Privacy Policy
Privacy Policy
Date: May 20, 2022 (v1.2)
1. Why is this Privacy Policy important?
This Privacy Policy contains details of all information relating to the processing of personal data of third parties by True to Sole Ltd. We recommend that you read this Privacy Policy carefully to ensure that you are aware of all the facts and information relating to the processing of personal data.
Management of your personal data is performed in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation or GDPR - hereinafter referred to as “GDPR”) and other applicable legal provisions.
Please note that by using the Website, by subscribing to our direct marketing channels or by communicating with us, you consent to the processing of your personal data as detailed in this policy.
Please note that this Privacy Notice covers the use of the Website, our direct marketing channels and the processing of data in the course of the performance of sales and purchase contracts between us. In particular, please note that the subscription to our direct marketing channels is subject to your prior informed voluntary consent, which is provided for in this notice. The provision of personal data is generally voluntary, however, we may indicate certain data as mandatory or necessary (*), as these data are necessary to provide you with the service you have requested. If you choose not to provide us with this information, we may not be able to provide some of our services or enter into a sales contract with you.
2. To which services or persons does this Privacy Policy apply?
This notice covers the processing of your personal data by users who visit the truetosole.hu website and use a service or purchase a product there, by those who subscribe to our direct marketing channels, by those who enter into a sales contract with us as an individual, i.e. your personal data.
3. Who is the data controller?
The owner and operator of the Website is True to Sole Kft. (Company registration number 01-09-345763, registered office: 1102 Budapest, Állomás utca 4. fsz. 3., tax number: 27031946-2-42, court of registration: Company Court of the Metropolitan Court of Budapest; hereinafter referred to as "We" or "Data Controller").
Our contact information:
Web: https://www.truetosole.hu
Address: 1102 Budapest, Állomás utca 4. fsz. 3.
E-mail: hello@truetosole.hu
Telephone: +36 1 700 4022
4. What personal data do we manage?
Personal data is held by natural persons, and is any information relating to an identified or identifiable natural person - "data subject" as defined in data protection legislation. Personal data is for example name, phone number, email address.
If (i) you provide us with your name, company name, telephone number, e-mail address and/or other personal data in the context of a request for an offer, subscription to a newsletter and/or other similar direct marketing channel, registration, order fulfilment or otherwise, we will also process these personal data. (ii) If you sell us a product as a private individual, the processing of the personal data required by law is an essential condition for the conclusion of the sales contract. The provision of the data listed in (i) is of course voluntary, but the provision of the data referred to in (ii) is an essential condition for the conclusion of the contract. In both cases, it is your responsibility to ensure that the information provided is accurate.
5. For what purposes do we process personal data?
The purpose of the Website is to inform and promote our products and services to our existing and potential customers, as well as to use the services available on the Website, and in this context to conclude and perform a sales contract for the sale of products. The processing of personal data is essentially carried out in order to achieve the above purposes. In addition, personal data may also be processed for other purposes, which are listed in detail below.
5.1 Website Analytics
The purpose of data management: to record and process traffic data, to operate and develop the Websites, to maintain the Websites, and to improve the user experience.
Data subjects: Users browsing the Websites without requesting a quote.
The legal basis for data management: our legitimate interest.
The scope of the managed personal data: IP address, approximate geographic location, type of operating system, type of browser, and information about activity on the Websites. These are mostly treated in aggregated and / or anonymised form, mostly in the so-called cookies (see point 12 below) or similar technologies. If you do not agree to this, please do not use the Websites.
Duration of data management: Traffic data is largely processed in aggregated and anonymised form for analytical purposes, ranging from one to two years. After that, the traffic data will be processed exclusively in an anonymised form, i.e. without personal data. You can find detailed information on the Google Analytics website or in the cookie information.
Data Processor(s): We use Google Analytics to process website traffic data. You can read about Google Analytics and Google's privacy policy here. We use the services of the following service providers to process website traffic data related to advertising activities (for more information on the following services and the privacy policies of their service providers, click on the name of the service providers): Google Ads; Facebook Ads; AdRoll, TikTok Ads. Please check out point 8 below for more details.
5.2. Website Backup
The purpose of data management:
the ability to recover the business operation.
Data subjects:: Management-related information related to the Websites that is listed in this prospectus.
The legal basis for data management:: our legitimate interest.
Scope of personal data processed: personal data processed in connection with the Websites, which are listed in this prospectus.
Duration of data management:backups are stored for 90 days.
Data Processor(s): Shopify Inc., see Section 8 below for details.
5.3 Newsletters and other direct marketing
The purpose of data management: to record and process personal data for the purpose of contact in connection with requests for quotation and for the purpose of sending and communicating newsletters and / or other direct marketing messages.
Data subjects:people requesting an offer on the Websites or users subscribing to a newsletter and / or other similar direct marketing channel.
Legal basis for data processing: your consent.The range of personal data processed: name, address, e-mail address, telephone number and other information you provide.
Duration of data management: until withdrawal of consent.
Data Processor(s):To send you e-mail newsletters, we use the Klaviyo service operated by Klaviyo, Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, United States. Klaviyo is a party to the EU-US Privacy Shield, which is designed to ensure an adequate level of protection for data processed in the United States, as decided by the EU Commission, and its data protection data sheet is available here.
5.4 Registration on the Website
The purpose of data management: to create and maintain registration, to simplify purchases.
Data subjects: Users who register on the Websites.
Legal basis for data processing: your consent.
The range of personal data processed: name, address, e-mail address, telephone number and other information you provide.
Duration of data management: withdrawal of consent.
Data Processor(s): Shopify Inc., see Section 7 below for details.
5.5.1 Purchase, order fulfilment, follow-up in case of sales from own stock
The purpose of data processing: order fulfilment, follow-up, defence against possible legal claims.
Categories of data subjects: users who purchase products or services on the Websites, who may also be registered users.
Legal basis for processing: performance of a contract.
The scope of personal data processed: name, address, e-mail address, telephone number or any other information you provide.
Duration of the processing:: five (5) years after the purchase, which is the general limitation period under the Civil Code.
Data processor(s): Shopify Inc., see details in section 8 below.
Data transfer: OTP Mobil Kft. and our logistics partner GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. For details see point 7 below.
5.5.2 Purchase, order fulfilment and follow-up in the case of sales under a long-term intermediary contract
The purpose of data processing : order fulfilment, follow-up, defence against possible legal claims.
Categories of data subjects: users who purchase products or services on the Websites, who may also be registered users.
Legal basis for processing: performance of a contract
The scope of personal data processed: name, address, e-mail address, telephone number or any other information you provide.
Duration of the processing: five (5) years after the purchase, which is the general limitation period under the Civil Code.
Data processor(s): Shopify Inc., see details in section 8 below.
Data transfer: OTP Mobil Kft. and our logistics partner GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. For details see point 7 below.
5.5.3 Product purchase (If we buy a product from you)
The purpose of data processing : to conclude a contract for the sale of the product, to make the necessary preparations for the conclusion and performance of the contract, to enforce any legal claims.
Categories of data subjects: the parties selling products to us, with whom we conclude a sales contract.
Legal basis for processing: processing is necessary for the performance of a contract to which the data subject, i.e. you or one of the parties, is party, or for the purposes of taking steps at your request prior to entering into the contract (Article 6(1)(b) GDPR)
The scope of personal data processed: name, address, e-mail address, telephone number, tax number and your identity card number, other data related to the performance of the contract.
Duration of the processing: five (5) years after the performance of the contract, which is the general limitation period under the Civil Code.
Data processor(s): for details, see point 8 below.
Transmission of data: -
5.6 Administrative obligations relating to the purchase and sale under point 5.5.3.
Purpose of processing: to comply with legal obligations.
Categories of data subjects: users who buy, sell or use products or services on the Websites.
Legal basis for processing: performance of a legal obligation (Article 6(1)(c) GDPR).
Scope of the personal data processed: data contained in invoices and other accounting documents, including in particular name, address, tax number in case of sale.
Duration of data processing: eight (8) years after the invoice (voucher) has been issued, for which we are obliged to keep the accounting records pursuant to Article 169 of Act C of 2000 on Accounting.
Data processor(s) : Shopify Inc., KBOSS Kft. as the provider of the számlázz.hu service, Billingo Technologies Zrt. as the provider of the billingo.hu service and Quinarius Bt. For details on these, see point 7 below.
5.7 Consumer complaints
Purpose of processing: handling consumer complaints.
Categories of data subjects: users who purchase products or services on the Websites.
Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) GDPR).
Personal data processed: name, address, telephone number, other contact details, information relating to the complaint and other information provided by the data subject.
Duration of data processing: five (5) years after the closure of the case pursuant to Article 17/A (7) of Act CLV of 1997 on Consumer Protection.
Data processor(s) : Shopify Inc., the software provider used to issue the Consumer Quality Complaint/Panel of Complaints, CP Contact Tanácsadó Kft., Cipőkontroll Plusz Kft.. For details on these, see point 7 below.
5.8 Enforcement of data subjects' rights in relation to personal data
Purpose of processing: management of data subjects' rights.
Categories of data subjects: the persons mentioned in this privacy notice.
Legal basis for processing: legitimate interest.
Scope of personal data processed: the data listed in this privacy notice, as well as information relating to the specific data subject's request and our response.
Duration of processing: five (5) years after the conclusion of the specific data subject request.
Personal data may also be processed if consent has been withdrawn, but the processing of personal data is necessary for the fulfillment of a legal obligation to us, to enforce our legitimate interests or the legitimate interests of a third party or to fulfil a contract entered into. Personal data may also be processed for law enforcement, national security, defence and public security purposes, if the applicable law so provides. Personal data may be transferred to organizations performing such tasks, if the applicable law so provides.
6. How do we manage personal data?
You can browse the Website without requesting a quote and without providing personal data, detailed information can be found in point 4 above.
If you request an offer for the product on the Website, we will process the personal data you provide in order to fulfil the request for an offer. This means keeping in touch with you, such as being able to contact you in the way or ways you specify.
From time to time, we will send you newsletters or other direct marketing messages, in each case only in the manner you have authorized. You may unsubscribe from such newsletters or other direct marketing messages at any time. You can request this either by clicking on the unsubscribe link in the newsletter or by sending an e-mail to support@truetosole.hu
We will only process the personal data you provide in connection with your registration and placing your order for the purpose of fulfilling your orders and tracking your orders. This means the data management required for concluding and fulfilling the contract concluded between True to Sole Kft. and you in accordance with the GTC.
7. Who do we transfer personal data to?
Our services are also provided by subcontractors. These subcontractors are generally considered to be data processors under data protection rules. In some cases, some of our subcontractors may be considered data controllers, for example due to compliance with legal obligations and / or the nature of the service provided. If this is the case, it will be mentioned separately below.
The following subcontractors may have access to personal data:
7.1 For all users (including users browsing the Website without request for quotation: data processor Shopify Inc. (Shopify Inc., registered office: 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada, web: www.shopify.com), which maintains Websites. The Websites can only be accessed by duly licensed employees and subcontractors of this subcontractor, they participate in the operation and development of the Websites. It is unlikely, but these individuals may have access to certain personal data while performing this activity. The Websites and thus your personal information will be processed on Shopify Inc.'s servers in the European Union and the United States.
7.2 Most of the website traffic data is processed in an aggregated and anonymised form, for which we use Google Analytics services. Google Analytics service is provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), processes traffic data on servers located in the United States.
7.3 We use Google Ads, Facebook Ads, AdRoll and TikTok Ads services to process the website traffic data related to advertising activities. Google AdWords is provided by Google LLC (see above); Facebook Ads is provided by Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland), you can find Facebook's privacy policy here, and you can find more information about which country Facebook processes your data in here. AdRoll is provided by AdRoll Advertising Limited (1, Burlington Plaza, Burlington Road, Dublin 4, Ireland), depending on the country in which the traffic data is processed, you can find more information here. Google and Facebook are part of the EU-US Privacy Shield, which, by decision of the EU Commission, serves to provide an adequate level of protection for data handled (processed) in the US. The Privacy Shield of each service provider is available at the following links: Google, Facebook. For AdRoll, the appropriate level of protection is provided by Standard Contractual Clauses (SCCs) in line with the EU Commission Decision, see here. If you would like more information about these, please let us know. The provider of TikTok Ads in the European Economic Area (EEA) is TikTok Technology Limited (10 Earlsfort Court Dublin 2 DUBLIN, D02 AK70 Ireland), the privacy policy is available here.
7.4 In the case of requests for quotations, registration or subscription to a newsletter and / or other similar direct marketing channel: your personal data will not be passed on to other persons (data controllers), i.e. we will not sell or transfer it in any other form unless you have expressly agreed to this in advance.
7.5 In case of Simple card payment: the username, surname, first name, country of residence, telephone number, e-mail address will be transferred to OTP Mobil Kft. (1093 Budapest, Közraktár u. 30-32. River park, K30. Building II., Company registration number: 01-09-174466, tax number: 24386106-2-43, tel.: +36 1 776 6901, fax: +36 1 776 6902, web: https://www.otpmobil.hu/), as Data Controller. The purpose of the data transfer: to provide customer service assistance to users, to confirm transactions and to monitor fraud in order to protect users (fraud prevention).
7.6 To deliver your parcel, your name, address, e-mail address and telephone number will be given to our logistics partner, who will process it for the purpose of delivering your order. Our logistic partner is GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. (2351 Alsónémedi, GLS Európa u. 2., Company registration number: 13-09-111755; Tax number: 12369410-2-44; e-mail: info@gls-hungary.com).
7.8 If you have a consumer complaint or a quality complaint, we will keep a record of it in accordance with the law in force, and if we need to involve other parties in the investigation (e.g. authority, conciliation body, independent expert), then we will share the personal data related to the investigation as well as the purchase-related data with them, they process it for the purpose of making a decision or giving an opinion. Independent expert opinion is obtained from Cipőkontroll Plusz Kft. (1048 Budapest, Külső-Szilágyi út 12., company registration number: 01-09-289884, tax number: 25800993-2-41, tel.: +36 1 232 1094, fax: +36 1 230 9072, web: www.cipokontroll.hu), to which we provide the data indicated in this section.
7.9 We use the szamlazz.hu and billingo.hu applications to issue invoices for purchases. The provider of szamlazz.hu is KBOSS.hu Kft. KBOSS.hu Kft. (Headquarters: 1031 Budapest, Záhony utca 7., company registration number: 01-09-303201, tax number: 13421739-2-41, e-mail: info@szamlazz.hu), the provider of billingo.hu is Billingo Technologies Zrt. (registered office: 1133 Budapest, Árbóc utca 6., company registration number: 01-10-140802, tax number: 27926309-2-41, phone: +36-1/500-9491, e-mail: hello@billingo.hu). To them, as data processor, the names and billing addresses of the billing customers will be transmitted. For them as a data processor the names and billing addresses of billing customers will be forwarded.
The names and billing addresses of customers and users who sell products to us, and in the case of product sales, the tax number of the selling user, will also be transmitted to our accounting partner (Quinarius Bt., address: 1149 Budapest, Pillangó park 4.
8. How long do we process personal data?
As a general rule, we will process your personal data until you withdraw your consent, request the deletion of the data provided in the request for quotation, or unsubscribe from the newsletter and / or other electronic direct marketing channels. For each of the data management purposes listed in point 5 above, the relevant storage periods are indicated.
9. What rights and enforcement options do you have?
Pursuant to Articles 15-21 of the GDPR, you are entitled to ask the following regarding your personal data managed by True to Sole Kft.:
Access to your personal data: : you are either entitled to receive feedback on whether your personal data is being processed and, if such processing is in progress, you are also entitled to be given access to your personal data and to be informed about the circumstances surrounding their processing.
Rectification of your personal data: you have the right to ask us to correct your inaccurate personal data as well as to supplement your incomplete personal data.
Erasure of your personal data ("right to be forgotten"): you have the right to have your personal data deleted if you have one of the following reasons:
- your personal data is no longer required for the purpose for which it was collected or otherwise processed;
- if your consent on which the data processing is based is revoked and our data processing has no other legal basis;
- in the case of data processing based on a legitimate interest, you object to the data processing and there is no priority legitimate reason for our data processing, or we process your data for the purpose of direct business acquisition and you object to the processing of your personal data;
- if your personal data has been processed unlawfully;
- if we are required by law to delete your personal information.
We may refuse to comply with your request for erasure if the applicable law allows it, for example if the processing is necessary for the submission, enforcement or protection of legal claims.
Restriction of processing personal data:in certain cases, we are obliged to restrict the use of your personal data at your request. In this case, the data may only be used for limited purposes specified by law.
Object the processing of your personal data if the processing is based on a legitimate interest, including the case where the legal basis for the processing for the purpose of direct marketing (direct marketing) is a legitimate interest: you are entitled to object at any time, for reasons related to your own situation, against the processing of your personal data on the basis of a legitimate interest. In this case, we may not further process your personal data unless we can prove that the processing is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms or which relate to the submission, enforcement or protection of legal claims.
Receiving your personal data and transferring it to another data controller, if the legal preconditions for this are met (right to data portability): if you do not infringe on the rights and freedoms of others, you are entitled to, or to receive your personal data in a structured, widely used, machine-readable format or to transfer this data directly to another data controller, if (i) the processing is based on your consent or is necessary for the performance of a contract in which you or one of the parties or is required to take steps at your request prior to the conclusion of the contract; and (ii) the data is processed in an automated way, i.e. personal data is processed in an IT system and not on paper. If your personal data has been processed with your consent, you are entitled to withdraw your consent at any time.
How can you exercise these rights?
You can send your request to exercise the above rights to the contact details indicated in point 3. True to Sole Kft. shall, without undue delay, but no later than within one (1) month from the submission of the application, provide information in a comprehensible form on the measures taken following the application, which may be extended for another two (2) months in justified cases. If for any reason we do not comply with your request, we will notify you in our information of the reason. If you do not agree with our answer or action, you have the remedies listed below.
If you do not agree with our action or response, or believe that your rights to the protection of personal data have been violated, you are entitled to contact the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; telephone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu) to submit an application or, optionally, go to the court of our registered office or to the court of your domicile or residence (you can view the list and contact details of the courts via the following link: http://birosag.hu/torvenyszekek. The competent court according to the registered office of True to Sole Kft. is the Metropolitan Court.
10. How do we ensure the security of personal data?
We ensure the security of the personal data we process through appropriate technical and organizational measures and the development of procedural rules. Personal data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or accidental destruction.
Please keep your email address and phone number up to date and notify us of any changes. In all cases, we recommend that you use only an email address that only you can access and that you can access at any time.
Please make sure that you never enter your card number, expiration date or the three-digit CVC2 / CVV2 code on the back outside the secure credit card payment page (e.g. by e-mail, message, telephone)! We never ask for card information in this way, so if anyone on our behalf were to ask you for the above information, it was probably a phishing attempt. Do not provide the information and notify us and your card-issuing bank immediately!
11. What are cookies?
Cookies are text files that allow the Website or other computer server (server) to identify your computer and store your personal preferences and your technical data, such as clicks and other navigation data. The navigation data (click stream) shows what pages the user has visited and in what order. Cookies can also be used to determine what ads are displayed on the Website and to measure their effectiveness. We use cookies to personalize your visit to our Website (e.g., to recognize you when you return to our Website), analyse website traffic, and track user trends, patterns, and selections related to downloads and technical terms related to your use of the Website. This will help us to improve the look and content of our Website, to meet the expectations of users as much as possible. Cookies can be persistent (they remain on your computer until you delete them) and temporary (stored only until you close your browser).
We may also use web beacons or similar technologie