Privacy Policy

Purpose of the Policy

  • The purpose of this Privacy Policy (hereinafter: Policy) is to record the data protection and data management principles applied by Autistic Art Kft. (hereinafter: Data Controller) and the data protection and data management policy of the Data Controller.
  • Autistic Art Kft. manages the data of visitors to the website www.shop.autisticart.hu (hereinafter: Website), those who register on the Website, and those who make purchases on the Website (hereinafter collectively: Data Subjects).

Data Controller Details Name: Autistic Art Kft. Address: 1122 Budapest, Alkotás út 55-61. C/7 Email: kapcsolat@autisticart.hu Phone: 061 308 9232 Data Management Registration Number: NAIH-101187/2016

Scope of Data Subjects

  • Visitors to the Website operated by the Service Provider, those who register on it, and those who place orders online through the site.

Scope of Data Managed

  • During registration or order placement without registration, the Data Subject is required to provide the following personal data: name, email address, phone number, shipping and billing address.
  • The Service Provider does not verify the personal data provided. The responsibility for the accuracy of the provided data lies solely with the person providing the data. By providing an email address, the Data Subject also assumes responsibility for ensuring that only they use the services associated with the provided email address. In view of this responsibility, any responsibility arising from entries made with the provided email address lies solely with the Data Subject who registered the email address.
  • During the operation of the system, the following technical data are automatically recorded: data of the Data Subject's computer logging in, which are generated during the use of the service and are recorded by the Service Provider’s system as an automatic result of technical processes. These automatically recorded data are logged by the system at the time of entry and exit without a specific declaration or action by the Data Subject. These data cannot be linked to other personal user data, except in cases mandated by law. Only the Service Provider has access to these data.
  • The Website uses one or more cookies, which only store the fact and time of the visit and departure. The Data Subject can disable the use of cookies.

Legal Basis, Purpose, and Method of Data Management

  • The legal basis for data management is the voluntary consent of the Data Subject according to Section 5(1)(a) of the Information Act (Act CXII of 2011 on the right to informational self-determination and freedom of information). The Data Subject gives consent to each data management by using the Website, registering, or voluntarily providing the data in question.
  • The purpose of data management is to ensure the provision of services available on the Website. The Service Provider uses the data provided by the Data Subject exclusively for the purpose of fulfilling orders, delivery, invoicing, communication, and if the Data Subject has subscribed to the newsletter, for sending newsletters and proving the conditions of the contract that may be created later.
  • The purpose of automatically recorded data is to create statistics, improve the IT system, and protect the rights of the Data Subject.
  • The Service Provider does not use the provided personal data for purposes other than those specified in these points. The release of personal data to third parties or authorities – unless legally mandated – is only possible with the prior express consent of the Data Subject.
  • The Service Provider manages the personal data of the Data Subjects in a traceable manner and in compliance with the applicable laws.

Newsletter

  • The Service Provider sends emails containing advertisements or offers (newsletter) to the email addresses provided during registration only with the express consent of the Data Subject, in accordance with legal requirements. The newsletter contains direct marketing elements and advertisements. The Service Provider manages the data provided by the Data Subject during newsletter subscription until the Data Subject unsubscribes from the newsletter. Upon unsubscribing, the Service Provider will not contact the Data Subject with further newsletters or offers. The Data Subject can unsubscribe from the newsletter and withdraw their consent at any time for free.

Duration of Data Management

  • The management of personal data provided during registration or order placement begins with the registration or order and lasts until deletion is requested. For optional data, management begins with the provision of the data and lasts until deletion is requested. The Service Provider can delete data upon the request of the Data Subject at any time.
  • The system stores logged data according to the settings of Shoprenter.hu, except for the date of the last visit, which is automatically overwritten.
  • The above provisions do not affect the obligations to retain data as specified by law (e.g., accounting regulations).
  • For newsletters, personal data management lasts until the Data Subject unsubscribes.

Persons Authorized to Access Data, Data Transfer, Data Processing

  • The data are primarily accessible to the Service Provider and its internal employees.
  • The Service Provider may use data processors (e.g., system operators, courier companies, accountants) to manage data for IT system operation, order fulfillment, and accounting.
  • Data processors:
    • Mail Manager - postal services

Rights and Legal Remedies of Data Subjects

  • The Data Subject is entitled to request information about the personal data managed by the Service Provider, as well as modify them at any time. The Data Subject can contact the Service Provider’s staff with any data management-related questions or comments via the contact details provided in section 2.
  • The Service Provider, upon the Data Subject’s request, provides information about the data managed, the purpose, legal basis, and duration of data management, as well as the name, address, and activities related to data management of the data processor and any data security incidents and measures taken to prevent them. In case of data transfer, the legal basis and recipient are also provided. The Service Provider is obligated to provide the requested information in writing as soon as possible, but no later than within 25 days from the submission of the request.
  • The Data Subject can modify the data provided during registration at any time. Current orders are linked to the data provided at the time of the order, and the Data Subject can request information or modifications from the Service Provider via the provided contact details.
  • The Data Subject can also request the locking of their data. The Service Provider locks personal data if requested by the Data Subject or if it can be assumed from available information that deletion would harm the legitimate interests of the Data Subject. Locked personal data can only be managed until the purpose of data management that excluded deletion is met.
  • The Data Subject and those to whom the data were transferred for data management must be notified of corrections, locking, and deletion. Notification can be omitted if it does not harm the legitimate interest of the Data Subject considering the purpose of data management.
  • If the Service Provider does not fulfill the Data Subject's request for correction, locking, or deletion, the factual and legal reasons for refusing the request must be communicated in writing within 25 days of receiving the request.
  • The Data Subject can object to the management of their personal data. The Service Provider will examine the objection as soon as possible, but no later than 15 days after submission, and will decide on its validity and inform the applicant in writing of the decision.
  • The Data Subject can seek legal remedy or enforce their rights in court based on the Information Act and the Civil Code (Act V of 2013).
    • Contact the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu).

Measures to Ensure Data Security

  • The Service Provider is committed to ensuring data security, taking technical measures to protect recorded, stored, and managed data, and doing everything to prevent their destruction, unauthorized use, and unauthorized alteration. The Service Provider also obliges any third party to whom it may transfer or hand over data to fulfill these obligations.