Cart ( 0 )
€0
0
Information
Newsletter
Subscribe to our newsletter and be the first to hear about our special offers!

Privacy Policy

Introduction

Romsics Sándor sole proprietor (2030 Érd, Zengő utca 35., Registration number: 59435325, Tax number: 90276741-2-41) (hereinafter: Service Provider, Data Controller) submits himself to the following privacy notice.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, we provide the following information.

This privacy notice governs the data processing of the following website: https://creannafabrics.com
The privacy notice is available at: https://creannafabrics.com/info/privacy-policy-2/
Modifications to the notice enter into force upon publication at the above address.

Data Controller and Contact Details

Name: Romsics Sándor sole proprietor
Registered office: 2030 Érd, Zengő utca 35.
E-mail: romsics65@gmail.com
Phone: +36 20/5668882

Definitions

  1. “personal data”: any information relating to an identified or identifiable natural person (“data subject”).
  2. “processing”: any operation performed on personal data, automated or not, such as collection, storage, use, transmission or erasure.
  3. “controller”: the entity determining the purposes and means of processing personal data.
  4. “processor”: the entity processing personal data on behalf of the controller.
  5. “recipient”: any entity to which personal data are disclosed.
  6. “consent of the data subject”: a freely given, specific, informed and unambiguous indication of the data subject’s wishes.
  7. “personal data breach”: a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

Principles Relating to the Processing of Personal Data

Personal data shall:

  1. be processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
  2. be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving in the public interest, scientific or historical research or statistical purposes shall not be considered incompatible with the initial purposes (“purpose limitation”);
  3. be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
  4. be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay (“accuracy”);
  5. be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed (“storage limitation”);
  6. be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).

The controller shall be responsible for, and be able to demonstrate compliance with, the above principles (“accountability”).

Data Processing Activities

Data Processing Related to the Operation of the Webshop

  1. The fact of data collection, the scope of processed data and the purpose of processing:
    Personal Data Purpose of Processing
    Password Ensuring secure login to the user account.
    First and last name Required for contacting the customer, making a purchase and issuing a proper invoice.
    E-mail address Communication.
    Phone number Communication and more efficient coordination of billing or shipping questions.
    Billing name and address Issuing a proper invoice, creating and modifying the contract, monitoring performance, invoicing fees and enforcing related claims.
    Shipping name and address Enabling home delivery.
    Date of purchase/registration Technical operation.
    IP address at the time of purchase/registration Technical operation.

    The e-mail address does not need to contain personal data.

  2. Scope of data subjects: all users registered on / purchasing from the webshop.
  3. Duration of processing, deadline for erasure: immediately upon deletion of the registration, except for accounting documents, which must be retained for 8 years pursuant to Act C of 2000 on Accounting.
  4. Persons entitled to access the data: the controller’s sales and marketing employees, in compliance with the above principles.
  5. Rights of the data subject:
    – access, rectification, erasure or restriction of processing;
    – objection to processing;
    – right to data portability;
    – right to withdraw consent at any time.
  6. How the data subject may exercise these rights:
    – by post: 2030 Érd, Zengő utca 35.
    – by e-mail: romsics65@gmail.com
    – by phone: +36 20/5668882
  7. Legal basis of processing:
    – consent of the data subject (Article 6(1)(a) GDPR);
    – Section 13/A(3) of Act CVIII of 2001 on electronic commerce services;
    – compliance with accounting obligations (Article 6(1)(c) GDPR).

Processors Used

Shipping

  1. Activity performed by the processor: Delivery of products, transportation.
  2. Name and contact details of the processor:
    Magyar Posta Zrt. Customer Service Directorate, 3512 Miskolc
    https://www.posta.hu/adatkezelesi_tajekoztato#2.
  3. Scope of processed data: Shipping name, shipping address, phone number, e‑mail address.
  4. Scope of data subjects: All customers requesting home delivery.
  5. Purpose of processing: Delivery of the ordered product.
  6. Duration of processing: Until the completion of home delivery.
  7. Legal basis of processing: User consent, Article 6(1)(a) GDPR, Section 5(1) of the Info Act.

Webshop Software Provider

  1. Activity performed by the processor: Webshop software maintenance.
  2. Name and contact details of the processor:
    WEBHASZON Vállalkozás — Horváth Lászlóné sole proprietor
    Tax number: 41924026-1-40
    8800 Nagykanizsa, Varazsdi utca 32.
    E-mail: ugyfel@webaruhazberlese.hu
    Phone: 30/854-9598
    Website: https://www.webaruhazberlese.hu/
  3. Scope of processed data: All personal data provided by the data subject.
  4. Scope of data subjects: All users of the website.
  5. Purpose of processing: Proper operation of the webshop software.
  6. Duration of processing: Until the agreement between the controller and the software maintainer ends, or until the data subject requests deletion.
  7. Legal basis of processing: User consent, Section 5(1) of the Info Act, Article 6(1)(a) GDPR, and Section 13/A(3) of Act CVIII of 2001.

Hosting Provider

  1. Activity performed by the processor: Hosting service.
  2. Name and contact details of the processor:
    Cweb.hu Informatikai Kft
    Address: 1173 Budapest, Borsó utca 12–32
    Company registration number: Cg.01-09 436264
    Tax number: 32666032-1-42
    Phone: +36-70-282-7206
    E-mail: info@cweb.hu
  3. Scope of processed data: All personal data provided by the data subject.
  4. Scope of data subjects: All users of the website.
  5. Purpose of processing: Making the website available and ensuring proper operation.
  6. Duration of processing: Until the agreement between the controller and the hosting provider ends, or until the data subject requests deletion.
  7. Legal basis of processing: User consent, Section 5(1) of the Info Act, Article 6(1)(a) GDPR, and Section 13/A(3) of Act CVIII of 2001.

Card Payment Provider

Online card payments and other payment methods are processed through the Barion system. Card data and other payment-related information are not transmitted to the merchant. Barion Payment Zrt. is supervised by the Central Bank of Hungary. License number: H‑EN‑I‑1064/2013.

Cookie Management

  1. Typical cookies used in webshops include “password‑protected session cookies”, “shopping cart cookies” and “security cookies”, which do not require prior consent from the data subjects.
  2. Scope of processed data: Unique identifier, dates, timestamps.
  3. Scope of data subjects: All visitors of the website.
  4. Purpose of processing: Identifying users, maintaining the “shopping cart”, and tracking visitors.
  5. Duration of processing and deadline for erasure:
    Type of Cookie Legal Basis of Processing Duration of Processing Scope of Processed Data
    Session cookies Section 13/A(3) of Act CVIII of 2001 on electronic commerce services Until the end of the relevant visitor session connect.sid
  6. Persons entitled to access the data: The controller does not process personal data through the use of cookies.
  7. Rights of the data subject: Data subjects may delete cookies in their browser under the Tools/Settings menu, typically under Privacy settings.
  8. Legal basis of processing: No consent is required if the exclusive purpose of using cookies is the transmission of communication over an electronic communications network, or if it is strictly necessary for the service provider to provide an information society service explicitly requested by the user.

Newsletter and Direct Marketing Activity

The advertiser, the advertising service provider or the publisher of the advertisement shall, within the scope specified in the consent, keep a record of the personal data of persons who have made a declaration of consent. The data recorded in this register relating to the recipient of the advertisement may be processed only in accordance with the content of the consent and until its withdrawal, and may be transferred to a third party only with the prior consent of the data subject.

Complaint Handling

In the event of a complaint regarding a purchased product, the controller processes the following data for identification and communication purposes:

  • First and last name
  • E-mail address
  • Phone number
  • Billing name and address

The purpose of processing: handling quality complaints, questions and issues related to purchased products.

Retention period: Complaint records must be retained for 5 years in accordance with Act CLV of 1997 on Consumer Protection.

Social Media Pages

Processed data: the public profile name and profile picture of users registered on Facebook / Google+ / Twitter / Pinterest / YouTube / Instagram, etc.

Purpose of processing: sharing or “liking” certain content elements, products, promotions or the website itself on social media platforms.

Data processing takes place on the social media platform; therefore, the duration, method of processing and deletion options are governed by the platform’s own policies.

Customer Relations and Other Processing

If a question or issue arises during the use of our services, the data subject may contact the controller via the contact details provided on the website (telephone, e‑mail, social media, etc.).

The controller stores incoming messages together with the sender’s name, e‑mail address and any voluntarily provided personal data for up to 2 years from the date of communication.

Rights of Data Subjects

The controller shall inform the data subject of the measures taken in response to their request without undue delay and in any event within 1 month of receipt of the request.

Where necessary, this period may be extended by 2 months. The controller shall notify the data subject of any such extension within 1 month of receiving the request, together with the reasons for the delay.

If the controller does not act on the request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

Security of Processing

The controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • pseudonymisation and encryption of personal data;
  • ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing.

When assessing the appropriate level of security, the controller shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Change settings