Name: Boardpark Kft. (Boardpark Limited Liability Company)
Address:1113 Budapest, Karolina út 17B
Data Controller represented by: Andrea Szabolcs
The Data Controller’s contact details concerning data protection: adatvedelem@store13.hu
The Data Controller assumes unilateral liability by means of this Data Protection Information pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016), and to the relevant legal regulations of the Member States. The Data Controller may amend and/or withdraw these Rules and Regulations unilaterally at any time after having informed the Data Subjects. Information is disclosed on the webpage or, depending on the type of amendment, the Data Subjects are informed directly.
2.1 Webshop order management – www.strore13.hu
Keeping records of orders until the contract is signed or the order is terminated.
Legal basis of data control: Contract
Scope of controlled data: user name, password, IP address, name, permanent address, delivery address, e-mail account, telephone number, individual ID
Possible consequence of failing to provide data: failure to conclude the contract
Scheduled deadline of data control: until the date the contract is concluded or the order is terminated.
2.2 Service(s) (such as using repair services or placing individual orders) is/are provided to Clients without registration at the stores of the Data Controller (STORE 13 - 1113 Budapest, Karolina út 17, STORE 13 - 1061 Budapest Király utca 48.)
Customers’ data are controlled by sending (a) system message(s) connected to the service when shopping at our webstore or at our store. Provision of repair services.
Legal basis of data control: Consent
Scope of data controlled: Name; E-mail account; Telephone number
Possible consequence of failing to provide data: failure to provide services
Scheduled deadline of data control: until the date the consent is withdrawn
2.3 Control of requests for price quotation
Keeping records of or answering a question about or request for price quotations sent to the central e-mail address of the Data Controller or to the personal e-mail address of one of their colleagues. Issue of price quotations.
Legal basis of data control: rightful interest – The Data Controller’s rightful interest is to keep contact prior to the conclusion of a contract and to keep records of the contact persons’ data.
Scope of data controlled: Name; E-mail address; Telephone number
Scheduled deadline of data control: The last work day of the first March following the first year after receipt of the request for quotation.
2.4 Issue of the invoice and the issue of the mandatory documentation connected to providing the service.
Legal basis of data control: Legal compliance (compliance with the Act on Accounting)
A precondition to concluding a contract is to provide data. Should data not be provided, the Data Controller cannot render the ordered service.
Scope of data controlled: Name; Permanent address; E-mail address (If an invoice is remotely printed or e-invoicing is approved.); Individual ID
Scheduled deadline of data control: 8 years from the issue of the invoice.
2.5 Advertisement of product(s) and service(s) and provision of information to registered users
about new or renewed products and services, direct contact for business and marketing purposes with advertisement contents
invitation to a marketing event
Legal basis of data control: consent of the Data Subject
The Data Subject gives their written consent by e-mail or by the approval of the web-based correspondence link or by ticking the box on the Data Controller’s registration website to control their personal data based on this information.
Scope of data controlled: Name; Correspondence address; E-mail account; Telephone number; Additional information provided by the User
Possible consequence of failing to provide data: The Data Subject is not informed or is informed late about special offers and product information.
Scheduled deadline of data control: The last work day of the first March of the fourth year following the expiry of the Contract.
2.6 Administration of guarantee products and return goods
Administration of guarantee products and return goods (Issue of minutes), data control connected to the replacement, repair or return of goods within the legal deadline following receipt.
Legal basis of data control: Liability as per legal regulations
Scope of data controlled: Name; Address; E-mail address; Telephone number
Scheduled deadline of data control: 3 years
2.7 Registration and control of VIP key customers’ group
Keeping records of purchases
Provision of individual discounts
Legal basis of data control: consent of Data Subject
The Data Subject gives his or her written consent by e-mail or by the approval of the web-based correspondence link or by ticking the box on the Data Controller's registration website to control their personal data based on this information.
Scope of data controlled: Name; Correspondence address; E-mail address; Telephone number; Initial date of membership; Additional information provided by the User
Possible consequence of failing to provide data: failure to use discounts
Scheduled deadline of data control: until withdrawal
2.8 Delivery of orders
Delivery through courier services
Delivery to the courier services point or take-over point
Legal basis of data management – In order to fulfil the contract, the Data Controller’s rightful interest is to register the contact person’s and the recipient’s data
Source of data: disclosed by the person placing the order
Scope of data controlled: Name; Telephone number; E-mail account; Individual ID
2.9 Control of debit card payment documents
Control of documents related to payments with debit card at the Data Controller’s stores and webstore
Legal basis of data control: rightful interest – financial settlement with the debit card service provider
2.10 Rental of ski and snowboard equipment
Control of data of the person using the service in the course of pre-registration and issue of the equipment. Request of more data in more detail due to risks inherent in rentals. Request of personal data necessary to appropriately and safely set the equipment. Storage of data in case of remote registration or, in case of frequent clients, based on their consent.
Legal basis of data control: rental contract; compliance with safety regulations; consent.
Scope of data controlled: User name; Password; IP address – in case of remote registration; Name; Permanent address; E-mail address; Telephone number; ID card or the number of another personal document with a photo; Shoe size, body height and body weight;
Possible consequence of failing to provide data: failure to use the services
2.11 Use of video surveillance
The Data Controller uses an electronic video surveillance system in their store to protect human life, bodily integrity, personal freedom, business secrets as well as property. The surveillance system allows to record and store images, voices or both.
Legal basis of data control: rightful interest and consent related to security
In addition to the information herein (and also placed at the entrance of the store), the Data Subject gives their consent by entering the premises.
Scope of data controlled
Image and voice recordings of the Data Subject
Scheduled deadline of data control: 72 hours
Users registered on the www.store13.huwebsite, contact persons specified by them as well as natural persons shopping at the Data Controller’s stores (STORE 13 – 1113 Budapest, Karolina út 17., STORE 13 - 1061 Budapest Király utca 48. ).
Our products and services are not meant for persons under 16. Persons under 16 should not provide any personal data to the Data Controller. If we learn that we collected personal data from children under 16, we take the necessary measures as soon as possible to delete such data.
For purposes of legal compliance, it is the storage period stipulated by the Act on Accounting (8+1 years).
In the event of a contract: until the deadline specified in the contract or, at the latest, 8 years subsequent to the expiry of the contract.
In the event of a consent: until the withdrawal of the Data Subject’s consent
In the event of a rightful interest: until the protest of the Data Subject
The Data Controller indicates mandatory boxes with an asterix (*) on the specific data provision interfaces.
In the course of data control the Data Controller forwards the data to the contracted data processor(s) in order to fulfil the contract.
Data processors used:
Delivery:
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
2351 Alsónémedi, Európa u. 2. info@gls-hungary.com
Telefonszám / Telephone number: +36 1 802-0265
https://gls-group.eu/GROUP/en/data-protection
Online payment
Cib Bank Zrt.
1027 BUDAPEST, MEDVE U. 4-14.
Correspondence address: 1537 BUDAPEST, Pf. 394.
Telephone number: +36 1 423-1000 E-mail cím: cib@cib.hu
Webaddriss: www.cib.hu
Information on data protection: https://www.cib.hu/jogi_nyilatkozat/index
IT operator, WEB STORAGE SPACE service provider:
Planum-Comp Kft.
1151 Budapest, Szlacsányi F. u. 198.
Book-keeping service provider:
Ferenc Erdős, sole trader
The Data Controller does not forward any known data to third parties apart from data processors specified in section 7 herein. Any recorded data may be known exclusively by the employees of the Data Controller and the specified employees of the data processor(s).
The Data Controller issues a protocol of every occasion when data have been accessed. Such protocols shall be stored for a duration of 1 year.
9.1 Free delivery
The logic how the system works: delivery is free of charge in excess of the sum specified in the terms and conditions.
Consequences of automated decision-making concerning the Data Subject:
The mechanism does not affect the control of personal data.
Using the contact details specified in section 1 herein, the Data Subject may request the Data Controller to provide access to and information on the control of their personal data as follows:
they may request to modify their data,
they may request information on data control,
they may request to delete their data and put a limit on data control,
The Data Subject may exercise their rights specified above at any time.
The Data Subject may forward their requests to the Data Controller at one of the contact details specified in section 1 herein as follows:
they can request to transfer their data to another data controller if data control is carried out based on a contract or on a consent, and the Data Controller controls data within the framework of an automated process;
they may order to withdraw their consent previously given concerning data control.
The Data Controller approves or rejects (with justification) the request within 1 month of the receipt of the same (in exceptional cases within a longer deadline permitted by law). The Data Controller informs the Data Subject on the result of the examination in writing.
10.1 A tájékoztatás költsége Cost of Providing Information
The Data Controller completes requests and provides the necessary information free of charge for the first time.
If the Data Subject requests to disclose the same data for the 2ndtime within one month with such data remaining unchanged in the meantime, the Data Controller charges an administrative cost.
Such administrative cost will be charged based upon the minimum wage broken down to an hourly cost (charge by the hour).
Working hours used to provide such information are charged based on the hourly charge specified above.
In addition, if paper-based information is requested, the reply will be charged at the first-cost of printing plus postage costs.
10.2 Tájékoztatás megtagadása Refusal to Provide Information
If the Data Subject’s request is clearly unfounded or they are not entitled to be informed, or the Data Controller as data controller is able to prove that the Data Subject is in possession of the requested information, the Data Controller refuses the request for information.
If the Data Subject’s request is exaggerated (especially because of its repetitive nature), the Data Controller may refuse to act based on the request if:
the Data Subject submits their request for the 3rdtime within a month concerning one and the same subject to exercise their right pursuant to Sections 15-22.
10.3 Tiltakozáshoz való jog Right to Objection
The Data Subject is entitled at any time to object to their data being controlled based on the legal basis of rightful interest or an authorization by a public authority.
In such case the Data Controller may not control personal data any longer. An exception is if the Data Controller proves that such data is justified to be controlled based on compelling and rightful reasons which enjoy priority over the interests, rights or liberty of the Data Subject or which is connected to the submission, enforcement or protection of legal requests.
If the Data Controller establishes that the objection is legally well-founded, they terminate to control data within the shortest possible deadline, including forwarding and putting such data on record. The Data Controller informs all the parties on the objection to whom they have formerly forwarded the Data Subject’s data.
Such request is managed free of charge, except for unfounded or exaggerated requests for whose management the Data Controller may charge an appropriate and reasonable cost corresponding to their administrative costs. In the event the Data Subject disagrees with the Data Controller’s decision, they may apply to courts.
11. Information on Data Security Measures
In accordance with the requirements of the Rules and Regulations on Information Security, the Data Controller controls data in a closed system.
The Data Controller ensures default and built-in data protection. For this purpose, the Data Controller takes suitable technical and organizational measures in order to:
accurately regulate access to data;
exclusively allow persons to access data who need such data to complete their tasks, however, access to data must be limited to a minimum required to complete such tasks;
carefully choose contracted data processors and provide for data security through appropriate data processing contracts;
ensure that controlled data remain unchanged (data integrity), authentic and protected.
The Data Controller takes reasonable physical, technical and organizational measures to protect the Data Subject’s data, especially against unintended, unauthorized or illegal destruction, loss, modification, transfer, use, access, or processing. In the event that personal data become known to have been subject to unauthorized access or use, which carries a high risk in relation to the Data Subject, the Data Controller informs the Data Subject without any delay.
If the Data Subject’s data needs to be forwarded, the Data Controller appropriately protects such data forwarded, for example, by ensuring the body of data is rendered confidential. The Data Controller bears full liability for the control of the Data Subject’s data by third parties.
The Data Controller appropriately and regularly ensure the Data Subject’s data is protected against destruction or loss through backup savings.
Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of information, the following items need to be determined within the framework of data control by cookies on the webshop’s website:
the fact of data collection,
the scope of Data Subjects,
purpose of data collection,
duration of data control,
identification of possible data controllers entitled to access the data,
providing information on the Data Subjects’ data control rights.
12.1 Types of cookies characteristic of webstores are so-called „cookies used for password-protected workflow”, „cookies required for basket” and „security cookies” which are used without the prior consent of the Data Subjects.
12.2 The fact of data control and the scope of controlled data: individual identification number, dates and times.
12.3 Scope of the Data Subjects: all Data Subjects visiting the website.
12.4 Purpose of data control: identification of users, keeping records of the „basket” and tracking visitors.
12.5 Duration of data control and the deadline of data deletion:
c_i session: username, e-mail account (for purposes of identification when logging in) will be deleted in every 2 hours and updated in every 5 minutes
last products viewed: deleted after 10 years
chats username: deleted after 10 years
favourite products: deleted after 10 years
php session ID: deleted when browser is closed.
12.6 Identification of possible data controllers entitled to access the data: the data controller does not control personal data through using cookies.
12.7 Disclosure of the rights of the Data Subjects related to data control: the Data Subject may generally delete cookies in the Tools/Settings submenu of the browsers’ Data Protection menu.
12.8 Legal basis of data control: No consent from the Data Subject is required if the cookies are exclusively used to forward information through an electronic broadcasting network, or if it is inevitably required by the service provider to provide services connected to information society that are specifically requested by the subscriber or user.
The service provider measures the website's visitor data using Google Analytics services. Data is forwarded when services are used. Forwarded data is unsuitable to identify the Data Subject. Additional information on Google's privacy principles is available at:https://www.google.hu/policies/privacy/ads.
The website uses Google Adwords remarketing tracking codes (tags). Remarketing is a function which supports the website to display relevant advertisements to users who have previously visited the website while browsing other websites of Google Display Network. The remarketing code uses cookies to mark visitors. Users visiting the webstore may block such cookies and may read additional information on Google’s data control policies at the following links: https://www.google.hu/policies/technologies/ads/ and https://support.google.com/analytics/answer/2700409.If the user blocks remarketing cookies, they will not receive any personalized offers from the website.
Based on the position of NAIH(Hungarian National Authority for Data Protection and Freedom of Information) the Data Control sample is connected to the pre-defined data control regulations set by the creator of the Facebook webpage, and may select only limited setting options. Therefore, it does not materially affect the revision or modification of data control.
As a consequence, the Data Controller does not qualify as a data controller in relation to the Facebook website.
If you wish to learn more of what cookies your browser uses, please visit one of the following websites corresponding to your browser:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/kb/PH5042
Windows Internet Explorer: https://support.microsoft.com/kb/196955
If you are using a mobile device, you can get more information on the following websites:
Android: https://developer.android.com/reference/android/webkit/CookieManager.html
Blackberry: https://docs.blackberry.com/en/smartphone_users/deliverables/3200 /Turn_off_cookies_in_the_browser_60_1072866_11.jsp
Opera: https://www.opera.com/help/tutorials/security/privacy/
IOS: https://support.apple.com/kb/PH5042
Prevailing legal regulations pertaining to data control sessions carried out by the Data Controller are as follows:
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: „GDPR”)
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of information (hereinafter referred to as: “Information Technology Act”),
Act C of 2000 on Accounting (hereinafter referred to as: Accounting Act),
Act V of 2013 on the Civil Code (hereinafter referred to as: „Civil Code Act”)
Act CLV of 1997 on Consumer Protection (hereinafter referred to as: "Consumer Protection Act”),
Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators (hereinafter referred to as: “Security Services Act”),
Act CVIII of 2001 on certain issues of Electronic Commerce and on Information Society Services (with special regard to Section 13/A),
Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers,
Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity (with special regard to Section 6),
Act XC of 2005 on the Freedom of Information by Electronic Means,
Act C of 2003 on Electronic Communications (with special regard to Article 155),
Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising.
In the event of assumed prejudice pertaining to the control of personal data of any Data Subject, such Data Subject may turn to a competent court or, in Budapest, to the Metropolitan Court of Budapest, or may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information.
Address: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Contact details: ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu,
Budapest, 20 May 2018