en
Cart
0
0.00 Ft

Privacy Policy

Introduction

KGVM 500 Consulting and Service Ltd., located at Dózsa György utca 11, 2724 Újlengyel, Tax ID: 32499478213 (hereinafter: Data Controller, Data Processor) commits to protecting your personal data in accordance with applicable data protection laws, notably Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation - GDPR).

This Privacy Policy explains how we handle personal data collected through our website www.etiquette.hu. It is available for review and download here: [https://www.etiquette.hu/adatvedelmi-szabalyzat].

This policy is subject to change, with updates published on our website.

Contact Information of the Data Controller

Name:

KGVM 500 Consulting and Service Ltd.

Address:

Dózsa György utca 11, 2724 Újlengyel

Mailing Address:

Szőlőhegyi út 49, 2093 Budajenő

Contact Person:

Gabriella Kanyok

Email:

info@etiquette.hu

Definitions

Personal Data:

Any information relating to an identified or identifiable natural person ("Data Subject"). An individual is identifiable if they can be identified directly or indirectly, especially by name, ID number, location data, online identifier, or physical, physiological, genetic, mental, economic, cultural, or social identity factors.

Data Processing:

Any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organizing, structuring, storage, transformation, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making available, correlation, restriction, erasure, or destruction.

Data Controller:

An individual or entity that independently or jointly determines the purposes and means of personal data processing, either under the GDPR or applicable national law. If purposes and means are set by law, the law may specify the controller.

Data Processor:

An individual or entity that processes personal data on behalf of the Data Controller.

Data Recipient:

A natural or legal person, authority, agency, or other entity to whom personal data are disclosed, regardless of whether they are third parties. Authorities involved in data access under specific legal permissions are not considered recipients.

Consent:

A voluntary, specific, informed, and unambiguous indication of the Data Subject's wishes, by which they consent to the processing of their personal data.

Data Breach:

A security incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

Principles of Personal Data Processing

Lawfulness, Fairness, Transparency:

Processing must be lawful, fair, and transparent toward the Data Subject.

Purpose Limitation:

Data must be collected for specified, explicit, and legitimate purposes and not processed in ways incompatible with those purposes.

Data Minimization:

Only relevant and adequate data necessary for the purposes must be processed.

Accuracy:

Personal data must be accurate and kept up to date; inaccurate data must be erased or rectified without delay.

Storage Limitation:

Data must be stored in a form that permits identification for no longer than necessary. Longer retention is permissible only for archiving, research, or statistical purposes, with appropriate safeguards.

Integrity and Confidentiality:

Processing must ensure appropriate security through technical and organizational measures, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Accountability:

The Data Controller is responsible for compliance and able to demonstrate it.

Data Processing Activities

Website and E-Commerce Operations:

Purpose:

To enable online shopping, user registration, order processing, communication, marketing, and customer relationship management.

Scope of Data Collected:

Name, email, phone number

Billing and shipping addresses

Login credentials and registration date

IP address during transactions

Storage Period:

Data is stored until the account is deleted or as long as required by law (e.g., accounting documents must be kept for 8 years).

Data Recipients and Data Transfer

Internal:

Sales, customer service, marketing, and order processing teams.

External:

Shipping providers (e.g., GLS), payment gateway providers (e.g., GP Webpay), hosting services (e.g., Webnode), and social media platforms (e.g., Facebook, Instagram).

Legal Obligations:

Data may be shared upon lawful request or obligation, such as official investigations or legal proceedings.

Cookies

Types:

Session cookies ("password-protected session," "shopping cart,"

Types of cookies used

No personal data is directly collected through cookies without consent.

Security cookies to ensure website safety

Functional cookies for shopping cart management

Authentication cookies for sessions ("password-protected sessions")

Purpose of Data Collection: 

To identify users, manage shopping carts, and monitor website traffic.

Data Duration:

Cookies are stored until the end of the browser session or until deletion by the user.

Cookie management can be performed via browser settings.

Legal Basis:

According to Act CVIII/2001 on electronic commerce and information society services, consent is not required for essential cookies used solely for communication or necessary functions.

User Rights

Users can delete cookies any time through their browser settings.


Newsletter, Marketing Communications (Direct Marketing)

Consent:

Users can expressly consent to receive newsletters and promotional emails during registration or via separate opt-in procedures, in accordance with Act XLVIII/2008 on business advertising.

Conclusion or Withdrawal:

Users may withdraw consent anytime, and the service provider will stop sending marketing communications and delete personal data used for this purpose.

Data Collected:

Name and email address

Sign-up date and IP address at registration.

Purpose of Data Processing:

Sending promotional emails, newsletters, product updates, special offers, and event invitations.

Storage Duration:

Until the user withdraws consent or unsubscribes.

Legal Basis:

Consent under GDPR Article 6(1)(a) and Act XLVIII/2008.

User Rights:

Easy unsubscribe link included in every email

Ability to request data erasure or withdrawal anytime.

Complaint Management

Data Processed: Name, contact details, complaint details, correspondence records.

Purpose: To handle and resolve customer complaints about product/service quality.

Storage Duration: Complaint records and correspondence are kept for 5 years, in accordance with the Act 1997/CLV.

Recipients: Customer service, quality assurance teams, or authorized third parties if required by law.

User Rights: Access, correction, or deletion of complaint data upon request.

Rights to object or restrict processing.

Data portability upon request.

Data Handling with Third-Party Services (Processors)

Shipping Provider (GLS)

  • Activities: Delivery and transportation of purchased products.
  • Data Handled: Delivery name, address, phone number, email.
  • Duration: Until delivery completion.

Hosting Service (Webnode)

  • Activities: Hosting and maintaining the website.
  • Data Handled: All data provided by the user during registration or use.
  • Duration: Until agreement termination or user deletion request.

Payment Gateway (GP Webpay)

  • Activities: Secure online payment processing.
  • Data Handled: Billing details, transaction data.
  • Duration: Until payment processed and transaction settled.

Social Media Platforms (Facebook, Instagram)

  • Activities: Sharing content, marketing, community engagement.
  • Data Handled: Public profile name, profile picture, interaction data.
  • Notes: Data processing is controlled by the respective platforms' privacy policies.

Rights of Data Subjects

You have the following rights under GDPR:

  1. Right of Access:

    • Request confirmation whether your personal data is being processed and obtain access to it.

  2. Right of Rectification:

    • Correct inaccurate or incomplete data upon request.

  3. Right to Erasure (Right to be Forgotten):

    • Request deletion of your personal data where applicable.

  4. Right to Restrict Processing:

    • Request restriction of processing if data accuracy is contested or processing is unlawful.

  5. Right to Data Portability:

    • Receive the data you provided in a structured, commonly used format and transfer it to another controller.

  6. Right to Object:

    • Object to processing based on legitimate interests, direct marketing, or profiling.

  7. Right to Withdraw Consent:

    • Withdraw consent at any time without affecting lawfulness of prior processing.

How to Exercise Your Rights:

Send a request via email to: info@etiquette.hu

Postal address: Szőlőhegyi út 49, 2093 Budajenő

Data Security

We have implemented appropriate technical and organizational measures to ensure the security of your data, including:

  • Data encryption and pseudonymization
  • Secure storage and access controls
  • Regular security assessments and audits
  • Ability to restore data in case of incident

Data Breach Notification

In the event of a personal data breach that is likely to pose a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay, and no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to data subjects.

When notification is made, it will include details about the nature of the breach, likely consequences, and measures taken or proposed to address the breach.

If the breach is likely to pose a high risk to individuals' rights and freedoms, we will also inform the affected data subjects directly, using clear and accessible language, unless certain exceptions apply (e.g., if technical measures were implemented to mitigate the breach).

Data Retention and Deletion

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this policy unless a longer retention period is required by law.

Data will be securely deleted or anonymized once the purpose is achieved, or at the request of the data subject.

For example, billing data must be kept for 8 years in accordance with accounting regulations; complaint records are stored for 5 years.

Your Rights Summary

You, as a data subject, have the following rights under GDPR:

Access:

To know what personal data we hold about you.

Rectification:

To correct inaccurate or incomplete data.

Erasure:

To request your data be deleted, where applicable.

Restriction:

To limit processing under certain conditions.

Portability:

To receive data in a machine-readable format and transfer it elsewhere.

Object:

To object to processing based on legitimate interests or direct marketing.

Withdraw Consent:

To revoke consent at any time, without affecting prior processing legality.

To exercise these rights, contact us via:

  • Email: info@etiquette.hu
  • Postal address: Szőlőhegyi út 49, 2093 Budajenő

Please note that certain rights may be limited by legal obligations or legitimate interests, and requests will be processed within one month.

Data Management and Processing Principles Recap

This Privacy Policy is designed to ensure transparency, lawful processing, and safeguarding of personal data in accordance with GDPR and relevant laws. It emphasizes minimizing data collection, limiting access, implementing technical safeguards, and respecting individual rights.

Changes to Privacy Policy

We reserve the right to modify this privacy policy at any time in compliance with applicable legal requirements. Changes will be posted on this page and reflect the most current practices. Continued use of our website indicates acceptance of updated policies.

Contact Information

For questions or to exercise your rights under GDPR, please contact us at:

  • Email: info@etiquette.hu
  • Mail: Szőlőhegyi út 49, 2093 Budajenő