Data management information

https://tanglystudio.com/ is operated by:
Spitzer Gyöngyi EV.
2011 Budakalász, Csalogány Street 9.
Tax number: 63716638-1-33
Registration number: ET-014306
Contact information: Regularly used email address for contact with users: tanglystudio@gmail.com
Hosting provider: 

How and why we use your personal data:

The legal basis for collecting personal data is the necessary reason for the performance of a contract between distant parties, as well as the legal obligation of the Data Controller arising from the invoicing and proofing obligation in accordance with Article 6(1) of the GDPR. The Companies may use your personal information to process orders, for payment, and to provide a personalized shopping experience. We also use your data to fulfill and deliver your orders, and to manage your account. We may disclose the personal information you provide to credit reference or fraud prevention agencies, which may keep records of this information. We may also share your personal information with other commercial departments within the Companies. Your billing information will be uploaded to the online system of the National Tax and Customs Administration, and we may share it with the current accountant of the sole proprietorship. When required to do so by law, we may disclose your data to any competent regulatory authority. We may also use your personal information to send you marketing newsletters, but only in accordance with your preferences. We do not share your information with third parties for marketing purposes. We collect and may share information about website traffic, sales, and wish lists with third parties, but this information does not contain information that can personally identify you. Finally, we may use your personal information, along with non-personal information, for our internal marketing and demographic studies to monitor customer patterns so that we can continually improve our website to better meet the needs of our visitors.

Purpose, method and legal basis of data processing

General data processing guidelines

The data processing activities of the Data Controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of data processing.

In certain cases, the processing, storage and transmission of a range of provided data is mandatory by law, of which we separately notify our customers.

We draw the attention of those who provide data to the Data Controller that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.

Its data management principles are in line with the applicable data protection laws, in particular the following:

• Act CXII of 2011 – on the right to informational self-determination and freedom of information (Infotv.);
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
• Act V of 2013 – on the Civil Code (Civil Code); 
• Act C of 2000 – on accounting (Accounting Act);
• Act LIII of 2017 – on the prevention and suppression of money laundering and terrorist financing (Pmt.);
• Act CCXXXVII of 2013 – on credit institutions and financial enterprises (Hpt.).

Data subject's rights and remedies

Within the period of data processing, you have the following rights in accordance with the provisions of the Regulation:

• the right to withdraw consent
• access to personal data and information about data processing
• right to rectification
• restriction of data processing,
• right to erasure
• right to protest
• right to portability.

 

If you wish to exercise your rights, this will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification may only be based on data that the Data Controller already processes about you), and your complaint regarding data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and would like to identify yourself for the purpose of complaint management or warranty administration, please provide your order ID for identification. Using this, we can also identify you as a customer.

 

The Data Controller will respond to complaints related to data processing within 30 days at the latest.

 

Right to information

The Data Controller shall take appropriate measures to provide data subjects with all information referred to in Articles 13 and 14 of the GDPR concerning the processing of personal data and with all information pursuant to Articles 15 to 22 and 34 in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

 

The data subject's right of access

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if processing is in progress, you have the right to:

• obtain access to the personal data processed and
• The Data Controller shall inform you of the following information:
• the purposes of data processing;
• the categories of personal data processed about you;
• information about the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Data Controller;
• the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
• your right to request from the Data Controller the rectification, erasure or restriction of processing of personal data concerning you, and to object to the processing of such personal data where processing is based on legitimate interest;
• the right to lodge a complaint with the supervisory authority;
• if the data was not collected from you, all available information about its source;
• the fact of automated decision-making (if such a procedure is applied), including profiling, and at least in these cases, understandable information about the logic involved and the significance and likely consequences of such processing for you.

 

The purpose of exercising the right may be to establish and verify the lawfulness of data processing, therefore, in the event of multiple requests for information, the Data Controller may charge a fair fee in exchange for providing the information.

 

The Data Controller provides access to personal data by sending you the processed personal data and information by email after you have been identified. If you have registered, we provide access so that you can view and check the personal data processed about you by logging into your user account.

 

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

 

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

 

Right to erasure

The data subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay where one of the following reasons applies:

• personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• the data subject withdraws his/her consent which forms the basis for the data processing and there is no other legal basis for the data processing;
• the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
• the personal data has been processed unlawfully;
• the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
• the personal data were collected in connection with the provision of information society services.

 

The erasure of data cannot be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to which the controller is subject to the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes, or for archiving, scientific and historical research purposes or statistical purposes, based on public interest; or for the establishment, exercise or defence of legal claims.

 

Right to restriction of data processing

At the request of the data subject, the Data Controller will restrict data processing if one of the following conditions is met:

• the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for that period
• applies, which allows you to verify the accuracy of your personal data;
• the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
• the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
• the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.

 

If processing is subject to restrictions, personal data may only be processed, with the exception of storage, with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the Union or of a Member State.

 

Right to data portability

If the data processing is carried out by automated means or if the data processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format, if this is technically feasible, you may request that the Data Controller transmit the data in this form to another data controller.

 

Right to object

The data subject shall have the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data concerning him or her for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Automated decision-making in individual cases, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

 

Right of withdrawal

The data subject has the right to withdraw their consent at any time.

Right to go to court

In the event of a violation of their rights, the data subject may take legal action against the data controller. The court will proceed with the case without delay.

Data protection authority procedure

You can file a complaint with the National Data Protection and Freedom of Information Authority: 

• Name: National Data Protection and Freedom of Information Authority
• Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box: 5.
• Phone: 0613911400
• Fax: 0613911410
• E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

 

Other provisions

We will provide information about data processing not listed in this information when the data is collected.

We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies authorized by law may contact the data controller to provide information, communicate or transfer data, or make documents available.

 

The Data Controller will only provide personal data to the authorities - if the authority has specified the exact purpose and scope of the data - to the extent and insofar as this is absolutely necessary to achieve the purpose of the request.