Privacy Policy

By using the Web Shop, you declare that you are at least 16 years old. Persons under the age of 16 may not register or make purchases at the Web Shop and may not sign up for a newsletter, considering that pursuant to Subsection 8 (1) of the GDPR, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. The Controller is not in the position to verify the age and eligibility of the person providing the consent, therefore the Data Subject shall warrant that the data provided are correct. The Data Subject shall be held responsible for the validity of the data provided.

Please note that the functions of the Web Shop and recording and fulfilling your orders are only available if you provide your data to the Controller and consent to data processing.

1. Controller’s name and contact

Sole proprietor: Rebeka Sára Andresik
Seat: 1067 Budapest, Szondi utca 11, Hungary
Small taxpayer registration number: 51918431
Tax number: 68557863-1-41
Statistical code: 68557863-4799-231-01
Phone: +36-30-216-5299
E-mail: suga@sugasugawear.com
(hereinafter: “Controller”)

2. Legal grounds, purpose, term and scope of data processing

2.1. Personal data are processed by the Controller for the following grounds, purposes and term

Type of processing
Legal basis for processing
Scope of processed data
Purpose of processing
Term of processing
Processing pertaining to a registered user

Consent given by the Data Subject (GDPR Article 6, Paragraph (1) Point a))

  • Name
  • Address (not required)
  • E-mail address
  • Phone number (not required)
  • Date of birth
  • Managing the user’s account
  • Ensuring that order information and invoices are accessible
  • Managing favourites

Until the Data Subject requests erasure
Processing pertaining to a registered user when placing an order
Necessary for the performance of the contract (GDPR Article 6, Paragraph (1) Point b))

  • Name
  • Address
  • E-mail address
  • Phone number
  • Completing orders
  • Sending order verification
  • Communication related to completing orders

For 5 years following the completion of the order (statute of limitation pursuant to the Civil Code)
Processing data for invoicing
Necessary for compliance with a legal obligation to which the Controller is subject (GDPR Article 6, Paragraph (1) Point c))

  • Name
  • Address

Invoicing the amounts for products and services
Statute of limitation pursuant to the Accounting Act, that is 8 years
Sending newsletters and advertisements
Consent given by the Data Subject (GDPR Article 6, Paragraph (1) Point a))

  • Name
  • E-mail address
  • Phone number
  • Address (only the data applicable to the chosen method is processed)

Sending marketing offers via electronic means/by post
Until the Data Subject requests erasure
Online communication by the data subject
Consent given by the Data Subject (GDPR Article 6, Paragraph (1) Point a))

  • E-mail address
  • Name (not required)
  • Address (not required)
  • Customer number (not required)

Customer service answering the Data Subject’s questions submitted to the website Until the Data Subject requests erasure
Recording communication by phone (communication by the data subject)
Consent given by the Data Subject (GDPR Article 6, Paragraph (1) Point a))

  • Audio recording
  • Registering the data of the order
  • Registering customer complaints

For 5 years following the completion of the order (statute of limitation pursuant to the Civil Code)
Rating products at the website
Consent given by the Data Subject (GDPR Article 6, Paragraph (1) Point a))

  • Forename or alias (not required)

Displaying product feedback on the website
Until the Data Subject requests erasure
Inquiries requesting notification on out-of-stock products
Consent given by the Data Subject (GDPR Article 6, Paragraph (1) Point a))

  • E-mail address

For inquiries requesting notification when the product is in stock again
For 30 days following the dispatch of the notification

2.2. Log files

When accessing a website/application, the web browser of your terminal equipment sends information to the server of our website/application, which are then stored in temporary files called log files. The data records saved in this process and stored until automated deletion are as follows: Date and time of download, name of the page visited, IP address of the downloading device, reference URL (source URL from which you visited our website), the amount of data transferred, loading time, product and version data of the browser used, and your service provider providing access.

The legal grounds for handling and processing IP addresses is laid down in Paragraph 6 (1) f) of the GDPR. Our lawful interest arises from establishing an uninterrupted connection and ensuring the comfortable use of our website/application, as well as ensuring system security and stability.

We have no way to directly confer your identity from the above information and we do not apply such practices.

We store the data and automatically erase them as soon as the above purposes are fulfilled. Erasure time limits are determined as needed.

3. Data processors

The Controller may transmit your data to secondary data processors for the purpose of registering your order, completing the contract, operating the website, sending marketing offers, and complying with the requirements of the Accounting Act.

Data Processors process your data in compliance with the Controller’s instructions and may not make substantive decisions on data processing, they must process the data solely in line with the Controller’s instructions, may not process data for their own purposes and are obliged to store, retain and erase data in compliance with the Controller’s instructions. Data is made available to the employees of the data processors during processing the data.

Data processor’s name
Data processor’s address
Processing activity
Data affected by processing
OTP MOBIL Szolgáltató Kft.
HU-1039 Budapest Közraktár u. 30-32.

Online payment method
Name, address, email, bank card information
GLS
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
HU-2351 Alsónémedi GLS Európa u. 2.

Courier (package delivery) services, delivery of DM materials and handling refunds Only for purchases: name, address, phone number. For sending catalogues: name, address, customer code.

**Accountant
Terézia Besséné Oravecz
HU-2162 Őrbottyán Rákóczi utca 84
Accounting
Name, address

Webhosting services
Name, address, phone number, e-mail address, date of birth, IP address
Magyar Hosting Kft.
H-1132 Budapest Victor Hugo u. 18-22.

4. Data Transmission

The Controller does not transfer the data to third persons.

5. Profiling

Please be informed that the Controller carries out profiling in those subscribed to the newsletter. Profiling involves a technical procedure whereby the Controller determines whether the subscriber had previously visited the Web Shop and whether they had made a purchase, and sends newsletters, catalogues or text messages based on this information, in line with the Data Subject’s fields of interest. The purpose of this function is to provide better user experience and does not entail consequences for the Data Subject other than receiving offers for products and discounts.

6. Technical data processing related to the use and operation of the Web Shop

Cookies

When visiting the Web Shop, your computer will save text-based files (hereinafter: „cookies”). The Controller mainly uses session cookies that your web browser will delete at once when you close your browser. These are used for example to display the contents of your cart while viewing any page to show the items you have placed in your cart and their total price. These text files do not contain personal data. In addition, the site uses persistent cookies that last throughout more than one visit. These cookies, too, contain you IP address only. They play a significant role in making the Controller’s Web Shop more friendly, efficient and safe. For example, these files ensure that the website displays the information the Buyer is interested in. The purpose of using these cookies is to make sure that the offer conforms to the Buyer’s needs as much as possible and that browsing is as comfortable as possible. These cookies do not allow for the identification of the Buyer.

Of course, you may set your browser to refuse saving permanent cookies to your hard drive, but certain functions of the Web Shop are only available and satisfying in full when you allow cookies. For instance, when you place a product in your cart, the server will read the cookie code and remember that the given product belongs in your cart. If you visit other websites after your visit to the Web Shop and then return to shopping, your cart will still contain everything you placed in it before. This service is only available when cookies are allowed. Therefore, the Controller recommends that you leave the cookies enabled.

You can normally view and delete the cookies at any time in your web browser settings. For more information, see the Help menu in your web browser.

Google Analytics

For more information on data processing by Google related to its Analytics service, see: http://www.google.com/analytics

Social media

This website uses the community plugins of Facebook and Google. These are offered by the American corporations Facebook and Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”)).

When you visit a website suing such a plugin, your browser connects to Facebook or Google and contents will be loaded from their pages. Your visit to this website may be tracked by Facebook or Google, as the case may be, even if you are not an active user of these community plugins.

Facebook’s privacy statement: https://www.facebook.com/about/privacy.

Google’s privacy statement: http://www.google.com/intl/de/policies/privacy

7. Rights of the Data Subject, Options for Legal Remedy

Right of access: You have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed. You have the right to access to the personal data processed by the Controller. You also have the right to access information contained in this statement.

Right to rectification: You have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you and you have the right to have incomplete personal data completed.

Right to erasure („right to be forgotten”): You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay. In case of a request for erasure, the Controller will investigate the precise grounds for data processing (whether there exist any grounds apart from your consent) and if the conditions for erasure are present, he will erase the data. In case of erasure, the Controller shall ensure that the data is erased by all those to whom such data was disclosed through the Controller.

Right to restriction of processing: You have the right to obtain from the Controller restriction of processing if: the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data; the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the exercise of legal claims; or if you have objected to processing. You shall be informed by the Controller before the restriction of processing is lifted. The Controller shall inform all stakeholders to whom the personal data has been disclosed on the restrictions.

Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (or have the Controller transmit such data, if technically feasible). You shall be entitled to this right if the processing is based on your consent or on the performance of a contract and if the processing is carried out by automated means.

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or if the legal grounds for processing are the lawful interests of the Controller or of a third party (including profiling). You may object at any time to direct marketing (receiving advertisement offers) and profiling carried out by the Controller.

The Controller shall provide information on actions taken on a request based on your above-mentioned rights as soon as possible (without undue delay) and in any event within 30 days of receipt of the request, and shall erase the data if consent is revoked. In case of rectification or erasure, the Controller shall inform all recipients to whom the data in question was disclosed.

If the Controller cannot take action on your request, the Controller shall inform you within 30 days.

The Controller informs you that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

You may exercise your rights concerning data processing through the Controller’s contact options specified in Section 1.

You may lodge a complaint and seek judicial remedy with the competent data protection supervisory authority, that is the Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information, ‘NAIH’) (Hungary, 1125 Budapest, Szilágyi Erzsébet fasor 22/c., postal address: HU-1530 Budapest, Pf.: 5., www.naih.hu; phone: (+36 1) 391-1400, fax: (+36 1) 391-1410, ugyfelszolgalat@naih.hu), or take action at the court of justice with jurisdiction for your home address or temporary place of residence.

8. Data Security

The Controller shall design and implement data processing operations in a manner so as to ensure protection of the privacy of the Data Subject. The Controller shall protect the data by information technology measures conforming to the current state of technology, in particular against unauthorised access, alteration, forwarding, disclosure, deletion or destruction, as well as accidental destruction and damage, and inaccessibility arising out of a change in the technology used.

The account created by you at registration shall be protected by the password you provide.