Legal notice

1. Purpose of the data management information

Henrik Megyer EV (address: 8360 Keszthely, Kisfaludy utca 10, hereinafter, service provider, data controller), as data controller, acknowledges the content of this legal notice as binding on him. It undertakes that all data processing related to its activities complies with the requirements set out in these regulations and in the applicable national legislation, as well as in the legal acts of the European Union. This privacy statement covers the following domains and their subdomains: need-for-bow.eu The data controller reserves the right to amend this prospectus at any time. Stakeholders will be informed of the changes in due time. If you have any questions regarding this notice, please write and answer your question. The data controller is committed to the protection of the personal data of its customers and partners, and considers it extremely important to respect the right of its customers to information self-determination. The data controller shall treat the personal data confidentially and shall take all security, technical and organizational measures that guarantee the security of the data. The data controller describes his data management practices below.

2. Data of the data controller

If you would like to contact the company, you can contact the data controller at the email addresses sales@need-for-bow.eu and the telephone number 36 30 494 3355.

Henrik Megyer sole proprietorship

8360 Keszthely, Kisfaludy utca 10

+36 30 494 3355

Registration number: 31495087

Tax number: HU66076474140

Email address: sales@need-for-bow.eu

Hosting provider: tárhelypark.hu

2.1 Data Protection Officer

The controller shall not engage in any activity that would justify the appointment of a data protection officer.

3. Scope of personal data processed

3.1. Technical data

The data controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data: accessible to those entitled to it (availability); authenticity and authentication are ensured (authenticity of data management); its invariability can be justified (data integrity); be protected against unauthorized access (data confidentiality). The controller shall take appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction. The data controller shall ensure the protection of the security of data processing by technical, organizational and organizational measures that provide a level of protection appropriate to the risks associated with the data processing. The data controller maintains confidentiality during data management: it protects the information so that only those who are authorized to access it can access it; integrity: protects the accuracy and completeness of information and the method of processing; availability: ensures that when an authorized user needs it, they can actually access the information they want and have the tools to do so.

3.2 Cookies

3.2.1 The role of cookies

Cookies collect information about visitors and their devices; remember the individual settings of the visitors, which can be used e.g. when using online transactions, so you don’t have to retype them; facilitate the use of the website; they provide a quality user experience and participate in the collection of some visitor statistics. In order to provide customized service, a small data packet, the so-called places a cookie and reads it back at a later visit. If the browser returns a previously saved cookie, the cookie provider has the option to link the user's current visit to the previous ones, but only for their own content. Some cookies do not contain personally identifiable information about the individual user, some contain a secret, randomly generated sequence of numbers that is stored by the user's device and provides user identification.

3.2.2 Absolutely necessary, session cookies

The purpose of these cookies is to allow visitors to fully and seamlessly browse the website of need-for-bow.eu, use its features and the services available there. These types of cookies last until the end of the session (browsing), and when you close the browser, these types of cookies are automatically deleted from your computer or other device used for browsing.

3.2.3. Third-party cookies (analytics)

They also use Google Analytics as a third party cookie on the websites of need-for-bow.eu and their subdomains. Using Google Analytics for statistical purposes, the websites of need-for-bow.eu and their subdomains collect information about how visitors use the websites. Use the data to improve the website and improve the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in its browser, or until the visitor deletes them until they expire.

4 General data management guidelines, name of data processing, use, legal basis and retention period

The data management of the data controller's activity is based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the data processing. In some cases, the handling, storage and transmission of a set of provided data is required by law, of which we notify our customers separately. We would like to draw the attention of informants to the Data Controller that if they do not provide their own personal data, the informant is obliged to obtain the consent of the data subject. Its data management principles are in line with the applicable data protection legislation, in particular the following: 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information (Infotv.); Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 ( General Data Protection Regulation, GDPR); Act V of 2013 - on the Civil Code (Civil Code); Act C of 2000 - on Accounting (Act on Accounting); 2017 LIII. Act on the Prevention and Suppression of Money Laundering and Terrorist Financing (Pmt.); 2013 CCXXXVII. Act on Credit Institutions and Financial Enterprises (Hpt.). The data maps were prepared by the data controller, on the basis of which the scope of the processed data, their use, legal basis and retention period were determined.

4.1 Data related to online ordering

It is possible to order products through the website, personal data requested during the order:

Name (required field)

Address (required)

Email address (required field)

Phone number (optional field, optional, to initiate a callback)

For some services, such as website maintenance, additional personal information may be transferred. Purpose of data management, planned use of the managed data: The data will be used to fulfill the order. The legal basis for data management is a contractual mandate. Retention period: the duration of a business relationship or a cancellation request.

4.2 Data related to online administration

Personal information requested during the contact:

Name (required field)

Email address (required field)

Phone number (optional field, optional, to initiate a callback)

Purpose of data management, intended use of the managed data: The data will be used for contact and fulfillment of the order.

The legal basis for data management is voluntary consent. Retention period: the duration of a business relationship or a cancellation request.

4.3 Newsletter / eDM related information

Personal information requested during the newsletter subscription:

Name (required field)

Email address (required field)

The newsletter is available after reading and accepting the data management policy. The data management policy is accepted by accepting an unfilled, mandatory checkbox. After subscribing, the subscriber will receive an email informing them of the subscription, which must be confirmed, after which their subscription will take effect. During all related processes, the customer still has the option to unsubscribe, the option to unsubscribe is included in each letter in the form of a link, it is easily accessible with one click. As the newsletter contains the name of the company and the contact details of its website, it is considered advertising, eDM. Purpose of data management, intended use of the managed data: The data will be used to send out a newsletter including advertising. The newsletter contains the address of the website, so it is already considered an advertisement. The legal basis for data management is voluntary consent. Retention period: until unsubscribing.

4.4 Customer Contact Information

I store the following personal data and contact details of our clients' managers and contacts:

Name

E-mail

Address

Phone number

Purpose of data management, intended use of the managed data: The data is used for contact and communication purposes. The legal basis for data management is a legitimate interest. Retention period: the duration of a business relationship or a cancellation request.

4.5 Personal data to be provided during registration

You can register in the webshop module of the website, which makes it easier to use the additional service with it. that it is not necessary to re-enter the data. Personal data processed during registration:

Name

E-mail

address

Title

Phone number

Purchase information (product, date, etc.) Purpose of data management, intended use of the managed data: invoicing. The legal basis for data management is voluntary consent. Shelf life: until revoked.

4.6. Personal information to be provided during purchase

If you want to place an order in the webshop module, data management and the provision of data during the purchase is essential for the fulfillment of the contract.

Name

E-mail

address

Title

Phone number

Purchase information (product, date, etc.) The purpose of data management, the intended use of the managed data: fulfillment of a contractual order. The legal basis for data management is a contractual mandate. Retention period: according to legal regulations, current year + 5 years

4.7 Billing Related Information

The data controller enters into a contract with its customers for the ordered services, during which it stores the following data:

Name

E-mail

address

Title Purpose of data management, intended use of the managed data: invoicing. Legal basis for data management: legal requirement. Retention period: according to legal regulations, current year + 5 years

4.8. Warranty service

If you initiate warranty administration, data management and the provision of data is essential for administration. Name E-mail address Phone number Complaint The purpose of data management, the intended use of the managed data: guarantee administration. The legal basis for data management is voluntary consent.

Retention period: subject year + 5 years according to the Consumer Protection Act

4.9 Handling consumer complaints

If you submit a consumer protection complaint, data management and the provision of data are essential for the administration.

Name

E-mail

address

Phone number

Complaint

The purpose of data management, the intended use of the processed data: administration of consumer protection complaints. The legal basis for data management is voluntary consent.

Retention period: subject year + 5 years according to the Consumer Protection Act

5 Physical storage locations for data

Your personal information (that is, information that may be associated with you) may be processed by us in the following ways:

on the one hand, in connection with the maintenance of the Internet connection, the technical data related to the computer, browser program, Internet address and pages visited by you are automatically generated in our computer system, on the other hand, you may also provide your name, contact information or other details if you wish to contact us personally while using the website. Data to be technically recorded during the operation of the system: the data of the computer of the affected login, which is recorded by the systems of the webfolio.hu and fotofolio.hu domains and their subdomains as an automatic result of the technical processes. The data that is automatically recorded is automatically logged at entry and exit without a separate statement or action by the data subject. This data may not be combined with other personal user data, except in cases required by law. Only the webfolio.hu and fotofolio.hu domains and their subdomains have access to the data.

6 Data transmission, data processing, the circle of those who get to know the data

As part of its business activities, the data controller uses the following data processors:

Hosting service: Tárhelypark Kft, 1122 Budapest, Gaál József út 24, Tax number: 23289903-2-42, Company registration number: 01-09-322570

Invoicing: Számlázz.hu - KBOSS.hu Kft. Address: 031 Budapest, Záhony utca 7 / C. Email: info@szamlazz.hu Tel: +36 30 35 44789 (automatic information) Scope of information: invoices issued

Google Analytics: Google Inc., Mountain View, California, USA Scope of known data: IP address of the visitors of the webfolio.hu and fotofolio.hu websites - anonymised, non-personal.

Transport: Artúr '95 Bt. (GLS subcontractor) Address: 8900 Zalaegerszeg Újhegyi út 2. Postal address: 8901 Zalaegerszeg Pf. 194. E-mail: info@artur95.hu

6.1 Transfer of data to a third country

GLS delivery.

7 Rights and enforcement options of the data subject

The data subject may request information on the processing of his / her personal data, as well as request the correction or deletion or revocation of his / her personal data, except for mandatory data processing, exercise his / her right to data and protest in the manner indicated at

7.1 Right to information

The controller shall take appropriate measures to provide the data subject with all information concerning the processing of personal data referred to in Articles 13 and 14 of the GDPR and Articles 15 to 22. and Article 34 shall provide each information in a concise, transparent, comprehensible and easily accessible form, in clear and comprehensible terms.

7.2 The data subject's right of access

The data subject shall have the right to receive feedback from the controller as to whether the processing of his or her personal data is in progress and, if such processing is in progress, to obtain access to the personal data and the following information:

the purposes of data management; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular recipients in third countries or international organizations; the intended period for which the personal data will be stored; the right to rectify, erase or restrict data processing and to protest; the right to lodge a complaint with the supervisory authority; information on data sources; the fact of automated decision-making, including profiling, and comprehensible information on the logic used and the significance of such data management and the expected consequences for the data subject.

The controller shall provide the information no later than one month after the submission of the request.

7.3 Right of rectification

The data subject may request the correction of inaccurate personal data processed by him / her and the addition of incomplete data.

7.4 Right of cancellation

The data subject shall have the right, at the request of the Data Controller, to delete personal data concerning him or her without undue delay if one of the following reasons exists: personal data are no longer required for the purpose for which they were collected or otherwise processed; the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing; the data subject objects to the processing and there is no overriding legitimate reason for the processing; personal data have been processed unlawfully; personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller; personal data was collected in connection with the provision of information society services.

Deletion of data may not be initiated if the processing is necessary: ​​for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling an obligation under Union or Member State law governing the processing of personal data or performing a task carried out in the public interest or in the exercise of official authority vested in the controller; in the field of public health, or for archival, scientific and historical research or statistical purposes, in the public interest; or to bring, assert or defend legal claims.

7.5 Right to Restrict Data Management

At the request of the data subject, the Data Controller shall restrict the data processing if one of the following conditions is met: the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period that allows the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted; the controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to make, enforce or protect legal claims; or the data subject has objected to the processing; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.

Where processing is restricted, personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims, protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

7.6 Right to Carry Data

The data subject shall have the right to receive the personal data concerning him or her made available to the controller in a structured, widely used, machine-readable format and to transmit this data to another controller.

7.7 Right to protest

The data subject shall have the right to object at any time, for reasons related to his situation, to the processing of his personal data in the public interest or in the exercise of public authority or to the processing of data subjects or third parties, including profiling based on those provisions. is. In the event of an objection, the controller may not further process the personal data, unless justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.

7.8 Automated decision making in individual cases, including profiling

The data subject shall have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effects on him or her or would be similarly significant.

7.9 Right of withdrawal

The data subject has the right to withdraw his or her consent at any time.

7.10 Right to go to court

If the data subject's rights are violated, he or she may take legal action against the data controller. The court is acting out of turn in the case. 8.11 Data protection authority procedure A complaint can be lodged with the National Data Protection and Freedom of Information Authority: Name: National Authority for Data Protection and Freedom of Information Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C. Mailing address: 1530 Budapest, Pf .: 5. Telephone: 0613911400 Fax: 0613911410 E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

8 Other provisions

Information on data processing not listed in this prospectus will be provided at the time of data collection. We inform our clients that the court, the prosecutor, the investigating authority, the infringement authority, the administrative authority, the National Data Protection and Freedom of Information Authority, the Magyar Nemzeti Bank, or other bodies are authorized to provide information, disclose data, transfer or documents they may contact the controller to make it available. The controller shall provide personal data to the authorities, provided that the authority has indicated the exact purpose and scope of the data, only to the extent and to the extent strictly necessary for the purpose of the request.