Privacy policy

Privacy Policy

Date: May 1, 2020 (v1.1)

1. Why is this Privacy Policy important?

The handling of personal data is essential for the proper functioning of the website available under the truetosole.hu domain name (hereinafter "Website"). This Privacy Policy details all information related to the processing of personal data. We encourage you to read this Privacy Policy carefully to be aware of all facts and information regarding the handling of your personal information.

Management of your personal data is performed in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation or GDPR - hereinafter referred to as “GDPR”) and other applicable legal provisions.

Please note, that by using the Website, you consent to the processing of your personal data as detailed in this Privacy Policy. Using the Website, i.e. the provision of personal data, is voluntary.

Please note, that by using the Website, you consent to the processing of your personal data as detailed in this Privacy Policy. Using the Website, i.e. the provision of personal data, is voluntary, however, we may mark certain data as mandatory or necessary (*), as this data is necessary in order to provide you with the service you have requested. If you choose not to provide us with this information, we may not be able to provide some of our services.

2. To which services or persons does this Privacy Policy apply?

This Privacy Policy applies to the management of the personal data of users who visit the truetosole.hu website and use a service or purchase a product there, i.e. your personal data.

3. Who is the data controller?

The owner and operator of the Website is True to Sole Kft. (Company registration number 01-09-345763, registered office: 1102 Budapest, Állomás utca 4. fsz. 3., tax number: 27031946-2-42, court of registration: Company Court of the Metropolitan Court of Budapest; hereinafter referred to as "We" or "Data Controller").

Our contact information:
Web: https://www.truetosole.hu
Address: 1102 Budapest, Állomás utca 4. fsz. 3.
E-mail: hello@truetosole.hu
Telephone: +36 30 820 4765

4. What personal data do we manage?

Personal data is held by natural persons, and is any information relating to an identified or identifiable natural person - "data subject" as defined in data protection legislation. Personal data is for example name, phone number, email address. If you provide us with your name, company name, telephone number, e-mail address and /or other personal data in connection with a request for quotation, newsletter and /or other similar direct marketing channel or as part of a subscription, registration, order fulfillment or otherwise, we will also manage this personal data. The provision of this information is, of course, voluntary. It is your responsibility to ensure that the information provided is accurate.

5. For what purposes do we process personal data?

The purpose of the Website is to introduce and promote our products and services to our existing and potential customers. Basically, personal data is processed to achieve this goal. In addition, personal data may be processed for other purposes, which are listed in details below.

5.1 Website Analytics

The purpose of data management: to record and process traffic data, to operate and develop the Websites, to maintain the Websites, and to improve the user experience.
Data subjects: Users browsing the Websites without requesting a quote.
The legal basis for data management: our legitimate interest.
The scope of the managed personal data: IP address, approximate geographic location, type of operating system, type of browser, and information about activity on the Websites. These are mostly treated in aggregated and / or anonymised form, mostly in the so-called cookies (see point 12 below) or similar technologies. If you do not agree to this, please do not use the Websites.
Duration of data management: Traffic data is largely processed in aggregated and anonymised form for analytical purposes, ranging from one to two years. After that, the traffic data will be processed exclusively in an anonymised form, i.e. without personal data. You can find detailed information on the Google Analytics honlapján or in the cookie information.
Data Processor(s): We use Google Analytics to process website traffic data. You can read about Google Analytics and Google's privacy policy here. We use the services of the following service providers to process website traffic data related to advertising activities (for more information on the following services and the privacy policies of their service providers, click on the name of the service providers): Google Adwords; Facebook Ads; AdRoll. Please check out point 8 below for more details.

5.2. Website Backup

The purpose of data management: the ability to recover the business operation.
Data subjects:: Management-related information related to the Websites that is listed in this prospectus.
The legal basis for data management:: our legitimate interest.
Scope of personal data processed: personal data processed in connection with the Websites, which are listed in this prospectus.
Duration of data management:backups are stored for 90 days.
Data Processor(s): Shopify Inc., see Section 8 below for details.

5.3 Newsletters and other direct marketing

The purpose of data management: to record and process personal data for the purpose of contact in connection with requests for quotation and for the purpose of sending and communicating newsletters and / or other direct marketing messages.
Data subjects:people requesting an offer on the Websites or users subscribing to a newsletter and / or other similar direct marketing channel.
Legal basis for data processing: your consent.The range of personal data processed: name, address, e-mail address, telephone number and other information you provide.
Duration of data management: until withdrawal of consent.
Data Processor(s):We use the MailChimp service operated by The Rocket Science Group, LLC (address: 675 Ponce de Leon Ave NE Atlanta, GA 30308 USA) to send e-mail newsletters. The Rocket Science Group is part of the EU-US Privacy Shield, which, by decision of the EU Commission, serves to provide an adequate level of protection for data handled (processed) in the US, its datasheet is available here.

5.4 Registration on the Website

The purpose of data management: to create and maintain registration, to simplify purchases.
Data subjects: Users who register on the Websites.
Legal basis for data processing: your consent.
The range of personal data processed: name, address, e-mail address, telephone number and other information you provide.
Duration of data management: withdrawal of consent.
Data Processor(s): Shopify Inc., see Section 7 below for details.

5.5.1 Vásárlás, megrendelés teljesítése, utánkövetése saját készletről történő értékesítés esetén

Az adatkezelés célja: megrendelés teljesítése, utánkövetése, esetleges jogi igényekkel szembeni védekezés.
Az érintettek kategóriái: a Weboldalakon terméket vásárló vagy szolgáltatást igénybevevő felhasználók, akik lehetnek regisztrált felhasználók is.
Az adatkezelés jogalapja: szerződés teljesítése.
A kezelt személyes adatok köre: név, cím, e-mail cím, telefonszám, illetve egyéb olyan információ, amelyet megadsz.
Az adatkezelés időtartama: a vásárlást követő öt (5) év, ami a Ptk. szerinti általános elévüli idő.
Adatfeldolgozó(k): Shopify Inc., részletesen lásd lenti 8. pont.
Adattovábbítás: OTP Mobil Kft., valamint logisztikai partnerünk a Gyüjtőszállítás.hu Kft., részletesen lásd a lenti 7. pontot.

5.5.2 Vásárlás, megrendelés teljesítése, utánkövetése tartós közvetítő szerződés keretében történt értékesítés esetén

Az adatkezelés célja: megrendelés teljesítése, utánkövetése, esetleges jogi igényekkel szembeni védekezés.
Az érintettek kategóriái: a Weboldalakon terméket vásárló vagy szolgáltatást igénybevevő felhasználók, akik lehetnek regisztrált felhasználók is.
Az adatkezelés jogalapja: tartós közvetítői tevékenység fogyasztói szerződés létrejöttéhez közted és adott partnerünk között
A kezelt személyes adatok köre: név, cím, e-mail cím, telefonszám, illetve egyéb olyan információ, amelyet megadsz.
Az adatkezelés időtartama: a vásárlást követő öt (5) év, ami a Ptk. szerinti általános elévüli idő.
Adatfeldolgozó(k): Shopify Inc., részletesen lásd lenti 8. pont.
Adattovábbítás: OTP Mobil Kft., valamint logisztikai partnerünk a Gyüjtőszállítás.hu Kft., részletesen lásd a lenti 7. pontot.

5.6 Vásárlással kapcsolatos adminisztratív kötelezettségek teljesítése

Az adatkezelés célja: jogi kötelezettségek teljesítése.
Az érintettek kategóriái: a Weboldalakon terméket vásárló vagy szolgáltatást igénybevevő felhasználók.
Az adatkezelés jogalapja: jogi kötelezettség teljesítése.
A kezelt személyes adatok köre: számlákon és egyéb számviteli bizonylatokon szereplő adatok, ideértve különösen a nevet és címet.
Az adatkezelés időtartama: a számla (bizonylat) keletkezését követő nyolc (8) év, ameddig kötelesek vagyunk a számviteli bizonylatok megőrzésére a számvitelről szóló 2000. évi C. törvény 169. §-a alapján.
Adatfeldolgozó(k): Shopify Inc., a számlázz.hu szolgáltatás nyújtója a KBOSS Kft., illetve a könyvelést végző Császár Consulting Kft. Ezekről részletesen lásd lenti 7. pontot.

5.7 Fogyasztói panaszok

Az adatkezelés célja: fogyasztói panaszok kezelése.
Az érintettek kategóriái: a Weboldalakon terméket vásárló vagy szolgáltatást igénybevevő felhasználók.
Az adatkezelés jogalapja: jogi kötelezettség teljesítése.
A kezelt személyes adatok köre: név, cím, telefonszám, egyéb elérhetőség, a panasszal összefüggő információk, valamint az érintett által megadott egyéb információ.
Az adatkezelés időtartama: az ügy lezárását követő öt (5) év a fogyasztóvédelemről szóló 1997. évi CLV. törvény 17/A. § (7) bekezdése alapján.
Adatfeldolgozó(k): Shopify Inc., a szakmai bevizsgálást és független szakértői véleményt kibocsátó Cipőkontroll Plusz Kft. Részletesen lásd lenti 7. pontot.

5.8 Személyes adatokkal kapcsolatos érintetti jogok érvényesítése

Az adatkezelés célja: érintetti jogok kezelése.
Az érintettek kategóriái: a jelen adatvédelmi tájékoztatóban említett személyek.
Az adatkezelés jogalapja: jogos érdek.
A kezelt személyes adatok köre: a jelen adatvédelmi tájékoztatóban felsorolt adatok, valamint a konkrét érintetti igénnyel kapcsolatos információk, és az áltaunk adott válasz.
Az adatkezelés időtartama: a konkrét érintetti igény lezárását követő öt (5) év.

Personal data may also be processed if consent has been withdrawn, but the processing of personal data is necessary for the fulfillment of a legal obligation to us, to enforce our legitimate interests or the legitimate interests of a third party or to fulfil a contract entered into. Personal data may also be processed for law enforcement, national security, defence and public security purposes, if the applicable law so provides. Personal data may be transferred to organizations performing such tasks, if the applicable law so provides.

6. How do we manage personal data?

You can browse the Website without requesting a quote and without providing personal data, detailed information can be found in point 4 above.

If you request an offer for the product on the Website, we will process the personal data you provide in order to fulfil the request for an offer. This means keeping in touch with you, such as being able to contact you in the way or ways you specify.

From time to time, we will send you newsletters or other direct marketing messages, in each case only in the manner you have authorized. You may unsubscribe from such newsletters or other direct marketing messages at any time. You can request this either by clicking on the unsubscribe link in the newsletter or by sending an e-mail to support@truetosole.hu

We will only process the personal data you provide in connection with your registration and placing your order for the purpose of fulfilling your orders and tracking your orders. This means the data management required for concluding and fulfilling the contract concluded between True to Sole Kft. and you in accordance with the GTC.

7. Who do we transfer personal data to?

Our subcontractors also participate in the technical operation of the Website. These subcontractors are generally considered to be data processors under data protection rules. In some cases, some of our subcontractors may be considered data controllers, for example due to compliance with legal obligations and / or the nature of the service provided. If this is the case, it will be mentioned separately below.

The following subcontractors may have access to personal data:

For all users (including users browsing the Website without request for quotation: data processor Shopify Inc. (Shopify Inc., registered office: 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada, web: www.shopify.com), which maintains Websites. The Websites can only be accessed by duly licensed employees and subcontractors of this subcontractor, they participate in the operation and development of the Websites. It is unlikely, but these individuals may have access to certain personal data while performing this activity. The Websites and thus your personal information will be processed on Shopify Inc.'s servers in the European Union and the United States.

7.2 Most of the website traffic data is processed in an aggregated and anonymised form, for which we use Google Analytics services. Google Analytics service is provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), processes traffic data on servers located in the United States.

We use Google AdWords, Facebook Ads, and AdRoll services to process the website traffic data related to advertising activities. Google AdWords is provided by Google LLC (see above); Facebook Ads is provided by Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland), you can find Facebook's privacy policy here, and you can find more information about which country Facebook processes your data in here. AdRoll is provided by AdRoll Advertising Limited (1, Burlington Plaza, Burlington Road, Dublin 4, Ireland), depending on the country in which the traffic data is processed, you can find more information here. Google and Facebook are part of the EU-US Privacy Shield, which, by decision of the EU Commission, serves to provide an adequate level of protection for data handled (processed) in the US. The Privacy Shield of each service provider is available at the following links: Google, Facebook. For AdRoll, the appropriate level of protection is provided by Standard Contractual Clauses (SCCs) in line with the EU Commission Decision, see here. If you would like more information about these, please let us know.

7.4 In the case of requests for quotations, registration or subscription to a newsletter and / or other similar direct marketing channel: your personal data will not be passed on to other persons (data controllers), i.e. we will not sell or transfer it in any other form unless you have expressly agreed to this in advance.

7.5 In case of Simple card payment: the username, surname, first name, country of residence, telephone number, e-mail address will be transferred to OTP Mobil Kft. (1093 Budapest, Közraktár u. 30-32. River park, K30. Building II., Company registration number: 01-09-174466, tax number: 24386106-2-43, tel.: +36 1 776 6901, fax: +36 1 776 6902, web: https://www.otpmobil.hu/), as Data Controller. The purpose of the data transfer: to provide customer service assistance to users, to confirm transactions and to monitor fraud in order to protect users (fraud prevention).

7.6 To deliver your package, your name, address, e-mail address and telephone number will be handed over to our logistics partner, who will handle this for the purpose of delivering the order. Our logistics partner is Gyüjtőszállító.hu Kft. (Address: 1097 Budapest, Ecseri út 14-16., company registration number: 01-09-349535, tax number: 25828803-2-43).

7.8 If you have a consumer complaint or a quality complaint, and we need to involve other parties in the investigation (e.g. authority, conciliation body, independent expert), then we will share the personal data related to the investigation as well as the purchase-related data with them, they process it for the purpose of making a decision or giving an opinion. Independent expert opinion is obtained from Cipőkontroll Plusz Kft. (1048 Budapest, Külső-Szilágyi út 12., company registration number: 01-09-289884, tax number: 25800993-2-41, tel.: +36 1 232 1094, fax: +36 1 230 9072, web: www.cipokontroll.hu), to which we provide the data indicated in this section.

7.9 We use the szamlazz.hu application to issue invoices in connection with the purchase. It is operated by KBOSS.hu Kft. (Headquarters: 1031 Budapest, Záhony utca 7., company registration number: 01-09-303201, tax number: 13421739-2-41, e-mail: info@szamlazz.hu), for them as a data processor the names and billing addresses of billing customers will be forwarded. The names and billing addresses of the customers will also be forwarded to our accounting partner (Császár Consulting Kft., Address: 1212, Budapest, Kossuth Lajos utca 136 1/3) for data processing purposes.

8. How long do we process personal data?

As a general rule, we will process your personal data until you withdraw your consent, request the deletion of the data provided in the request for quotation, or unsubscribe from the newsletter and / or other electronic direct marketing channels. For each of the data management purposes listed in point 5 above, the relevant storage periods are indicated.

9. What rights and enforcement options do you have?

Pursuant to Articles 15-21 of the GDPR, you are entitled to ask the following regarding your personal data managed by True to Sole Kft.:

Access to your personal data: : you are either entitled to receive feedback on whether your personal data is being processed and, if such processing is in progress, you are also entitled to be given access to your personal data and to be informed about the circumstances surrounding their processing.

Rectification of your personal data: you have the right to ask us to correct your inaccurate personal data as well as to supplement your incomplete personal data.

Erasure of your personal data ("right to be forgotten"): you have the right to have your personal data deleted if you have one of the following reasons:

  • your personal data is no longer required for the purpose for which it was collected or otherwise processed;
  • if your consent on which the data processing is based is revoked and our data processing has no other legal basis;
  • in the case of data processing based on a legitimate interest, you object to the data processing and there is no priority legitimate reason for our data processing, or we process your data for the purpose of direct business acquisition and you object to the processing of your personal data;
  • if your personal data has been processed unlawfully;
  • if we are required by law to delete your personal information.

We may refuse to comply with your request for erasure if the applicable law allows it, for example if the processing is necessary for the submission, enforcement or protection of legal claims.

Restriction of processing personal data:in certain cases, we are obliged to restrict the use of your personal data at your request. In this case, the data may only be used for limited purposes specified by law.

Object the processing of your personal data if the processing is based on a legitimate interest, including the case where the legal basis for the processing for the purpose of direct marketing (direct marketing) is a legitimate interest: you are entitled to object at any time, for reasons related to your own situation, against the processing of your personal data on the basis of a legitimate interest. In this case, we may not further process your personal data unless we can prove that the processing is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms or which relate to the submission, enforcement or protection of legal claims.

Receiving your personal data and transferring it to another data controller, if the legal preconditions for this are met (right to data portability): if you do not infringe on the rights and freedoms of others, you are entitled to, or to receive your personal data in a structured, widely used, machine-readable format or to transfer this data directly to another data controller, if (i) the processing is based on your consent or is necessary for the performance of a contract in which you or one of the parties or is required to take steps at your request prior to the conclusion of the contract; and (ii) the data is processed in an automated way, i.e. personal data is processed in an IT system and not on paper. If your personal data has been processed with your consent, you are entitled to withdraw your consent at any time.

How can you exercise these rights?

You can send your request to exercise the above rights to the contact details indicated in point 3. True to Sole Kft. shall, without undue delay, but no later than within one (1) month from the submission of the application, provide information in a comprehensible form on the measures taken following the application, which may be extended for another two (2) months in justified cases. If for any reason we do not comply with your request, we will notify you in our information of the reason. If you do not agree with our answer or action, you have the remedies listed below.

If you do not agree with our action or response, or believe that your rights to the protection of personal data have been violated, you are entitled to contact the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; telephone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu) to submit an application or, optionally, go to the court of our registered office or to the court of your domicile or residence (you can view the list and contact details of the courts via the following link: http://birosag.hu/torvenyszekek. The competent court according to the registered office of True to Sole Kft. is the Metropolitan Court.

10. How do we ensure the security of personal data?

We ensure the security of the personal data we process through appropriate technical and organizational measures and the development of procedural rules. Personal data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or accidental destruction.

Please keep your email address and phone number up to date and notify us of any changes. In all cases, we recommend that you use only an email address that only you can access and that you can access at any time.

Please make sure that you never enter your card number, expiration date or the three-digit CVC2 / CVV2 code on the back outside the secure credit card payment page (e.g. by e-mail, message, telephone)! We never ask for card information in this way, so if anyone on our behalf were to ask you for the above information, it was probably a phishing attempt. Do not provide the information and notify us and your card-issuing bank immediately!

11. What are cookies?

Cookies are text files that allow the Website or other computer server (server) to identify your computer and store your personal preferences and your technical data, such as clicks and other navigation data. The navigation data (click stream) shows what pages the user has visited and in what order. Cookies can also be used to determine what ads are displayed on the Website and to measure their effectiveness. We use cookies to personalize your visit to our Website (e.g., to recognize you when you return to our Website), analyse website traffic, and track user trends, patterns, and selections related to downloads and technical terms related to your use of the Website. This will help us to improve the look and content of our Website, to meet the expectations of users as much as possible. Cookies can be persistent (they remain on your computer until you delete them) and temporary (stored only until you close your browser).

We may also use web beacons or similar technologies that monitor your use of our Website and show us which pages you visit on our Website. These are also called clear GIF files. Web beacons (web beacons or web bugs) are short lines of code that place an image on a web page to transmit data such as the IP address of the computer that downloaded the page that contains the web beacon, the URL (address) of the page where the web beacon appears, the time the page containing the web beacon was viewed, the type of browser that downloaded the web beacon and the identification number of the cookies previously placed on that computer by that server. If we contact you via an HTML-capable email, web beacons provide us information on whether you've received or opened our message.

If you provide us with your personal data (e.g. through a request for quotation), this will be linked to anonymous data stored in cookies and / or web beacons. The information generated in this way can be used for analytical and marketing purposes, to measure and improve the efficiency of the service and to provide personalized offers. By using this website, you consent to the use of cookies and web beacons as described in this Policy.

The default settings of most browsers allow you to accept cookies. However, you can also set your browser to block cookies. If you set up your email client or browser to display HTML emails only as text, you can prohibit the use of certain web beacons. Please see the "Help" menu of your email client or browser for more information. However, certain features of the Website may only be accessed through the use of cookies or similar tools, thus, you should know that by blocking cookies or similar devices, you are preventing yourself from accessing certain of our content and services, in other words, if you use block, you will only be able to use the Website to a limited extent.

12. What else do we consider important?

Social network sites

By tagging, following, etc. the Website or us on a social networking site in any way, you allow to access certain information from your social networking profile (e.g., name, email address, photo, gender, birthday, location, list of friends, people you follow and / or follow you, your comments or expressions of liking, i.e. ‘likes’). In connection with our services, we may collect other non-personally identifiable information (e.g. content viewed, information about, which ads appeared next to the content, which you could click on, etc.). However, social networking sites operate independently of us, Thus, they also have an independent data protection policy, therefore the activities performed on them, the personal data and information provided there are not governed by this data protection information, but by the data protection policy of the service provider of the given social site. For more information on how you can personalize your privacy settings on social networking sites and how social networking sites handle your personal information please review their privacy policies, privacy policies, and terms of use.

Links

The Website may contain links to sites that are not operated by us (e.g. subcontractors, trading partners' own websites), which are not covered by this Privacy Policy and that may have different levels of data protection. These sites are completely independent of us, we recommend that you study the relevant privacy policies before providing any personal information on such a site or using the services of such a site, as we do not accept any responsibility for these and do not control the procedures by which personal data is collected, used, made available or otherwise processed on these sites.

Request for information

Should you have any questions regarding the processing of your personal data, you can obtain information at the contact details indicated in point 3 above.

Amendment of the Privacy Policy

This Privacy Notice is reviewed at regular intervals to ensure that it meets the expectations of our users and the applicable privacy and other legal requirements. If this Privacy Notice is amended, the amended version will be published on the Website. We encourage you to periodically review this Privacy Notice in order to be up-to-date on all facts and information relating to the processing of your personal data. In the event of a significant change affecting the handling of personal data, we will also provide information by e-mail, newsletter and / or other marketing channels.

These regulations are effective from May 1, 2020.