External data protection rules and information on data processing 2

VIII. Additional provisions for point-of-sale camera systems

VIII.1. The operator uses image recording in the following sales premises.

VIII.2. In the area of ​​the sales premises, in order to monitor the stay inside the premises, the provisions of III.3 and IV.1. operates an electronic monitoring system that does not record sound recordings in order to achieve the goals and interests set out in points.

The purpose of the recording is to protect the life, physical integrity, personal liberty of the persons present in the premises of the sales premises, the persons present in the premises of the sales premises, and the property / goods placed in the premises of the sales premises. The prevention, interruption and proof of possible infringements cannot be ensured by other means.

VIII.3. In order to inform the affected Users in the area of ​​the sales premises or in their immediate vicinity, the Operator shall place an information and warning sign on the operation of the camera system in a clearly visible place for the persons wishing to enter.

VIII.4. Within the sales premises, as indicated in the sketches forming Annex 1 to these Regulations, the following cameras have been installed:

VIII.5. The recorded images may be viewed and saved only in order to detect and prove the infringing acts and to take the necessary measures in connection with the infringement. Documentation is prepared about the review of the images and the backups made of the images, which record the reason and date of the review or save, the data of the person performing it, and the further necessary or taken measures. The images can also be reviewed during the occasional testing of the proper operation of the system, about which the Operator records.

VIII.6 Anyone whose right or legitimate interest affects the recording of the image may, within 3 working days from the recording of the image, with a probability of his right or legitimate interest, request that the image not be destroyed or deleted by the Operator for later use (request for saving ).

The request for saving can be submitted electronically via the e-mail address of the customer service or in the chat window on the Website, by sending a letter on paper to the Operator's registered office, orally at the telephone customer service or at the sales premises. The Operator shall send a written confirmation to the User about the request for verbal saving.

IX. Anonymous User ID (cookie) placement and web turn signals „web beacons”

IX.1. The Operator, like many other businesses, uses cookies on the Website. For details on how to create "cookies" and "web-beacons" when using the Website, see the Information on the placement of anonymous User ID ("cookie") and web beacons recorded in a separate document.

X. Data storage, processing, data transmission

X.1. Data storage

The Operator stores the managed data in a repository on a cloud-based / physical server1.

Hosting provider name: BOROS IT Solutions

Hosting address: Barbara Strozzilaan 251, 1083HN Amsterdam

Hosting provider e-mail address: info@boros.nl

X.2. Data processing

The operator uses a data processor as follows:

INNOVA-INVEST Pénzügyi Zrt.

1118 Budapest, Dayka Gábor u. 3.

 +36 1 4852-720

Balázs Kovács

info@innovainvest.hu

UniCredit Bank Hungary Zrt.

1054 Budapest, Szabadság tér 5-6.

+36 1 374 78 23

laszlo.gal@unicreditgroup.hu

László Gál

Global Payments Europe S.R.O

V Olsinach 80/626 100 00 Prága, Csehország

ugyfelszolgalat@globalpay.hu

+36-1/324-2248

Smartsupp.com, s.r.o.

Milady Horakove 13

602 00 Brno

Czech Republic

support@smartsupp.com

https://www.smartsupp.com/contact

Emarsys eMarketing Systems AG

March 1

1150 Vienna

+43 1 478 20 80 157

+43 664 451 7630

Sascha Gonnermann

sascha.gonnermann@emarsys.com

www.emarsys.com

Mito Communications Zrt

1051 Budapest Nádor utca 23.

Noémi Herczeg

+36 30 338 0655

n.herczeg@mito.hu

Barak Jam Kft

1133 Budapest, Pannónia utca 85

Jakab Zsolt

+36 70 620 3077

zsolt.jakab@rtbhouse.com

Facebook Ireland Limited

4 Grand Canal Square, Grand Canal Harbor

Dublin 2, Ireland

+353 49 488 0377

Google Ireland Limited

Gordon House, Barrow Street, Dublin 4, Ireland

+353 1 436 1000

Magyar Posta Zrt.

Contact person: Éva Kerekes, Junior Account Manager

Mobile: +36 (30) 772-5630

E-mail: pyöres.eva@posta.hu

H-1173 Budapest, Ferihegyi út 93.c.

DPD Hungária Kft.

1158 Budapest, Késmárk utca 14 / B | http://www.dpd.com/hu

E-mail: zsolt.tar@dpd.hu

Contact person: Zsolt Tar - +36 30 957 6507

NewChanik d.o.o.

Beogradski put 73, Subotica, Serbia

Email: info@fixit.rs

Contact person: Damir Smith

X.3. Data transmission

The User gives his / her consent to the data transfer / foreign data transfer in person or actively during the use of the Website in the process of registration / ordering1, by signing the Data Management Statement / ticking the tickbox2. The User may withdraw his consent at any time. In the case of an ongoing order, the revocation of the data transfer consent is considered a withdrawal from the order, a fact which the Operator draws the User's attention to in the cancellation request by stating that the User's data is the GDPR. Article 6 (1) (f) until the pre-contractual situation has been restored by the parties. Pursuant to Article 7 (3) and Article 13 (2) (c) of the GDPR, the withdrawal of consent does not affect the lawfulness of the prior processing.

X.4. Guarantees provided by the Operator

The Operator undertakes an unconditional and irrevocable obligation to protect the User's personal data. It is the responsibility of the Operator to ensure the adequacy of the partners used in the further processing and processing of personal data, thus ensuring the required protection of personal data.

The recipient of the transfer to a third country and the data processors have committed themselves in a separate agreement with the Operator on the protection of personal data to take measures to ensure a level of protection in accordance with the data protection legislation in force in the EU. Such agreements provide the Operator with a sufficient opportunity and means to enforce adequate protection of personal data, providing a guarantee for the User to protect and exercise his rights.

It is the responsibility of the operator to submit the agreements provided for in this section and their amendments to the National Data Protection and Freedom of Information Authority for approval in accordance with Article 46 (3) of the GDPR and to the competent supervisory authority at any time.

XI. Data security measures, Data Protection Officer

XI.1. Data security measures

The Operator shall act with the utmost care in connection with the handling and storage of the personal data provided by the Users. In the field of IT security, the Operator uses the most efficient, state-of-the-art tools and procedures reasonably available.

The Data Controller shall plan and perform data management operations in such a way as to ensure the protection of the privacy of the Users concerned. The Operator ensures the security of the data and takes the technical and organizational measures and has established the rules of procedure that the Info. necessary to enforce the law and other data and confidentiality rules.

XI.1.1. The Operator shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, as well as becoming inaccessible due to changes in the technology used.

XI.1.2. In order to protect the electronically managed data files in the various registers, the Operator shall ensure with an appropriate technical solution that the data stored in the registers, unless permitted by law, cannot be directly linked and assigned to the User concerned.

XI.1.3. The Operator has selected and operates the IT tools used for the management of personal data during the provision of the service in such a way that the managed data:

(a) accessible to those entitled to it (availability);

1. b) its authenticity and authentication are ensured (authenticity of data management);

(c) its integrity can be demonstrated (data integrity);

(d) be protected against unauthorized access (data confidentiality).

XI.1.4. The Operator shall ensure the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection appropriate to the risks arising in connection with data management.

XI.1.5. The Operator's IT system and network are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer hacking and denial of service attacks. The Operator ensures security with server-level and application-level protection procedures.

XI.1.6. Electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that can lead to unfair activity or the disclosure or modification of information. To protect against such threats, the Operator shall take all precautionary measures required of it. It monitors systems to record any security incidents and provide evidence of any security incidents. However, the Internet is not known to be one hundred percent secure, as is known to Users. The Operator shall not be liable for any damage caused by unpredictable attacks that occur despite the utmost care.

XI.2. Data Protection Officer

The Operator declares that it is not obliged to use a data protection officer under the GDPR, in respect of which it does not employ a data protection officer.

XII. Alias, statistics

XII.1. The data may be used by the Operator for statistical purposes after pseudonymisation. The use of the data in a statistically aggregated form may not contain the name of the User concerned or any other data suitable for identification in any form.

XIII. Automated decision making

The User gives his / her consent to the automated decision-making in person or actively during the use of the Website in electronic form during the registration / order / electronic information request process by the User, by signing the Data Management Statement / ticking the tickbox. The User may withdraw his consent at any time. In the case of an ongoing order, the withdrawal of the consent is considered a withdrawal from the order, a fact which the Operator draws the User's attention to in the cancellation request by stating that the User's data is the GDPR. Article 6 (1) (f) until the pre-contractual situation has been restored by the parties. Pursuant to Article 7 (3) and Article 13 (2) (c) of the GDPR, the withdrawal of consent does not affect the lawfulness of the prior processing.

XIV. Consumer complaints

XIV.1. The Operator's customer service receives complaints and user inquiries related to the Operator's service and personal data protection in part on the telephone customer service line and by e-mail, at the telephone number +36 1 453 70 44 and at the email address dataprotection@officeshoes.hu.

XIV.2. The User sending the complaint may apply to the territorially competent court or the National Data Protection and Freedom of Information Authority (NAIH) for a legal remedy: 1024 Budapest, Szilágyi Erzsébet fasor 22 / C. (www.naih.hu).
 

XV. Fulfillment of official requests

XV.1. The court, the prosecutor, the investigating authority, the infringement authority, the administrative authority, the data protection commissioner, or other bodies may contact the Operator for the purpose of providing information, disclosing data, transferring documents or making documents available.

XV.2. The Operator shall provide the authorities with personal data only if and to the extent strictly necessary to achieve the purpose of the request, provided that the authority has indicated the exact purpose and scope of the data.

If you do not agree with the above, please do not use the Website.

If you have any further questions about privacy, please contact our staff.

These Regulations are publicly available on the Website from the date of the date, which is effective from that date.

Nagytarcsa, 06/07/2021