Privacy Policy
Date of acceptance: 09/03/2021
Data Controller
Name: Perfect Nails Kft.
Headquarters: 1119 Budapest, Fehérvári út 89-95.
Postal address, complaint management: 1119 Budapest, Fehérvári út 89-95.
Email address: perfectnails@perfectnails.hu
Phone number: +361 273 1772
Website: http://perfectnailscompany.com
Hosting provider:
Name: UNAS Online Kft.
Postal address: 9400 Sopron, Kőszegi út 14.
Email address: unas@unas.hu
Phone number:
Description of data processing performed during the operation of the webshop
Information on the use of cookies
What is a cookie?
The Data Controller uses so-called cookies when you visit the website. A cookie is an information package consisting of letters and numbers that is sent from our website to your browser for saving certain preferences, improving your user experience and helping to collect some relevant statistical information about our visitors.
Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier, a secret, randomly generated series of numbers that is stored by your device, ensuring your identification. Each cookie has a duration. The duration is included in the given cookie’s description.
Legal background and legal basis of cookies:
The legal basis for data processing under Section 6 (1) a) of the Decree is your consent.
The main features of the cookies used by the website are as follows:
Google AdWords cookie – When someone visits our website, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to customize ads in Google products such as Google Search. It uses these cookies, for example, to remember your most recent searches, past interactions with individual advertisers’ ads or search results, and visits to advertisers' websites. The conversion tracking function of AdWords uses cookies. It saves cookies on the user's computer to track sales and other conversions resulting from an ad when this person clicks on an ad. Here are some common ways to use cookies: selecting ads based on what is relevant to a particular user, improving campaign performance reports, and avoiding ads that a user has already viewed.
Google Analytics cookies: Google Analytics is Google’s analytics tool that helps website and application owners to get a more accurate picture of their visitors’ activities. This service may use cookies to collect information and create a report using the statistical data on website usage without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to the reports based on site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to show more relevant ads in Google products (such as Google Search) and across the web.
Remarketing cookies: These cookies may appear for past visitors or users when they browse other websites on the Google Display Network or search for terms related to our products or services.
Strictly necessary cookies: These cookies are essential to navigate around the website and use its features. Without these, several features of the website shall not be available to you. The duration of these cookies is limited to the duration of the given session.
Cookies improving user experience: Such cookies collect information about the user's use of the website, such as which pages they visit most often or what error message they receive from the website. These cookies do not collect personally identifiable information, i.e. they use completely general, anonymized information. The data obtained from these cookies is used to improve the performance of the website. The duration of these cookies is limited to the duration of the given session.
Session cookies: These cookies store the visitor's location, the browser language, the payment currency, and they expire when you close the browser (or in 2 hours maximum).
Referrer cookies: They record the external page the visitor accesses the website from. They expire when the browser is closed.
Recently viewed product cookies: These cookies capture the products that the visitor recently viewed. Their lifespan is 60 days.
Mobile version, design cookies: They detect the device used by the visitor and switch to full view on mobile devices. They expire in 365 days.
Cookie consent cookies: When opening the website, in the warning window you accept the statement on the storage of cookies. They expire in 365 days.
Cart cookies: They record the products placed in the cart. They expire in 365 days.
Smart offer cookies: They record the conditions for displaying smart offers (e.g. whether any visitors have visited the website, whether they have made any purchases). They expire in 30 days.
employee_login_last_email: They store the email address used at login until the browser is closed.
come_from: They redirect logins. They expire in 10 minutes.
Facebook pixel (Facebook cookies) – A Facebook pixel is a code that is used to report conversions on a website, compile target audiences, and provide the site owner with detailed analytics about the visitors’ use of the website. With the help of Facebook pixels, customized offers and advertisements can be displayed to website visitors on Facebook. For Facebook's Privacy Policy, visit: https://www.facebook.com/privacy/explanation.
If you do not accept the use of cookies, certain features shall not be available to you. You can find more information on deleting cookies here:
• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
Data processed for the purpose of concluding and fulfilling the contract
There are several possible data processing scenarios related to the conclusion and performance of a contract. We would like to inform you that data processing related to complaints and warranty claims will only take place if you exercise any of these rights.
If you do not make a purchase through the webshop and you only visit the webshop, you will be subject to marketing-related data processing if you agree to your data being processed for marketing purposes.
Data processed for the purpose of concluding and fulfilling the contract in more detail:
Contact
For example, when you contact us by email, through the contact form, or call us over the phone with a question about a product. It is not mandatory to contact us in advance; you may order items from the webshop at any time.
Processed data
The information you provided when you contacted us.
Duration of data processing
Your data will only be retained until the end of such communication.
Legal basis for processing data
Your voluntary consent, which you provide to the Data Controller by contacting us [data processing pursuant to Section 6 (1) a) of the Decree].
Registration on the website
By storing the data you provided during registration, the Data Controller can make sure that you have a more convenient experience (e.g. you do not have to enter your data again when you make another purchase). You do not need to register in order to make a purchase.
Processed data
The Data Controller processes your name, address, telephone number, e-mail address, the specifications of the purchased product and the date of purchase.
Duration of data processing
Until you withdraw your consent.
Legal basis for processing data
Your voluntary consent, which you provide to the Data Controller when you register [data processing pursuant to Section 6 (1) a) of the Decree].
Processing the order
Necessary actions when we process your data in order to fulfill our contractual obligations.
Processed data
The Data Controller processes your name, address, telephone number, e-mail address, the specifications of the purchased product, the order number and the date of purchase.
If you have placed an order in the webshop, data processing and data provision is essential for the fulfillment of the contract.
Duration of data processing
We retain your data for 5 years in line with the limitation period under the Civil Code.
Legal basis for processing data
Performance of the contract [data processing pursuant to Section 6 (1) b) of the Decree].
Issuing an invoice
Your data is processed so that we can issue an invoice that fulfills the relevant regulations and comply with the obligation to retain accounting documents. In accordance with Section 169 (1)-(2) of the Act on Accounting, companies must retain accounting documents directly and indirectly supporting the accounting records.
Processed data
Name, address, email address, phone number.
Duration of data processing
Pursuant to Section 169 (2) of the Act on Accounting the invoices that have been issued must be retained for 8 years from the date of issue.
Legal basis for processing data
In accordance with Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, it is mandatory to issue an invoice and that should be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [data processing under Section 6 (1) c) of the Decree].
Data processing related to delivery
Data is processed for the purpose of delivering the ordered product.
Processed data
Name, address, email address, phone number
Duration of data processing
The Data Controller manages the data until the delivery of the ordered goods.
Legal basis for processing data
Performance of the contract [data processing pursuant to Section 6 (1) b) of the Decree].
Recipients and data processors of data processing related to delivery
Recipient's name: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Recipient's registered office: 2351 Alsónémedi, GLS Európa u. 2., Hungary
Recipient's phone number: +36-29-88-67-00
Recipient's email address: info@gls-hungary.com
Recipient’s website: https://gls-group.eu/HU/hu/hom
The shipping service provider participates in the delivery of the ordered goods in accordance with the contract concluded with the Data Controller. The shipping service provider handles the personal data they receive in accordance with the data processing information available on their website.
Handling warranty and guarantee claims
Any warranty and guarantee claims shall be managed in accordance with Decree No. 19/2014. (IV. 29.) of the Minister of National Economy, which also determines how claims should be handled.
Processed data
Warranty and guarantee claims are subject to Decree No. 19/2014. (IV. 29.) of the Minister of National Economy.
Based on the Decree, it is mandatory for us to create a report on your warranty or guarantee claim submitted to us, in which we record the following:
a) your name, address and a statement in which you agree that your data on file is processed in accordance with the decree,
b) name and purchase price of the tangible asset sold under the contract concluded between you and us,
c) date when the contract is concluded,
d) date when the fault is reported,
e) description of the fault,
f) right you wish to exercise under your warranty or guarantee claim, and
(g) the way in which the warranty or guarantee claim is to be settled or the reason for the rejection of the claim or the related right.
If we receive the purchased product from you, we need to issue a document acknowledging the receipt, which shall include:
a) your name and address,
b) data required for identifying the item,
c) date when the item is received, and
d) date when you may collect the repaired item.
Duration of data processing
The business shall keep a record of the consumer's warranty or guarantee claim for three years from the date of filing the claim and shall present it to the inspection authority, if requested.
The legal basis for data processing is Decree No. 19/2014. (IV. 29.) of the Minister of National Economy [Section 4 (1) and Section 6 (1) [data processing under Section 6 (1) c) of the Decree].
Handling other consumer complaints
Data is processed for the purpose of managing consumer complaints. If you have submitted a complaint to us, you need to provide data and we need to process data.
Processed data
Customer's name, phone number, email address, description of the complaint.
Duration of data processing
Documents related to warranty claims are retained for 5 years pursuant to the Consumer Protection Act.
Legal basis for processing data
You shall decide whether or not you intend to submit your claim to us. If you do so, we will retain any documents related to your claim for 5 years pursuant to Section 17/A (7) of Act CLV of 1997 on Consumer Protection [data processing under Section 6 (1) c) of the Decree].
Data processed in relation to the verifiability of your consent
During registration, ordering and singing up to newsletters, our IT system will store the IT data related to your consent for later verification.
Processed data
Date of consent and IP address of the person concerned.
Duration of data processing
Due to legal requirements, we shall be able to verify your consent at a later time, therefore, the duration of the data storage will be stored for the limitation period after the termination of the data processing.
Legal basis for processing data
This obligation is prescribed by Section 7 (1) of the Decree [data processing under Section 6 (1) c) of the Decree].
Data processing for marketing purposes
Data processing related to sending newsletters
Data is processed for the purpose of sending newsletters.
Processed data
Name, email address.
Duration of data processing
Until the user withdraws their consent.
Legal basis for processing data
Your voluntary consent, which you provide to the Data Controller when you sign up for newsletters [data processing pursuant to Section 6 (1) a) of the Decree]
Remarketing
Data processing as a remarketing activity is carried out with the help of cookies.
Processed data
Data processed by cookies specified in the cookie information.
Duration of data processing
The data processing duration of the given cookie; for more information on the expiration of cookies, see the following:
Google’s general guidance on cookies:
https://www.google.com/policies/technologies/types/
Google Analytics guidance:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook guidance:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Legal basis for processing data
Your voluntary consent, which you provide to the Data Controller by using our website [data processing pursuant to Section 6 (1) a) of the Decree].
Additional data processing
If the Data Controller wishes to perform further data processing, they shall provide information on the circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing) in advance.
We would like to inform you that any written requests for data by authorities based on legal regulations must be fulfilled by the Data Controller. The Data Controller shall keep records of any data transfers in accordance with Section 15 (2)-(3) of the Info Act ( to which authority, on what legal grounds and when were such data transferred by the Data Controller), and the Data Controller shall provide information about its content on request, unless the relevant regulations prohibit such information provision.
Recipients of personal data
Data processing for the storage of personal data
Data processor's name: Simtech Development Ltd.
Data processor's contact information:
Phone number:
Email address: sales@simtechdev.com
Headquarters: 432010 Ulyanosk, Sirenevy 7A
Website: www.simtechdev.com
The Data Processor stores personal data under the contract concluded with the Data Controller. They are not entitled to look into any personal data.
Data processing activities related to sending newsletters
Name of the company operating the newsletter system: The Rocket Science Group LLC.
Headquarters of the company operating the newsletter system: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Phone number of the company operating the newsletter system:
Email address of the company operating the newsletter system: privacy@mailchimp.com
Website of the company operating the newsletter system: mailchimp.com
The Data Processor participates in sending newsletters under the contract concluded with the Data Controller. In doing so, the Data Processor handles the name and e-mail address of the given person to the extent necessary for sending newsletters.
Your rights during data processing
When data processing takes place, you have the following rights in accordance with the provisions of the Decree:
• right to withdraw consent,
• access to personal data and data related to processing information,
• right to rectification,
• right to restriction of processing,
• right to erasure,
• right to object,
• right to data portability.
If you wish to exercise your rights, this will require your identification and the Data Controller must contact you. Therefore, personal information will be required for identification purposes (but the identification may only be based on data that the Data Controller already processes in connection with you) and your data processing complaints will be available in the Data Controller's email account within the timeframe specified in this guidance. If you have been our customer and would like to identify yourself for complaint or warranty purposes, please provide your order ID as well for identification. Based on the ID provided, we can identify you as a customer.
The Data Controller shall reply to any complaints related to data processing within 30 days the latest.
Right to withdraw consent
You have the right to withdraw your consent to data processing at any time, in which case the data you have provided will be deleted from our systems. However, please note that in case of an unfulfilled order, the withdrawal may result in a failed delivery. In addition, if the purchase has already taken place, we will not be able to delete your billing information from our systems in accordance with the accounting regulations, and if you owe us, we may process your information based on our legitimate interest in recovering the amount, even if you withdraw your consent.
Access to personal data
You have the right to receive feedback from the Data Controller as to whether or not your personal data is being processed and, if your data is being processed, you are entitled to:
• have access to the personal data processed and
• have the Data Controller inform you about the following: the purposes of the data processing,
o the categories of personal information processed in connection with you,
o information on the recipients or categories of recipients whom the personal data has been or will be disclosed to by the Data Controller,
o where possible, the planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
o the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing in case of data processing on the basis of legitimate grounds,
o the right to lodge a complaint with the supervisory authority,
o where the personal data were not collected from you, any available information as to their source,
o the existence of automated decision-making (where applies), including profiling, and at least in these cases, meaningful information about the logic involved, as well as the significance and the possible consequences of such processing for the data subject.
The purpose of exercising your right may be the establishment and verification of the lawfulness of the data processing, therefore, if multiple requests for information are received, the Data Controller may charge a reasonable fee for the provision of such information.
Access to personal data is ensured by the Data Controller by sending you the processed personal data and other information by email after your identification. If you have a registration, you can access, view and verify your information by logging into your user account.
In your request, please indicate whether you are requesting access to your personal data or you need information on the data processing.
Right to rectification
You shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you.
Right to restriction of processing
You have the right to obtain from the Controller restriction of processing where one of the following applies:
• You contest the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to verify the accuracy of the personal data; if the exact data can be established immediately, no restriction will be introduced;
• The processing is unlawful but you oppose the erasure of the personal data for any reason (for example, when you need such data for legal proceedings) and request the restriction of their use instead;
• The Controller no longer needs your personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
• You have objected to processing; however, the Controller’s legitimate interest may support such processing, pending the verification whether the legitimate grounds of the controller override those of the data subject, data processing shall be restricted.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You shall be informed by the Controller before the restriction of processing is lifted (at least 3 working days before the lifting of the restriction).
Right to erasure (right to be forgotten)
You have the right to obtain from the Controller the erasure of your personal data without undue delay where one of the following grounds applies:
• the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Data Controller,
• you withdraw your consent and there is no other legal ground for the processing,
• you object to the processing on the basis of legitimate grounds and there are no overriding legitimate grounds for the processing,
• the personal data have been unlawfully processed by the Data Controller and this was established on the basis of the complaint,
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
Where the Data Controller, for any legitimate grounds has made your personal data public and is obliged to erase the data due to reasons set out above, they shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.
Erasure shall not apply to the extent that processing is necessary:
• for exercising the right of freedom of expression and information,
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject (such as data processing related to invoicing as invoices are to be retained by law) or for the performance of a task carried out in the public interest or in the exercise of official public authority vested in the controller,
• for the establishment, exercise or defense of legal claims (e.g. when the Data Controller has a claim against you which has not yet been fulfilled, or a consumer or data processing complaint is being processed).
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data based on legitimate grounds. In this case the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such purposes, which include profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to portability
If the data processing is carried out automatically or if data is processed based on your voluntary consent, you have the right to ask the Data Controller to receive the data you provide to the Data Controller, which the Data Controller provides to you in xml, JSON or csv format; if this is technically feasible, you may request that the Data Controller transfers your data in this format to another data controller.
Automated decision-making
You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In such cases, the Data Controller shall implement suitable measures to safeguard the data subject's rights and freedom and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
The above shall not apply if the decision:
• is necessary for entering into, or performance of a contract between you and the data controller;
• is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• is based on your explicit consent.
Reporting to the data protection registry
Pursuant to the provisions of the Info Act, the Data Controller was required to report data processing in certain cases to the data protection registry. This notification obligation ceased on 25 May, 2018.
Data security measures
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental loss and damage, and becoming inaccessible due to changes in the technology used.
The Data Controller shall make every reasonable effort to ensure that their data processors also take appropriate data security measures when processing your personal data.
Remedies
If you believe that the Data Controller has violated a legal provision on data processing or has not fulfilled a request of yours, you may apply to the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság) to initiate an investigation in order to terminate the alleged unlawful data processing (postal address: 1363 Budapest, Pf. 9, email address: ugyfelszolgalat@naih.hu).
Please also note that in case of violation of the legal provisions on data processing, or if the Data Controller has not complied with a request of yours, you may file a civil lawsuit against the Data Controller.
Amendments to the Privacy Policy
The Data Controller reserves the right to amend this data processing guidance in a way that does not affect the purpose and legal basis of the data processing. By using the website after such change takes effect, you accept the terms of the amended data processing guidance.
Where the Controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the Controller shall provide you prior to that further processing with information on that other purpose and with any relevant further information below:
• the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period,
• the existence of the right to request from the Controller access to and rectification or erasure of your personal data or restriction of processing concerning your data or to object to processing as well as the right to data portability in case of data processing based on consent or on a contract,
• where the processing is based on consent, that you may withdraw your consent at any time,
• the right to lodge a complaint with a supervisory authority,
• whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide your personal data and of the possible consequences of failure to provide such data,
• the existence of automated decision-making (where applies), including profiling, and at least in these cases, meaningful information about the logic involved, as well as the significance and the possible consequences of such processing for the data subject.
The data processing may only begin when such data processing is based on consent, in addition to the provision of information, you have to consent to the data processing.
This document contains all relevant data processing information related to the operation of the webshop in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) (hereinafter: Decree. GDPR) and Act CXII of 2011 (hereinafter: Info Act).