  • you must give us your personal data if you require a newsletter from us.
  • failing to provide data might incur us not being able to send you our newsletters.

Complains

  1. Reasons and purpose of data collection:
Personal dataThe purpose of data management
Surname and first nameIdentification, contact
E-mailContact.
Telephone numberContact.
Invoicing name and addressIdentification, handling quality complaints, questions and queries concerning the goods ordered.
  1. Data subjects: All data subjects shopping on the web store and making a complaint.
  1. Period of data controlling, deadline of deletion of data: The minutes including the received complaint, its transcript and the response to it shall be kept
  1. Potential persons eligible for accessing data and their addressees: Personal data can be controlled by sales and marketing employees, respecting the above principles.
  1. Information concerning the data subjects’ data protection:
  • Data subject an require the data controller to be given access to their personal data, their correction, deletion or limitation of their control, and
  • can object to controlling such data, as well as
  • has the right to free movement of data, and to repeal their consent at any time.
  1. The data subject can require access, correction, deletion or limitation of their control, their free movement, repeal against data controlling in the following way:
  • by post on the following address: ,
  • via e-mail at ,
  • by phone on
  1. Legal base: Art. 6 (1) c
  1. We inform you that
  • provision of personal data is subject to contact obligations
  • personal data controlling is a prerequisite of executing a contract
  • you must give your personal details so that we can handle your complaint(s)
  • failure to comply may result in us not being able to handle your complaint(s) to the company

Social websites

  1. Collection of data: name and profile picture of those registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram
  1. Data subjects: All data subject who registered and “liked” websites such as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc.
  1. Purpose of data collection: sharing the certain elements of the website, its products, discounts and the website itself, as well as making it more popular by promoting “likes”.
  1. Period of data controlling, deadline of deletion of data; Potential persons eligible for accessing data and their addressees; Information concerning the data subjects’ data protection: The data subject can be informed about the source of data, their controlling and their handover on the social media websites. Data controlling is executed on the social website, so the period of data is subject to the social website’s own regulations.
  1. Legal base: the data subject’s voluntary consent to their data being controlled by the social website.

Client contacts and other issues

  1. Provided there are questions when using any of our data controlling services, in case of problems, the data subject can get in contact with the data controller on the contact details (telephone, email, social media) published on the website.
  1. At least two 2 years after receiving the data, the data controller deletes all emails, messages, telephones, data given on Facebook with the user’s name and email address, along with personal data voluntarily provided.
  1. Information is given on data controlling of data not listed in this manual.
  1. Upon exceptional request from the authorities, or mandated by legislation, upon request from other parties, the provider is obliged to provide information, communicate and hand over the data and make documents available.
  1. In this case, the provider will only disclose personal data, in case the client has specified its exact purpose and type of data, that is essential for the purpose of the inquiry.

Data subjects’ rights

  1. Right of access

The data subject shall are eligible for receiving feedback from the data controller concerning if the data controlling is still in progress, and if such data controlling is in progress, the data subject is eligible for gaining access to the personal data and information listed in the legislation.

  1. Right to rectification

The data subject shall have the right that upon request the data controller will rectify the inexact personal data   with regard to your data without delay. Taking the purpose of data controlling into consideration, you have the right to request amending your personal data, among others, through amending declaration.

  1. Right to erasure

The data subject shall have the right that upon request the data controller will erase the personal data with regard to your data without delay, and the data controller is obliged to erase the data, without unjustified delay in case of particular conditions.

  1. Right to be forgotten

If the data controller has published the personal data, and they are obliged to erase it, taking into account the available technology and costs of its execution, the data controller will take the necessary steps, including technical measures in order to inform the data controllers in possession of the data that you have requested the aforementioned personal data or copy or second copy of these personal data to be erased.

  1. Right to restriction of processing

The data subject shall have the right, upon request, to restrict the processing of data, if one of the following conditions applies:

  • You contest the precision of personal data, in this case the restriction applies to the period of time that allows the data controller to check the precision of data;
  • data processing is illegal, and you object to data being erased, instead, request that they be restricted;
  • the data controller does not need personal data for the purpose of data controlling, however, you request those in order to propose, validate and protect legal requests;
  • you object against data processing, in this case, the restriction applies to the period of time until it has been confirmed that the justification of the data controller have priorities over your legal justifications.
  1. Right to data portability

The data subject shall have the right to receive personal data in an articulated, widely used, computer-readable format, you have further right to forward this data to another data controller without the original data controller being able to impede it.

  1. Right to object

The data subject shall have the right to object to the use of personal data at any time due to your personal situation, including the right to objet to a profile being created based on the aforementioned regulations.

  1. Objection in the interest of seeking direct business

If the personal data processing takes place in order to have direct business, the data subject shall have the right to object to your relevant personal data being used for this purpose, including profiling, provided this is closely related to seeking direct business. If you object to your personal data being used for the purpose of seeking direct business, your personal data cannot be processed for this purpose.

  1. Automatized individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Paragraph 1 shall not apply if the decision:

  • is necessary for entering into, or performance of, a contract between the data subject and a data controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  • is based on the data subject’s explicit consent.

Dealine of taking action

The data controller informs you about the measures taken based on the above requests without delay, within one month after the request has been received.

In case of emergency this period can be extended to 2 months. The data controller will inform you about the extension of the deadline within one month after receipt of the request.

If the data controller does not acts in your request, you will be informed about the reasons for failing to take action within a month after submitting your request, including information in connection with which authorities you can submit your request and file for redress.

Security of data controlling

The data controller and the data processor shall take appropriate technical and organizational measures to take into account the current state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data controlling and the risk of varying probability and severity of individuals’ rights and freedoms to guarantee an adequate level of data security, including, inter alia, where appropriate::

  1. encrypting personal data;
  1. the ensuring, integrity, availability and resistance of systems and services used to conduct secret handling of personal data
  1. in case of physical or technical incident its ability to reset access and availability of personal data in time;
  1. procedure to test, assess and evaluate the technical and organizational measures taken in order to guarantee the security of data controlling.

If the data breach incurs potential high risks concerning individuals’ rights and freedoms, the data collector informs the data subject about data breach without delay.

The type of data breach must be reported to the data subject in a clear and understandable way, as well, they must be provided with the name and contact of the responsible for data controlling; the data subject must be informed about the expected consequences resulting from a data breach, the measures taken by the data controller to rule out data breach, including measures taken in order to mitigate potentially harmful consequences.

The data subject does not need informing if any of the following conditions

  • the data controller has taken appropriate technical and organisational measures, which have been applied to those involved in data breach, particularly those measures, for instance, application of encryption, which render the data unintelligible to those not eligible for accessing them.
  • the data controller has taken further measures following data breach that ensure that high risks to the data subject’s rights and freedom do not occur
  • information would necessitate disproportionate effort. In such cases, the data subjects shall be informed based on published instructions, or similar measures must be taken that ensure informing data subjects alike.

If the data controller has not informed the authorities about the data breach, the responsible authority, after considering whether the data breach incurs with a high risk, can order to have the data subject be informed.

Reporting data breach to the authhorities

The data controller reports data breach to the authorities defined in Art. 55 without unjustified delay and, if possible, within 72 hours of being informed of data breach, except when there is no risk regarding the rights and freedom of individuals. If the report is not made within 72 hours, reasons for delay shall be attached to justify the delay.

Complaints can be made to

Complaints may be sent to Information Commissioner’s Office:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Closure

Throughout the manual the following regulations were considered:

  • European Union and European Council’s 95/46/EC (27 April 2016) Directive on the protection of individuals with regartd to the processing of personal data and on the free movement of such data
  • Europoean Union and Europoean Council’s directive 2016/679 about the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the repeal of directive 95/46/EC.

PAYMENT INFORMATION – What is BARION™?

Barion’s electronic payment service, which allows you to conveniently and safely pay by credit card or prepaid balance in webshops, mobile apps, or friends.

The service provider Barion Payment Zrt. Is an institution under the supervision of the National Bank of Hungary and its approval number: H-EN-I-1064/2013.

Pay it comfortably with a credit card!

You do not have to sign up for a credit card payment, you need to enter your bank card number, expiration date, CVC code on the back, and a working email address.

However, if you sign up, you never have to type your card number at any Barion acceptance point, enough for your payment to have your e-mail address and password. This is not only comfortable, but it also increases your safety!

Barion-es-visa-logo.png

You can use it to pay:

  • Mastercard or Maestro Card
  • Visa or Electron Card
  • Amex Card

Pay it comfortably without a bank card!

If you do not have a bank card, you can use to pay your prepaid Barion balance. You can prepay your balance by transfer by cash or cash, also your acquaintances and businesspeople can send money to you. In this case, you can pay for your e-mail address and password.

Free

Credit card payments are free fot the buyer and can not be charged. Registration and the Barion mobile app, as well as money betting and sending is free and will remain. There is no monthly fee either.

Follow Your shoppings

With Barion apps, you can track your purchases on the web or on the mobile. The free Barion wallet will immediately indicate all your purchases, even you see what you bought. You can also manage your Barion balance here, or send or receive money

DI barion webapp.png
Dl playstore hu.png
Dl appstore hu.png

The Safety is first

Barion’s servers are protected by Comodo’s 2048-bit TLS encryption. Before paying, always check to make sure you are using the bank card details or password required for payment on your Barion secure server. Your browser indicates green when the payment and payer’s address is identified by Barion Payment Inc [HU]

Barion has the PCI DSS certificate required by a bank card company to handle eligible bank card data. The security of the Barion servers was established in accordance with the provisions of the Magyar Nemzeti Bank – National Bank of Hungary.

Greenbars-SSL-enhanced validation certificates.png

One of the most common online payment solutions is PayPal, which is known not only for its popularity worldwide, but also for its security (so PayPal is becoming more and more accepted in Hungarian circles). About 190 countries can use PayPal to buy and send money in 18 currencies. From a buying point of view, PayPal is somewhere in the middle between the buyer and the trader, with a solid foundation of capital and credibility. Just open an account at PayPal, register your personal information (possibly our credit card), then use the unique email address provided on registration to enter the money transactions only. With this simple … purchase, we will give you our PayPal email address, which will lead you to our secure PayPal account page, where we can confirm, approve the transaction and make the rest in the background. PayPal is not an electronic bank, it’s a secure internet financial “broker”.