Short GDPR summary:
Camugo Ltd., the operator of the youtube.camugo.com webshop, aims to act in accordance with the GDRP regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL) regarding its data protection activities. We do not send newsletters or personalized offers, we use customer data only for invoicing and sending packages, we do not analyze our customers' shopping habits, we do not buy or sell mailing lists. Upon request, we will delete the data we process (and which may be deleted under applicable data management and tax laws) (customer data provided during registration and/or ordering).
1. PURPOSE OF THE POLICY
The purpose of this Privacy Policy is to describe the data protection and data management principles and the data protection and data management policy of Camugo Ltd.
Camugo Ltd.(hereinafter referred to as the "Service Provider") processes the data of visitors, registrants and customers of the website www.youtube.camugo.com (hereinafter referred to as the "Website") (hereinafter collectively referred to as the "Data Subject").
The purpose of this Policy is to ensure that, in all areas of the services provided by the Service Provider, all individuals, regardless of their nationality or place of residence, are guaranteed that their rights and fundamental freedoms, in particular their right to privacy, are respected when their personal data are processed by automated means (data protection).
2. THE NAME OF THE SERVICE PROVIDER AS DATA CONTROLLER
Name: Camugo Ltd.
Registered office and postal address: 1117 Budapest, Hunyadi János út 16.
E-mail address: youtube@camugo.com
3. THE SCOPE OF THE PERSONAL DATA PROCESSED
3.1. Registration. During the registration process, the Data Subject is required to provide the following personal data, without which the invoice and the delivery of the order would not be possible:
Username,
E-mail address,
Password,
Billing address (billing name, street name, house number, municipality, postal code),
Delivery address (delivery name, street name, house number, town, postal code),
Telephone number
3.2 Technical data
Data technically recorded during the operation of the system: the data of the computer of the Data Subject logging in, which are generated during the use of the service and which are recorded by the Service Provider's system as an automatic result of technical processes. The data that are automatically recorded are automatically logged by the system on log-in or log-out without any specific declaration or action by the Data Subject. These data may not be linked to other personal user data, except in cases required by law. The data may only be accessed by the Service Provider.
3.3. cookie
During visits to the Website, the Service Provider sends one or more cookies - small files containing a series of characters - to the visitor's computer, which will allow the visitor's browser to be uniquely identified. These cookies are provided by Google and are used through the Google Adwords system. These cookies are only sent to the visitor's computer when visiting certain sub-pages, i.e. they only store the fact and time of the visit to the sub-page in question, and no other information.
The use of the cookies sent in this way is as follows. The Data Subject may opt-out of Google's cookies by visiting the Google Ads opt-out page. (You may also indicate to the Data Subject that you may also opt-out of cookies from third-party service providers by visiting the Network Network Advertising Initiative opt-out page.)
Once disabled, they will not receive personalised offers from the Service Provider.
Cookies used:
Session cookie: session cookies are automatically deleted after the Data Subject's visit. These cookies are used to enable the Service Provider's Website to function more efficiently and securely, and are therefore essential to enable certain features of the Website or certain applications to function properly.
Persistent cookies: persistent cookies are also used by the Service Provider to improve the user experience (e.g. to provide optimised navigation). These cookies are stored for a longer period of time in the browser's cookie file. The duration of this cookie will depend on the settings of the Data Subject's web browser.
A cookie used for a password-protected session.
Shopping cart cookie.
Security cookie.
External servers help to independently measure and audit the Site's traffic and other web analytics data (Google Analytics). The data controllers can provide the Data Subject with detailed information on how the measurement data is handled.
Their contact details are www.google.com/analytics.
If the Data Subject does not want Google Analytics to measure the above data in the manner and for the purposes described, he/she should install a blocking add-on in his/her browser.
The "Help" function in the menu bar of most browsers provides information on how to use the browser to
how to disable cookies in your browser,
how to accept new cookies, or
how to instruct your browser to set a new cookie, or
how to turn off other cookies.
3.4 General data processing in relation to online ordering
The Service Provider reserves the right to record the number of the personal identification card of the natural person receiving the product in the Accounts, following the consent of the data subject, in the manner specified in the Info. According to the provisions of the Info. tv., consent may be given orally, in writing and by means of impulse (by handing over the document). The purpose of this processing is to protect the customers' interest in ownership. Pursuant to the provisions of the Info. law, the data subject may request the Service Provider to delete his/her personal data recorded under this point.
3.5. Processing for other purposes:
Telephone conversations are not recorded.
4. LEGAL BASIS, PURPOSES AND METHODS OF PROCESSING
4.1. The legal basis for the processing of the data is the voluntary consent of the data subject pursuant to Article 5 (1) (a) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
The consent is given by the Data Subject in relation to the individual data processing by using the Website, by registering or by voluntarily providing the data in question.
4.2 The purpose of the processing is to ensure the provision of the services available on the Website. The Service Provider shall use the data provided by the Data Subject for the sole purpose of fulfilling the order, delivering the goods, enabling invoicing, maintaining contact and, if the Data Subject has subscribed to a newsletter, sending the newsletter and subsequently proving the terms of any contract concluded.
4.3 The purpose of the data automatically collected is to produce statistics, to improve the technical development of the IT system and to protect the rights of the Data Subject.
4.4. The Service Provider shall not use the personal data provided for purposes other than those described in these points. The disclosure of personal data to third parties or public authorities, unless otherwise required by law, shall only be possible with the prior express consent of the Data Subject.
4.5 The Service Provider does not control the personal data provided to it. The person providing the data is solely responsible for the correctness of the data provided. Any Data Subject who provides his/her e-mail address shall be responsible for the fact that he/she is the only one who uses the services from the e-mail address provided. With regard to this assumption of responsibility, any liability in connection with access to an e-mail address provided shall be borne solely by the Data Subject who registered the e-mail address.
5. DURATION OF DATA PROCESSING
5.1. In the case of non-mandatory data, the processing of the data lasts from the time of the provision of the data until the deletion of the data in question upon request. Cancellation of registration by the Data Subject and deletion by the Service Provider may take place at any time, in the cases and in the manner set out in the General Terms and Conditions (hereinafter referred to as "GTC").
5.2 The logged data is stored for 6 months from the date of logging, except for the date of the last visit, which is automatically overwritten.
5.3 The above provisions do not affect the fulfilment of retention obligations laid down by law (e.g. accounting legislation), nor the processing of data on the basis of additional consents given during registration on the Website or otherwise.
6. SCOPE OF PERSONS HAVING ACCESS TO DATA, DATA TRANSFERS, DATA PROCESSING
6.1. The data may be accessed primarily by the Service Provider or its internal employees, but will not be disclosed or transferred to third parties.
6.2 The Service Provider may use a data processor (e.g. system operator, transport company, accountant) for the operation of the underlying IT system, the fulfilment of orders and the settlement of accounts.
Identity of data processors (Company name / Address / Activity):
VOOV Informatikai Fejlesztő Kft./ webshop development
6.3. In addition to the above, personal data will be transmitted to third parties only and only with the consent of the Data Subject and will be disclosed only in case of requests by public authorities.
7. DATA SUBJECT'S RIGHTS AND MEANS OF REDRESS
7.1 The Data Subject shall have the right to request information at any time about the personal data concerning him/her processed by the Service Provider and to modify them at any time in the manner set out in the GTC.
7.2 Upon the Data Subject's request, the Service Provider shall provide the Data Subject with information about the data concerning him/her processed by the Service Provider, the data processed by the Data Processor or by a data processor appointed by the Service Provider, the source of the data, the purpose, legal basis and duration of the data processing, the name and address of the data processor and the data processor's activities related to the data processing, the circumstances and effects of the data breach and the measures taken to remedy the data breach, and, in the event of the transfer of the Data Subject's personal data, the legal basis and the recipient of the data transfer. The Service Provider shall provide the requested information in writing within 30 days of the request.
The Service Provider, if it has an internal data protection officer, shall, through the internal data protection officer, keep records for the purposes of monitoring the measures taken in relation to the personal data breach and informing the Data Subject, which shall include the scope of the Data Subject's personal data, the number and scope of the Data Subjects affected by the personal data breach, the date, circumstances, effects and measures taken to remedy the personal data breach, as well as other data specified in the legislation requiring data processing.
7.3 The data subject may exercise his or her rights by contacting:
1117 Budapest, Hunyadi János út 16.
Customer service: youtube@camugo.com
The Data Subject may contact the Service Provider's employee with any questions or comments regarding the processing of the data via the contact details provided in section 7.3.
7.4. In other cases, the Service Provider will delete the data within 3 working days of receipt of the request, in which case they will not be recoverable. The deletion does not apply to data processing required by law (e.g. accounting regulations), which will be kept by the Service Provider for the necessary period.
7.5 The Data Subject may also request the blocking of his/her data. The Service Provider shall block the personal data if the Data Subject requests this or if, on the basis of the information available to it, it is assumed that deletion would harm the Data Subject's legitimate interests. The personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists.
The rectification, blocking and erasure must be notified to the Data Subject and to all those to whom the data were previously transferred for processing. The notification may be omitted if this does not harm the legitimate interests of the Data Subject in relation to the purposes of the processing.
If the Service Provider fails to comply with the Data Subject's request for rectification, blocking or erasure, it shall inform the Data Subject in writing within 30 days of receipt of the request, stating the factual and legal reasons for the refusal of the request for rectification, blocking or erasure.
The Data Subject may object to the processing of his or her personal data. The Service Provider shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, and shall decide whether the objection is justified and inform the applicant in writing of its decision.
7.6. On the basis of the Info.tv. and the Civil Code (Act V of 2013), the Data Subject
National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu) or
Enforcement of your rights before a court of law.
7.7 If the Data Subject has provided third party data during registration or caused damage in any way during the use of the Website, the Service Provider is entitled to claim damages from the Data Subject. In such a case, the Service Provider shall provide all reasonable assistance to the competent authorities in order to establish the identity of the offending person.
9. OTHER PROVISIONS
9.1 The Service Provider's system may collect data on the activity of the Data Subjects, which cannot be linked to other data provided by the Data Subject at the time of registration, nor to data generated by the use of other websites or services.
9.2 In all cases where the Service Provider intends to use the data provided for purposes other than those for which they were originally collected, the Data Subject shall be informed thereof and shall obtain his/her prior express consent or be given the opportunity to prohibit such use.
9.3. It also undertakes to require any third party to whom it may transfer or disclose the data to comply with its obligations in this respect.
9.4. After the modification has entered into force, the Data Subject must accept the modifications in the manner provided by the Service Provider on the Website in order to continue using the Website.