Privacy Policy

This Privacy Information is the Letterus Bt. as a data controller controlling personal data control. The amendments to the prospectus shall enter into force by publishing the above address.

We reserve the right to modify this prospectus at any time by a one -way decision. If you are involved, you are entitled to exercise your rights related to data processing in this Prospectus and the applicable legislation.

We respect the privacy of all natural persons that visit our website, so we collect and manage only information that is essential for this purpose.

The use of our site and the use of our services are completely voluntary, so the processing of the personal data that may be required for this may be voluntary, and if necessary, we will only be dealt with on the legislature.

When using our website, we have been informed in accordance with the provisions of the European Parliament and Council 2016/679 General Data Protection Regulation (GDPR) and the Hungarian legislation in force. At the time of compiling the prospectus, we were also taking into account the recommendation of the National Data Protection and Freedom of Information Authority on the privacy requirements of preliminary information.

Below we will try to summarize everything you need to know about data protection, the processing of personal data you become aware, and your rights and remedies for them, in a concise and clear form as far as possible.

Data Controller and Privacy Officer

Várady Károlyné; Letterus Bt. Headquarters: 1104 Budapest 10 ker. Harmat utca 72. 2 LCSH. 3 em. 9 doors; registration number: 01-06-797922; Tax number: 32218165-1-42; As a data controller, it is available on the following data protection rights in the following ways:

By post: 1104 Budapest 10 ker. Harmat utca 72. 2 LCSH. 3 em. 9 doors;

By phone: +36-20/383-70-85;

Email: info@artandlens.hu.

As described in this Privacy Statement, cover the data processing related to the following websites:

www.artandlens.hu

Our data protection officer is available at Letterus Bt. Várady Károlyné, at info@artandlens.hu.

 

Storage provider

Websupport Magyarország Kft.
1132 Budapest, Victor Hugo utca 18-22.
Tax number: 25138205-2-41
Registration number: Cg.01-09-381419

 The scope, purpose and legal basis of the personal data treated

Sales / Order Post

The basic purpose of our websites is to sell our products. Of course, a contract is concluded (a contract between remote), which is subject to the General Terms and Conditions.

Of course, when placing your order, you enter data subject to personal data (name, address, phone number, email address, billing address and possibly tax number), which of course use only to complete the above contract. In this case, the legal basis for data management is your consent, the need to fulfill the contract between us, and (as we have an obligation to account) the need to fulfill the legal obligation for us.

The information provided during the order is required to keep your information for 8 years.

Customer relationships

If you have a question about using our services or you might have a problem, you can contact us at any of the contact details provided on our websites. Inbox, messages, telephone, Facebook, etc. Your information is deleted with your name and e-mail address and other voluntary personal information, up to 2 years from the date of information.

Community sites

In many cases, we contact you on social networking sites such as Facebook/Google+/Twitter/Pinter/YouTube/Instagram, etc. You can see your name registered on social networking sites and your user's public profile picture if you have registered for these social networking sites and authorized it to the community site operator during your settings.

In this case, the data management is implemented on social networking sites, so the duration, manner of the data processing and the deletion and modification options of the data are regulated by the regulation of the given social networking site.

 Data processors and activities related to data management

Your personal data can be managed by our staff and data processors who have signed a written data processing contract with us as a data controller. Your data can only be processed by both our staff and data processors and your direct staff to the extent necessary to achieve the purpose of data processing and for the time provided by the legal basis.

 

Data processors do not make a separate decision, only as a contract with us as a data controller, and they are entitled to act according to the instructions received. As data controllers, we check the work of our data processors. Data processors are only entitled to use additional data processors with our consent.

To fulfill your order, the work and availability of many of our contracted partners is consistent with data management. These are Barion Payment Zrt., Which provide online credit card payment on our websites; KBOSS.hu Kft., which provide our cloud-based billing system (szamlazz.hu).

 

Our data processors and the scope of the transferred data in connection with the fulfillment of the order:

Letterus Bt.
1104 BUDAPEST 10 ker. HARMAT STREET 72. 2 lcsh. 3 em. 9 doors

- scope of data transmitted: name, address, tax number, telephone number, e-mail address

data processing purpose: order processing, invoicing, packaging

duration of data management: 8 years according to the Accounting Act

legal basis: performance of the contract, legal obligation of the data controller

Barion Payment Zrt..
1117 Budapest, Irinyi József utca 4-20. 2nd Floor

- scope of data transmitted: name, address, telephone number, e-mail address - purpose of data processing: online card payment

- duration of data management: 8 years according to the Accounting Act

- legal basis: performance of the contract, legal obligation of the data controller

KBOSS.hu Kft. (számlázz.hu)

1031 Budapest, Záhony u. 7.
scope of data transmitted: name, address, tax number, e-mail address

- purpose of data processing: invoicing, issuing invoices

- duration of data management: 8 years according to the Accounting Act

- legal basis: performance of the contract, legal obligation of the data controller Data security During our data management, as data controllers preserve integrity and security: we protect the information available to us to only access the person who is entitled to do so and protect the accuracy and milk of information and processing method.

During our data management, as data controllers, we make sure that when the eligible user needs it, they can really access the information they want and to have the tools related to it.

The electronic messages transmitted on the Internet, regardless of protocol (e-mail, web, FTP, etc.), are vulnerable to network threats that lead to unfair activities, contract discussion, or reveal and modify information. To protect such threats, we will do all the precautions we expect from us. The systems are observed in order to capture all security differences and provide evidence for each security event. System observation also allows you to check the effectiveness of the precautions used.

Rights of stakeholders

As the data subject, you can request information on the processing of your personal data and request the rectification of your personal data, or to delete, withdraw, withdraw, withdraw, or exercise (except for data processing), and to use your data to protest any of our contact details. And these rights are as follows:

Preliminary right of information

You are entitled at any time or is entitled to information on the facts and information related to data processing. This right is also before the start of data processing.

Access right

You are entitled to receive a concise, clear answer from the Data Controller to see if you are currently handling your personal data and, if so, you are entitled to have access to your personal data and related information specified in the EU regulation.

Rectification

You are entitled to rectify the inaccurate personal data relating to you at your request, without undue delay. You are entitled to ask for the modification and supplementation of defective, incomplete personal data.

The right to delete (forgotten)

You are entitled to delete personal data relevant to you at your request, without undue delay, and the Data Controller is required to delete the personal data of the data subject without undue delay.

This right is particularly related to your personal data processed based on your consent, and in some other cases, including, among other things, data processed on the basis of the legal obligation.

The right to limit data management

You are entitled to the data controller at your request will limit the data processing if certain specified conditions are met. This case is mainly used to record a certain state of data processing, which may be a precedent of a legal situation or may be the concrete dispute itself.

Obligation to rectify or delete personal data or to limit data processing

The Data Controller shall inform all recipients of any correction, deletion or data management restriction to whom personal data has been reported. Exception: It is not expected to fulfill this obligation if it proves impossible or requires disproportionate effort.

The right to the media

You are entitled to receive personal data made available to you in a widely used machine format, and is entitled to transfer this data to another Data Controller.

The right to protest

Eligible or to protest at any time to manage your personal data if you

- Data management is necessary for the implementation of a task in the framework of the exercise of a public authority license to

- Data processing is necessary to assert the legitimate interests of the controller or a third party.

Automated decision -making in individual matters including profiling

You are entitled or not covered by a decision based on automated data processing exclusively, which would have a legal effect on you, or similarly affected you. In this case, you can apply for manual, human intervention and decision -making.

Inform the data subject about the privacy incident

If the data protection incident is likely to have a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject, without undue delay, of the data protection incident.

Right to complain to the supervisory authority (right to contact authority)

You are entitled to complain to a supervisory authority if, in your opinion, the processing of personal data relevant to you violates the EU data protection regulation.

The right to an effective judicial remedy for the supervisory authority

Eligible or effective judicial remedies against the legally binding decision of the supervisory authority. This right also exists if the supervisory authority does not deal with the complaint or has not been informed of the procedural developments related to the complaint submitted within three months.

The right to an effective judicial remedy for the data controller or the data processor

 Each person concerned is entitled to an effective court remedy if, in his opinion, his or her rights have been violated by their personal data as a result of the non -EU regulation.

Complaint

If you find that you have violated your right, contact us, we will do our best to investigate the case and to make up for the inconvenience. By the way, you can exercise your right to complain with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority 1125 Budapest, Szilágyi Erzsébet Fasor 22/C.


Mailing address: 1530 Budapest, mailbox: 5.
Telefon: +36 -1-391-1400

Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Cookie

Like everyone, we use cookies to ensure the basic operation of our website on the one hand and to improve the quality of our services to improve your user experience and to display an advertisement that is relevant to your interest by running behavioral marketing.

Here are a few more technical information about managing cookies to know what's going on in the background:

Basic cookies that are essential for the website

Statistical cookies

Through the collection and meaning of data in anonymous form, statistical cookies help us understand how our visitors use our website. Such cookies are used by the Google Analytics application, which is the Google Inc. web analysis service.

Marketing, remarketing cookies

We use marketing cookies in many cases to display unique offers while browsing our website. Such cookies are used by the Optimonk application.

In many cases, we use remarketing services to display advertisements to our websites on Google and Facebook. Data management is done without human intervention. In this case, the remarket codes of the applications concerned are completely automatically collected, and there is no information that is capable of identifying any visitor. Nonetheless, the codes using remarketing type cookies are allowed to run only with your explicit contribution while browsing our pages. Such cookies include Facebook pixels and remarketing cookies and Google Ads Remarketing Cookies.

We will inform you about the cookies that require contributions, if the data management begins with the site's visit, we will inform you at the start of your first visit and please consent. Acceptance of cookies that require contributions is optional, but we are not responsible if, in the absence of authorization of cookies, our website may not work as expected.

We do not use or enable cookies to help third parties collect data without your consent.

Principles, legislation and related concepts

As a data controller, we comply with legal requirements, personal data are processed solely on a legal basis, and complies with the principles and guidelines for the processing of personal data. Below we have gathered you related concepts, principles, and legislation to simplify the seamless reception of the above.

Principles for Managing Personal Data:

The personal data

-   Management must be performed legally and fairly as well as in a transparent way to the data subject (legality, fair procedure and transparency)

-  Collecting only for specific, clear and legitimate purposes and do not treat them in an incompatible manner with these goals; It is not considered incompatible with the original purpose for archiving of public interest, further data processing for scientific and historical research or statistical purposes (purposefulness)

-  They must be adequate and relevant to the purposes of data process

- They must be accurate and up to date; All reasonable measures must be taken in order to immediately delete or correct inaccurate personal data for data management purposes (accuracy)

- Storage must be in a form that allows the identification of stakeholders only for the time necessary to achieve the goals of personal data; Personal data can only be stored for a longer period of time if personal data is processed for archiving public interest, scientific and historical research or statistical purposes, appropriate technical and organizational measures required to protect the rights and freedoms of the data subjects in this Regulation also monitor (limited storage)

- Handling in such a way as to ensure appropriate technical or organizational measures to provide adequate security of personal data, unauthorized or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality)

The Data Controller is responsible for compliance above and must be able to justify this compliance (accountability)

Legal basis for data management:

Individual data can only be treated with one of the following legal basiss (minimum):

- He gave the consent of the data subject to handle his personal data for one or more specific purposes,

- Data processing is required to complete a contract in which the data subject is required to take steps at the request of the data subject prior to the conclusion of the contract ,

- Data management is required to fulfill the legal obligation for the controller

- Data management is required to protect the vital interests of the data subject or another natural person

- Data management is required to carry out a task in the framework

- Data processing is necessary to assert the legitimate interests of the controller or a third party, unless the interests of the data subject are preceded by the interests or fundamental rights and freedoms of the data subject, which requires the protection of personal data, especially if the child concerned

Concept definitions:

- “Personal Data” means any information relating to identified or identifiable (“affected”); Identifies a natural person who is directly or indirectly, especially an identifier, such as name, number, location data, online identification or natural person's physical, physiological, genetic, intellectual, economic, cultural or social identity identifiable,

- "Data Management": A sum of any operation or operations performed on personal data or data files in an automated or non -automated manner, such as collection, recording, systematization, articulation, storage, transform or change, query, access, use, communication, transmission, distribution or other in a way accessible by making it accessible, coordinating or connecting, restriction, deletion or destruction,

- “Restriction of Data Management” means indication of stored personal data to restrict their future handlingm,

- "Profile Creation" means any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics, in particular at work performance, economic situation, health, personal preferences, interest, reliability, behavior, place of residence or movement used to analyze or predict related characteristics;

- "Pseudo -name" means the processing of personal data in a way that can no longer determine which personal data applies to a specific natural person, provided that such information is stored separately and provided by technical and organizational measures to identify or identify natural persons this personal data cannot be connected;

- 'Register System' means a file of personal data in any way - centralized, decentralized or functional or geographical - that is accessible based on specific criteria

- "Data Controller" means a natural or legal person, public authority, agency or any other body that defines the goals and tools of processing personal data independently or with others; If the objectives and assets of the data processing are determined by EU or Member States, the special aspects of the designation of the Data Controller or the Data Controller may be determined by the EU or the Member States' law;

- “Data Processor” means a natural or legal person, public authority, agency or any other body that manages personal data on behalf of the Data Controller

- "Recipient" means a natural or legal person, public authority, agency, or any other body to whom or with whom personal data is communicated, whether or not it is a third party. Public authorities that may access personal data in accordance with EU or Member States in a individual investigation shall not be considered as recipients; Management of these data by these public authorities must be in accordance with the purposes of the data process;

- "Third Party" means a natural or legal person, public authority, agency or any other body that is not the same as the data controller, the data processor, or the persons who are authorized to manage personal data under the direct control of the data controller or data processor they got

- "Contribution to the data subject" means a voluntary, concrete and appropriate expression of the will of the data subject, by which the concerned statement or the confirmation is unmistakably expressed to indicate its consent to handle the personal data affecting it;

- "Privacy Incident" means an injury to security that results in accidental or unlawful destruction, loss, alteration, unauthorized communication or unauthorized access to the personal data transmitted, stored or otherwise managed.