Privacy Policy

 

For the use of the kleen-wear.com webshop (Webshop) and website

 

  1. General provisions and contact details

 

This Privacy Statement (the “Prospectus”) – which is collected and managed by the Data Controller – applies to personal information about you as a user of the https://www.kleen-wear.com website and webshop, a user of the service, or as a Buyer (natural person) when purchasing a product from the webshop, or as the Buyer’s personal contributor (legal entity) and visitors to the business premises (hereinafter collectively: “Data subject“)

 

Details of the operator of the Web Store (hereinafter: Data Controller):

Company name: kleen-ware kft.

Headquarters: 1119 Budapest, Fehérvári street 115. 5. floor 18.

Tax number: 29021754-2-43

Company registration number: 01-09-379262

Court of Registry: Metropolitan Court of Registration

Bank account number: 00000000-94782365

E-mail: info@kleen-wear.com

Website/webpage: http://www.kleen-wear.com/

 

 

  1. The update of the Prospectus

 

 

 

The Data Controller reserves the right to unilaterally amend this Prospectus. The current content of the Prospectus can be viewed and saved on the website at all times. If your email address is available to us, we will send you an email notification of the changes upon request.

Upon request, we will send you a valid copy of the Prospectus.

 

  1. Getting to know and accepting the Prospectus

 

By providing personal information, you acknowledge that you have read and expressly accepted the version of this Prospectus in force at the time the information is provided.

 

  1. Scope of data managed and data management objectives

 

In order to provide the services provided by the Data Controller, we may request data relating to you, and you may also voluntarily provide certain data to us during your communication with the Data Controller. Some of the data we collect is “personal data” within the meaning of Article 4 (1) of Regulation 2016/679 of the European Parliament and of the Council – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC  – (“GDPR”).

 

The scope of the managed data, the purposes of data management, the legal basis of data management and the duration of data management:

 

Purpose of data management

Legal basis for data management

Scope of data managed

Duration of data management, deadline for deleting data

By using the website, the Data Subject (user of the website) can find out about the services provided by the Data Controller.

Consent of the data subject (Article 6 (1) (a) GDPR)

The Data subject (website user): The browser of your operating system’s IP address

Until the consent of the Data Subject is revoked, failing which the personal data will be deleted 30 days after leaving the website.

The Data Subject has the opportunity to order products from the Web Store.

Fulfilling the contract (Article 6 (1) (b) GDPR)

Name, telephone number, e-mail address, delivery details (country, postcode, city, address) billing details, if different from the delivery details of the Data subject

The data will be deleted 5 years after the termination of the relationship with the Data Subject in accordance with Section 6:22 of the Civil Code. If we are required to retain data under Section 169 of Act C of 2000 on Accounting (the “Accounting Act”), we will delete the data 8 years after the termination of your relationship with you. In practice, this is the case if the data are part of the supporting documents for the accounts, for example in the documents relating to the conclusion of the contract (where applicable in the contract itself) or on the invoice issued.

 

 

The Data Subject can subscribe to the Data Controller’s newsletter for marketing purposes. Accordingly, the Data Controller is entitled to send newsletters for direct marketing purposes to the Data subjects who have subscribed to its newsletter by the given – or later amended – e-mail address with the regularity and content specified by the Data Controller, which contain attention-grabbing information about the Data Controller’s new products, promotions, and other information related to the Data Controller’s activities.

Pursuant to Section 6 (1) of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising the prior, clear and express consent of the data subject and consent under Article 6 (1) (a) of the GDPR.

surname,

first name and

e-mail address

of the data subject

Until the consent of the Data Subject is revoked, failing which the personal data will be deleted 5 years after the consent has been given.

The Data Subject has the opportunity to ask a question to the staff of the Data Controller.

Consent of the data subject (Article 6 (1) (a) of the GDPR)

The message of the data subject

Until the consent given by the Data Subject is revoked, failing which the personal data will be deleted 30 days after the consent has been given.

 

 

The Data Subject has the opportunity to order products from the Data Controller

 

Fulfilling the contract (Article 6 (1) (b) GDPR)

Name

phone number

e-mail address

bank details

home address

tax number in case of organization

of the data subject

The data will be deleted 5 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code. If we are required to retain data under Section 169 of Act C of 2000 on Accounting (the “Accounting Act”), we will delete the data 8 years after the termination of your relationship with you. In practice, this is the case if the data are part of the supporting documents for the accounts, for example in the documents relating to the conclusion of the contract (where applicable in the contract itself) or on the invoice issued.

The Data Subject (Buyer) must provide this personal data in order for the report containing his/her objection to be completed and the Data Controller to be able to correct any error.

Fulfilling the contract (Article 6 (1) (b) GDPR)

Name

phone number

e-mail address

of the data subject

and the conditions of the failure

 

The data will be deleted 5 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code. If we are required to retain data under Section 169 of Act C of 2000 on Accounting (the “Accounting Act”), we will delete the data 8 years after the termination of your relationship with you. In practice, this is the case if the data are part of the supporting documents for the accounts, for example in the documents relating to the conclusion of the contract (where applicable in the contract itself) or on the invoice issued.

The Data Subject (Buyer) must provide this personal data in order for the report containing his/her objection to be completed and the Data Controller to be able to correct any error.

Fulfilling the contract (Article 6 (1) (b) GDPR)

Name

home address

of the data subject

product information

date of completion

date of error report

problem description

The data will be deleted 5 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code. If we are required to retain data under Section 169 of Act C of 2000 on Accounting (the “Accounting Act”), we will delete the data 8 years after the termination of your relationship with you. In practice, this is the case if the data are part of the supporting documents for the accounts, for example in the documents relating to the conclusion of the contract (where applicable in the contract itself) or on the invoice issued.

 

 

 

 

 

 

 

 

 

 

 

Scope of data access:

  1. the staff of the Data Controller;
  2. the staff of the Data Processors defined below;
  3. certain authorities with regard to the data requested by them during official proceedings and to be provided by the Data Controller by law;
  4. employees of the receivables management company appointed by the Data Controller for the purpose of managing overdue debts;
  5. other persons with the express consent of the Data Subject.

The Data Controller undertakes a strict obligation of confidentiality with regard to the personal data processed by it without any time limit, and may not disclose them to third parties, except with the consent of the Data Subject.

 

Withdrawal of consent shall not affect the lawfulness of previous data processing.

 

  1. Persons authorized to process data

 

 

The Data Controller uses the data processors listed in the table below to perform technical tasks related to data management operations. The rights and obligations of the data processor related to the processing of personal data are determined by the Data Controller within the framework of the GDPR and the separate laws on data processing. The Data Controller is responsible for the legality of the instructions given by it. The data processor may not make a substantive decision concerning data management, may process personal data obtained only in accordance with the provisions of the Data Controller, may not process data for its own purposes, and is obliged to store and preserve personal data in accordance with the Data Controller’s provisions.

Names and contact details of data processors

Personal data obtained by the data processor and the activity performed during the data processing

Duration of data processing

webshippy

Data required for the delivery of the product ordered by the Data Subject.

On the basis of an open-ended contract, it lasts until the termination of the contract or the data subject’s request for cancellation to this data processor.

 

accountant

For employees:

Elvira Ágocsné

8 years after the existence of the employment

 

 

  1. Sending advertising letters

 

The Data Controller sends letters containing an advertisement (newsletter) to the given e-mail addresses only with the express consent of the Data Subject, in cases and in a manner that complies with legal requirements. The Data Subject may unsubscribe from the newsletter at any time via the link at the bottom of the newsletter or via the Data Controller’s customer service.

 

 

  1. Cookies and web beacons, anonymous information through the use of our websites

 

The Data Subject consents to the Data Controller placing a file (cookie) on the Data Subject’s computer. The purpose of cookies is to identify returning data subjects, to provide services to those and to support the convenience features of the website.

The Data Controller uses only cookies from external service providers (Google) on the Website. Cookies are short text files that the Website sends to the hard drive of the Data Subject’s computer and contain relevant information about the Data Subject.

The data management of the above-mentioned external service providers is governed by the data protection regulations set by these service providers, and the Data Controller does not assume any responsibility for such data management.

 

You can set your web browser to accept all cookies, reject them all, or notify you when a cookie arrives on your machine. Each web browser is different, so please use your browser’s “Help” menu to change your cookie settings. For example, in the case of Microsoft Internet Explorer, you can delete or disable cookies by selecting the “Tools / Internet Settings” option and change your security settings. For more information on the nature of cookies and how to turn them off, visit http://www.youronlinechoices.com/en/. The Website is designed to work with cookies, so disabling them may affect the usability of the Website and prevent you from taking full advantage of it.

 

Cookies used on the Website:

  • analytics, tracking
  • Affected identification session cookie

We do not exchange cookies with third-party websites or third parties.

 

 

  1. Presence of the Data Controller on social media sites

 

The Data Controller is available on Facebook, YouTube, Twitter, Instagram, and LinkedIn.

 

The visitor can subscribe to the data controller’s feed published on the message board on the Facebook page by clicking on the like link and can unsubscribe by clicking on the dislike link found there.

 

  1. Information related to children

 

Persons under the age of 16 may not provide personal information about themselves unless they have requested permission from a parent or guardian.

 

In the case of a Data Subject who has not reached the age of 14, his or her legal representative or guardian may provide personal data and make a legal declaration on his or her behalf.

 

By providing the information, you declare and warrant that you will act in accordance with the foregoing and that your ability to act in connection with the provision of the information is not limited. If you are not legally entitled to provide the information independently, you must obtain the consent of the Third Parties concerned (eg legal representative, guardian). In this context, you must consider whether the consent of a third party is required in connection with the provision of the information. The Data Controller may not come into personal contact with you, so you are obliged to ensure compliance with this section and the Data Controller is not liable in this connection.

 

We will make all reasonable efforts to delete any information that has been made available to us unauthorized and ensure that this information is not passed on to others or used by us (either for advertising or other purposes). Please let us know immediately if you find that a child has unauthorizedly provided information about him-/herself. You can contact us at our contact details at the beginning of the Prospectus.

 

  1. Data security measures

 

The Data Controller shall take all necessary measures to ensure the security of the data, ensuring an adequate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage. The Data Controller ensures the security of the data with appropriate technical (eg logical protection, especially encryption of passwords and communication channels) and organizational measures (physical protection, especially data security training of the Data Controller’s employees, restriction of access to information).

 

Please help us protect your information by not using an obvious login name or password, and by changing your password regularly, and by not making your password available to anyone else.

 

  1. Rights and remedies of the data subject

 

Your data protection rights and remedies, and the relevant provisions and limitations of the GDPR in this regard, are set out in detail in the GDPR (including in particular the Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79 and 82 of the GDPR). The most important provisions are summarized below.

 

11.1 Your right of access

 

You have the right to receive feedback from us as to whether your personal data is being processed. If such processing is in progress, you have the right to access personal data and the following information:

  1. purposes of data management
  2. the categories of personal data concerned
  3. the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular recipients in third countries or international organizations
  4. where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period
  5. you have the right to request from us the rectification, erasure or restriction of the processing of personal data concerning you and to object to the processing of such personal data;
  6. the right to lodge a complaint with a supervisory authority; and
  7. if the data were not collected from you, all available information about their source;
  8. the fact of automated decision-making, including profiling, and at least in these cases, comprehensible information on the logic used and the significance of such data management and the expected consequences for you.

If personal data is transferred to a third country, you have the right to be informed of the appropriate guarantees for the transfer.

We will provide you with a copy of the personal data that is the subject of data processing. If you have submitted your application electronically, the information must be provided in a widely used electronic format, unless you request otherwise.

 

11.2 Right to rectification

You have the right to have inaccurate personal data about you corrected without undue delay upon request. You have the right to request that incomplete personal data be supplemented, inter alia, by means of a supplementary declaration.

 

11.3 Right of cancellation (“right to forget”)

(1) You have the right to have your personal data deleted without undue delay at your request if one of the following reasons exists:

  1. personal data are no longer required for the purpose for which they were collected or otherwise processed;
  2. You withdraw your consent to the processing and there is no other legal basis for the processing;
  3. You object to your data processing and, where applicable, there is no overriding legitimate reason for data processing;
  4. personal data has been processed unlawfully;
  5. personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to us; or
  6. personal data have been collected in connection with the provision of information society services.

(2) If the Data Controller has disclosed personal data and is required to delete it pursuant to paragraph 1 it shall take the steps reasonably expected, taking into account the technology available and the cost of implementation, to inform the controllers the Data Subject has requested that the links to the personal data in question or a copy or duplicate of such personal data be deleted.

Paragraphs 1 and 2 shall not apply where processing is necessary, inter alia:

  1. for the purpose of exercising the right to freedom of expression and information;
  2. for the purpose of complying with an obligation under Union or Member State law to which we process personal data;
  3. for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the right referred to in paragraph 1 would be likely to make such processing impossible or seriously endanger it, or
  4. to submit, enforce or defend legal claims.

 

11.4 Right to restrict data processing

(1) You have the right to restrict the processing of your data upon request, if any of the following conditions are met:

  1. You dispute the accuracy of your personal information, in which case the restriction applies to the period of time that allows us to verify the accuracy of your personal information;
  2. the processing is unlawful and you oppose the deletion of the data and instead ask for a restriction on its use;
  3. we no longer need personal data for data processing purposes, but you require it to make, enforce or protect legal claims; or
  4. You object to the data processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Data Subject.

If the processing is subject to a restriction under paragraph 1, such personal data, with the exception of storage, may only be obtained with your consent or for the purpose of making legal claims, enforcement or protection, or to protect the rights of another natural or legal person, or in the overriding public interest of the Union or of a Member State.

We will inform you in advance about the lifting of the data management restriction.

11.5 Obligation to notify in connection with the correction or deletion of personal data or restrictions on data processing

The Data Controller shall inform all recipients to whom or with whom the personal data have been communicated of any rectification, erasure or restriction of data processing, unless this proves impossible or requires a disproportionate effort. We will inform you of these recipients at your request.

 

11.6 The right to data portability

You have the right to receive personal data about you that you provide to us in a structured, widely used, machine-readable format, and you have the right to transfer such data to another data controller without the Data Controller being prevented from doing so if:

  1. the data processing is based on consent or contract; and
  2. he data processing is done automatically

When exercising the right to data portability under paragraph 1, you have the right, if technically feasible, to request the direct transfer of personal data between data controllers.

 

11.7 Right to protest

You have the right to object at any time for reasons related to your situation to the processing of your personal data based on a legitimate interest, including profiling. In this case, we will not further process your personal data unless we can prove that the processing is justified by overriding legitimate reasons which take precedence over your interests, rights and freedoms or which relate to the submission, enforcement or protection of legal claims.

 

If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of personal data concerning you for this purpose, including profiling, insofar as it relates to direct business acquisition.

 

If you object to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.

 

In connection with the use of information society services and by way of derogation from Directive 2002/58 / EC, you may also exercise your right to object by automated means based on technical specifications.

 

If the processing of personal data is for scientific and historical research or statistical purposes, you have the right to object to the processing of personal data concerning you for reasons related to your situation, unless the processing is necessary for the performance of a task in the public interest.

 

11.8 Right to complain to the supervisory authority

You can assert your rights in court under the GDPR and the Civil Code, and you can turn to the National Data Protection and Freedom of Information Authority (1055 Budapest, Falk Miksa street 9-11) in case of a complaint about the data controller’s data management practices. Detailed rights and remedies related to data processing are detailed in Articles 77, 79 and 82 of the GDPR.

 

11.9 Right to an effective judicial remedy against the supervisory authority

You have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning you.

 

 

You are entitled to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform you within three months of the procedural developments or the outcome of the complaint.

 

Proceedings against the supervisory authority shall be brought before a court of the Member State in which the supervisory authority has its seat.

 

11.10 The right to an effective judicial remedy against the controller or processor

You have the right to an effective judicial remedy if, in your opinion, your personal rights under the GDPR have been violated as a result of improper handling of your personal data.

 

Proceedings against the controller or the processor shall be brought before the courts of the Member State in which the controller or the processor is established. Such proceedings may also be brought before a court of the Member State in which the data subject has his/her usual place of residence.

 

It is recommended that the complaint be sent to the controller before initiating any procedure.

 

July 5, 2021, Budapest