Privacy policy

MoreJoyLife

Privacy Policy of MoreJoyLife

INTRODUCTORY PROVISIONS:

The MoreJoyLife Webshop, as a data controller, considers the personal data of natural persons/visitors/customers/clients to be of utmost importance and handles personal data confidentially, taking all necessary technical and organizational measures to ensure data security.

In this context, the Data Controller undertakes to ensure that the data processing described in this Policy complies with the relevant Hungarian and European Union laws, in particular the GDPR provisions mandatory from May 25, 2018.

When creating this Policy, the Data Controller took into account not only the relevant and effective legislation but also the recommendations and guidelines of the National Authority for Data Protection and Freedom of Information (NAIH/Authority), particularly the recommendations issued on September 29, 2015, regarding the data protection requirements for prior information and the guidelines issued in July 2016, concerning data protection requirements for webshops, as well as the Authority's practices and decisions following the entry into force of the GDPR.

Purpose of the Policy: This Policy outlines the principles for the processing of personal data managed by the Data Controller concerning natural persons (data subjects), informs the data subjects about their rights in relation to their personal data, the methods for exercising these rights, the personal data processed by the webshop, and the contact details of the Data Controller necessary for exercising these rights and available legal remedies.

Additionally, this Policy aims to reflect the Data Controller's commitment to data protection and its efforts to maintain data processing practices that comply with the applicable legal requirements and the positions of the NAIH.

Duration of the Policy: This Policy is effective from August 1, 2024, until revoked or amended.

Scope of the Policy: The personal scope of this Policy extends to the Data Controller and all natural persons affected by the Data Controller's data processing.

Material Scope of the Policy: The material scope covers all data processing activities of the Data Controller, regardless of whether they are electronic or paper-based.

Please review the general terms and conditions (GTC) carefully before placing an order from the webshop. To place an order from the webshop, the customer (data subject) must explicitly accept the GTC and, based on the information provided in the Privacy Policy, consent to the data processing (by ticking the appropriate boxes).

This Policy/Regulation has been prepared in accordance with Hungarian law and is available in English on the webshop’s website. Contact details of the Data Controller and the hosting service provider

THE DATA CONTROLLER AND CONTACT DETAILS:

Name: Renáta Lőrincz ev.
Headquarters: 2621 Verőce, Migazzi u.3.
Tax Number: 90259045-2-33
Email: morejoyfullife@gmail.com

As the data controller is not required to appoint a mandatory data protection officer based on the following points, no data protection officer has been designated:

a) If the data processing is carried out by public authorities or other bodies performing public tasks (except for courts acting in their judicial capacity); b) If the core activities of the data controller or the data processor involve data processing operations that require regular and systematic large-scale monitoring of data subjects; c) If the core activities of the data controller or the data processor consist of processing on a large scale special categories of data or personal data relating to criminal convictions and offenses.

DEFINITIONS

"Personal Data": Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples include the data subject's place and date of birth, IP address, email address, or phone number, and the bank card details of customers shopping on the webshop.
"Data Processing": Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Data Controller": The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Data Processor": A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Examples include accountants and hosting service providers.
"Recipient": A natural or legal person, public authority, agency, or another body to whom personal data are disclosed, whether a third party or not. Public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing.
"Consent of the Data Subject": Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Data Breach" (GDPR): A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Third Country: Any state that is not an EEA state.
Website: The website operated by the Data Controller, https://morejoylife.com.
Social Media Pages: Social media pages managed and maintained by the Data Controller, such as https://www.facebook.com/. Meta, which operates Facebook, is an independent data controller, and its data protection policy can be found at: Meta Privacy Policy.

PRINCIPLES OF PERSONAL DATA PROCESSING

According to the GDPR, the Data Controller adheres to and applies the following principles in the processing of personal data:

a) Data processing must be lawful, fair, and transparent for the data subject ("lawfulness, fairness, and transparency");

b) Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes according to Article 89(1) ("purpose limitation");

c) Data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");

d) Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy");

e) Data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ("storage limitation");

f) Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality").

The Data Controller is responsible for, and must be able to demonstrate, compliance with these principles ("accountability").

Privacy by Design Principle: Although not explicitly named as such in the GDPR, this principle is clearly found in Recital 78 and Article 25 of the Regulation. Its essence is a conscious data protection mindset whereby the Data Controller, during the data processing and in determining the method of data processing, implements technical and organizational measures such as pseudonymization, which aim to embed the principles of data protection and the necessary safeguards for the protection of data subjects' rights into the data processing process.

Legal Bases for Data Processing under the GDPR

Each data processing operation can have only one legal basis. The selection of legal bases is allowed by Article 6(1) of the GDPR, listing the six possible legal bases without ranking them. Following the order used in the GDPR, we present the six possible legal bases, each illustrated with an example.

a) The data subject has given consent to the processing of their personal data for one or more specific purposes; e.g., registration, sending newsletters.
The Data Controller also draws the attention of the data subjects to specific data processing activities that if the legal basis for data processing is voluntary written consent, the data subject may withdraw their voluntary consent at any time by a written declaration.

b) Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract; e.g., purchasing in the webshop.

c) Processing is necessary for compliance with a legal obligation to which the Data Controller is subject; e.g., the obligation to retain documents (invoices) related to purchases in the webshop as per Act C of 2000 on Accounting.

d) Processing is necessary to protect the vital interests of the data subject or another natural person; not relevant for the Data Controller, e.g., humanitarian emergencies, life-threatening situations.

e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; not relevant for the Data Controller, e.g., the exercise of public authority.

f) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, especially if the data subject is a child; e.g., in relation to purchasing in the webshop, such data processing includes the transfer of personal data related to credit card payment to PayPal or MasterCard for the purposes, duration, etc. specified by them.

The Data Controller indicates the legal basis for the personal data processed for each data processing activity in the Policy/Information, whether the data processing is based on the data subject’s voluntary consent, performance of a contract, a legal obligation, or the Data Controller’s legitimate interest.

Duration of Data Processing

Similarly to the legal basis of data processing, the duration is also indicated by the Data Controller for each data processing activity in the Policy/Information, whether it is based on the data subject’s voluntary consent, performance of a contract, a legal obligation, or legitimate interest.

II. DATA PROCESSING RELATED TO THE OPERATION OF THE WEBSHOP

The Data Controller informs the data subjects of the following information through this Policy in accordance with Articles 13 and 14 of the GDPR:

Contact details of the Data Controller
Legal basis for data processing
Categories of data subjects
Categories and sources of personal data processed
Purpose of data processing
Duration of data processing
Consequences of not providing the data
Details of data processors and the purpose of data processing
Recipients of data transfers
Recipients and legal basis of international data transfers
Information on automated decision-making and profiling
Rights of data subjects and available legal remedies

Further information listed in Article 13(1) and (2) of the GDPR (rights of data subjects, the right to file a complaint with a supervisory authority, the right to seek judicial remedy, etc.) can be found in separate sections of the Policy/Information. The Data Controller informs data subjects that no automated decision-making or profiling is carried out regarding their personal data.

Data subjects can view the legitimate interest assessment related to data processing based on legitimate interest in full upon request. The request must be submitted to the Data Controller via the above email or postal address.

REGISTRATION

The Data Controller offers the possibility of voluntary registration for those natural persons who wish to make purchases through their user account. Registration allows data subjects not to have to provide their personal data for each purchase and to track their purchases through their registration profile. Registration can be done on the webshop’s interface. Naturally, the customer can also purchase from the webshop without registration, without any constraints. The password provided by the customer is stored encrypted, and neither the Data Controller nor the data processors can see or decrypt it.

Facts of Data Collection, Categories of Personal Data Processed, and Purposes of Data Processing:

Category of Data Subjects	Personal Data Processed	Purpose of Data Processing	Duration of Data Processing
All data subjects who voluntarily registered in the webshop	Last name, First name	Identification, ensuring secure access to the user account	Until the withdrawal of the data subject’s consent/deletion of the registered account
	Email address	Communication, sending system messages, login to the user account
	Password	Ensuring secure access to the user account
	Registration date	Technical operation execution
	IP address at registration	Technical operation execution

For email addresses, it is not necessary to contain personal data.

Source of Data: Directly from the data subject.
Categories of Data Subjects: All data subjects registered on the website.
Duration of Data Processing, Deadline for Data Deletion: Until the deletion request of the data subject. Upon deletion of the registration, personal data are immediately deleted. The Data Controller informs the data subject of the deletion of any personal data provided by the data subject electronically as per Article 19 of the GDPR. If the deletion request extends to the email address provided by the data subject, the Data Controller will also delete the email address following the notification.
Persons Authorized to Access Data, Recipients of Personal Data: Customer service staff of the Data Controller may handle personal data based on this Policy.
Information on Data Subjects’ Rights Related to Data Processing:
- The data subject may request access to their personal data, rectification, erasure, or restriction of processing, and
- The data subject has the right to data portability and the right to withdraw consent at any time.
Methods for Data Subjects to Initiate Access, Deletion, Modification, or Restriction of Processing, and Data Portability:
- By mail at 2621 Verőce, Migazzi u.3.,
- By email at morejoyfullife@gmail.com,
Legal Basis for Data Processing: Consent of the data subject, Article 6(1)(b) of the GDPR.
Data Transfers to Third Countries: None.
Automated Decision-Making, Profiling: No such data processing is carried out; data subjects are not rated or categorized based on any system, criteria, etc.
We inform you that:
- Data processing is necessary to take steps at your request prior to entering into a contract.
- You are required to provide personal data to register.
- Failure to provide data will result in the inability to create a user account.
- Failure of operation.

Recipients of Personal Data:

SHOPIFY: For providing online hosting; legal basis: processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR).
Billingo: For supporting operational and billing system management; legal basis: processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR).
Retcon Accounting Office: For performing accounting tasks; legal basis: processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR).
Microsoft Ireland Operations Limited: Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Phone: +353 1 706 3117. Online availability: Microsoft Privacy Questions. For providing email system and related IT services; legal basis: processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR).

Microsoft’s data protection information can be found at the following links:

Microsoft Privacy
Microsoft Privacy Statement
View Data Privacy Settings

CART ABANDONMENT NOTICE

If a registered Consumer/Customer logs out of their profile/webshop after placing one or more items in their cart without purchasing them, the system will send a notification email on the 5th, 10th, and 15th day following the addition of the items to the cart, indicating the incomplete purchase to the registered Consumer/Customer. If the Consumer/Customer does not complete the purchase after receiving these notification emails, the system will delete the item(s) in the cart no later than the 16th day.

The system automatically provides the cart abandonment feature for registered Consumers/Customers. If a Consumer does not wish to use the cart abandonment notification feature, they can choose to shop in the webshop without registration.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All data subjects who voluntarily register in the webshop	Data of items placed in the cart (price, quantity, product characteristics, etc.), the date of the incomplete purchase, other identifiers, name of the data subject, email address.	In case of placing items in the cart and ignoring the notification emails, up to 16 days, otherwise until the purchase is finalized based on the cart abandonment notification emails or until the data subject withdraws their consent/deletes their registered account.

Legal Basis for Data Processing: Voluntary consent of the data subject (GDPR Article 6(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: To notify about items left in the cart during shopping in the webshop, maintain contact
Consequence of Failing to Provide Data: Failure of the cart abandonment function

Recipients of Personal Data:

SHOPIFY: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Microsoft Ireland Operations Limited: Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Phone: +353 1 706 3117. Online availability: Microsoft Privacy Questions. For providing email system and related IT services; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

Microsoft's data protection information can be found at the following links:

Microsoft Privacy
Microsoft Privacy Statement
View Data Privacy Settings
Data Transfers to Third Countries: None
Automated Decision-Making, Profiling: We do not carry out such data processing, and the data subjects are not scored or categorized based on any system or criteria.

SHOPPING IN THE MOREJOYLIFE WEBSHOP

The Data Controller processes and stores the data of data subjects shopping in the webshop electronically in its own administrative/billing system (Billingo) for the duration indicated below. Documents containing personal data issued on paper (printed), such as invoices, are also kept in the administrative/billing system.

Facts of Data Collection, Categories of Personal Data Processed, and Purposes of Data Processing:

Category of Data Subjects	Personal Data	Purpose of Data Processing
All natural persons who purchase products from the MoreJoylife webshop	Last name, first name	Necessary for contact, purchase, and issuing a lawful invoice
	Email address	Contact, sending confirmations
	Phone number	Contact, more efficient coordination regarding billing or shipping
	Billing name and address (city, street, house number, door, floor), the price of the ordered product(s) (total amount to be paid), the chosen payment and shipping method	Issuing a lawful invoice, creating, defining the content of, modifying, monitoring the performance of the contract, billing fees, enforcing related claims
	Shipping name and address	Enabling home delivery
	Notes on the order	Handling information related to the order and delivery
	Date of purchase/registration	Technical operation execution
	IP address at the time of purchase/registration	Technical operation execution

For email addresses, it is not necessary to contain personal data.

Categories of Data Subjects: All data subjects registered/shopping on the webshop website.
Duration of Data Processing, Deadline for Data Deletion: Until the deletion request of the data subject. Upon deletion of the registration, personal data are immediately deleted. The Data Controller informs the data subject of the deletion of any personal data provided by the data subject electronically as per Article 19 of the GDPR. If the deletion request extends to the email address provided by the data subject, the Data Controller will also delete the email address following the notification. Except for accounting records, as per Section 169(2) of Act C of 2000 on Accounting, these data must be retained for 8 years. Accounting records supporting direct and indirect bookkeeping (including general ledger accounts, analytical or detailed records) must be retained in a readable form and retrievable by reference to the bookkeeping records for at least 8 years.
Persons Authorized to Access Data, Recipients of Personal Data: Customer service staff and employees assembling the goods can handle personal data in compliance with the principles described above.
Information on Data Subjects' Rights Related to Data Processing:
- The data subject may request access to their personal data, rectification, erasure, or restriction of processing, and
- The data subject has the right to data portability and the right to withdraw consent at any time.
Methods for Data Subjects to Initiate Access, Deletion, Modification, or Restriction of Processing, and Data Portability:
- By mail at 2621 Verőce, Migazzi u. 3.
- By email at morejoyfullife@gmail.com
Legal Basis for Data Processing:
- Article 6(1)(b) of the GDPR
- Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Elker tv.): The service provider may process personal data that are technically essential for the provision of the service. Under the same conditions, the service provider must choose and operate the tools used to provide the information society service in such a way that personal data are processed only if it is strictly necessary for the provision of the service and the fulfillment of the purposes set out in this Act, and even then only to the necessary extent and for the necessary duration.
- If a lawful invoice is issued, Article 6(1)(c) of the GDPR.
- In the case of enforcing claims arising from the contract, Section 6:21 of Act V of 2013 on the Civil Code provides a 5-year limitation period.
- Section 6:22 [Limitation]: (1) Unless otherwise provided by this Act, claims shall expire after five years. (2) The limitation period begins when the claim becomes due. (3) An agreement to change the limitation period must be made in writing. (4) An agreement excluding limitation is null and void.
We inform you that:
- Data processing is necessary for the performance of the contract and to provide an offer.
- You are required to provide personal data to fulfill the order.
- Failure to provide data will result in the inability to process the order.
- Failure to provide data will result in the inability to call you back.

Recipients of Personal Data:

SHOPIFY: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Billingo: For supporting operational and billing system management; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Retcon Accounting Office: For performing accounting tasks; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

Data Transfers to Third Countries: None

Automated Decision-Making, Profiling: The Data Controller does not carry out such data processing; data subjects are not scored or categorized based on any system or criteria.

ISSUANCE OF INVOICES FOR PURCHASES

The Data Controller issues invoices related to the sale of products offered in the webshop. The invoice is processed and stored in the administrative/billing system (Billingo, Shopify) for the duration required by applicable laws.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who purchase products from the webshop	Name, address (country, city, street, house number, floor, door), the number of products, total amount payable, chosen payment method, purchase date, tax number (for individual entrepreneurs, primary producers), company name, headquarters.	8 years based on Section 169(2) of Act C of 2000 on Accounting

Legal Basis for Data Processing: Processing is necessary for compliance with a legal obligation to which the Data Controller is subject (GDPR Article 6(1)(c)), considering Section 169(2) of the Accounting Act.
Source of Data: Directly from the data subject.
Purpose of Data Processing: Issuing a receipt for the payment of the purchased product, fulfilling the accounting obligations of the Data Controller.
Consequence of Failing to Provide Data: The natural person/individual entrepreneur purchasing the product cannot receive a personalized invoice.
Recipients of Personal Data:
- Retcon Accounting Office: For performing accounting tasks; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
- Billingo: For supporting operational and billing system management; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
- For taxable natural persons (individual entrepreneurs, agricultural producers) and non-taxable natural persons, data is transferred to the National Tax and Customs Administration (1054 Budapest, Széchenyi u. 2.) for the purpose of data transfer specified in Sections 169 and 170 of the VAT Act. Legal basis: processing is necessary for compliance with a legal obligation (GDPR Article 6(1)(c)), as per points 1, 2, and 4 of Appendix 10 of the VAT Act.

Data Transfers to Third Countries: None
Automated Decision-Making, Profiling: The Data Controller does not carry out such data processing; data subjects are not scored or categorized based on any system or criteria.

ONLINE PAYMENT WITH CREDIT CARD THROUGH PAYPAL/SIMPLEPAY/STRIPE

Data Processing Related to Shopping at MoreJoyLife.com

During the purchase in the webshop, the Data Controller enters into a contractual relationship with the Buyer by concluding the sales contract and invoices the purchase price to the Buyer. Regarding these purchases, the Data Controller processes the following data:

Data Subject	Data Category	Data Source	Purpose of Data Processing	Legal Basis for Data Processing	Duration of Data Processing
Natural person purchasing in the webshop	Name*	Provided by the data subject	a. Creating, defining the content of, modifying, performing the contract, communicating regarding contract performance, identifying the Buyer	a. and b. For the purposes specified in column D points a) and b): Section 13/A of Elker tv. For the purposes specified in column D points a), b), d), and e): GDPR Article 6(1)(b) for contract performance For the purpose specified in column D point b): GDPR Article 6(1)(c) for compliance with legal obligations (for data necessary for tax obligations as per Sections 78(3) and 202(1) of the Art., for documents necessary for accounting obligations as per Sections 168-169 of the Sztv.)	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. The data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Email address*	Provided by the data subject	a. Creating, defining the content of, modifying, performing the contract, communicating regarding contract performance, confirming orders	a. and b. For the purposes specified in column D points a) and b): Section 13/A of Elker tv. For the purposes specified in column D points a), b), d), and e): GDPR Article 6(1)(b) for contract performance For the purpose specified in column D point b): GDPR Article 6(1)(c) for compliance with legal obligations (for data necessary for tax obligations as per Sections 78(3) and 202(1) of the Art., for documents necessary for accounting obligations as per Sections 168-169 of the Sztv.)	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. Otherwise, the data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Phone number	Provided by the data subject	Ensuring communication regarding contract performance	GDPR Article 6(1)(b) for contract performance	The data will be retained until the registration is deleted.
Password (mandatory only for registration)	Provided by the data subject	Identifying the user during registration and login in the webshop. Registration is not possible without providing a password.	GDPR Article 6(1)(b) for creating and performing a contract	The password will be deleted simultaneously with the deletion of the registration.
Identifier of the completed purchase transaction	Provided by the data subject	Identifying the purchase transaction	a. and b. For the purposes specified in column D points a) and b): Section 13/A of Elker tv. For the purposes specified in column D points a) and b): GDPR Article 6(1)(b) for contract performance	The data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Amount, date, and time of the completed purchase transaction	Provided by the data subject	a. Creating, defining the content of, modifying, performing the contract b. Billing fees arising from the contract	a. and b. For the purposes specified in column D points a) and b): Section 13/A of Elker tv. For the purposes specified in column D points a) and b): GDPR Article 6(1)(b) for contract performance For the purpose specified in column D point b): GDPR Article 6(1)(c) for compliance with legal obligations – issuing invoices	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. The data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Subject of the completed transaction (purchased product)	Provided by the data subject	a. Creating, defining the content of, modifying, performing the contract b. Billing fees arising from the contract	a. and b. For the purposes specified in column D points a) and b): Section 13/A of Elker tv. For the purposes specified in column D points a) and b): GDPR Article 6(1)(b) for contract performance For the purpose specified in column D point b): GDPR Article 6(1)(c) for compliance with legal obligations – issuing invoices	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. The data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Shipping address	Provided by the data subject	Delivering the ordered goods	Section 13/A of Elker tv. GDPR Article 6(1)(b) for contract performance	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. Otherwise, the data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Billing name and address	Provided by the data subject	a. Creating, defining the content of, modifying, performing the contract b. Billing fees arising from the contract	a. and b. For the purposes specified in column D points a) and b): Section 13/A of Elker tv. For the purposes specified in column D points a) and b): GDPR Article 6(1)(b) for contract performance For the purpose specified in column D point b): GDPR Article 6(1)(c) for compliance with legal obligations – for data necessary for tax obligations as per Sections 78(3) and 202(1) of the Art., for documents necessary for accounting obligations as per Sections 168-169 of the Sztv.	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. Otherwise, the data will be retained for 5 years from the date of purchase (general civil statute of limitations).
Bank account number	Provided by the data subject	Refund of the purchase price	GDPR Article 6(1)(c) for compliance with legal obligations – legal regulation: Government Decree 45/2014 (II. 26.) Sections 8/B(2), 23(1) and (2).	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. The data will be retained for 5 years from the date of refund (general civil statute of limitations).

The data marked with an asterisk (*) are mandatory; without them, registration and shopping in the webshop cannot be carried out. Providing these data is a prerequisite for the conclusion of the contract.

Data Processing Related to Ensuring Online Credit Card Payment

The Data Controller provides online credit card payment for purchases in the webshop based on a contract with a third-party external service provider. Regarding online credit card payments, the Data Controller processes the following data of the Customer making the purchase with online credit card payment:

Data Subject	Data Category	Purpose of Data Processing	Legal Basis for Data Processing	Duration of Data Processing
Person paying online with a credit card in the webshop	Name	Processing the payment transaction, notifying the Customer of the payment success	GDPR Article 6(1)(b) for contract performance	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. The data will be retained for 5 years from the date of the payment transaction (general civil statute of limitations).
Phone number
Email address
Transaction amount
IP address
Transaction date and time
Shipping address
Billing address
Bank card data saved during the payment (tokenized card storage): number, expiry date, CVV code, name on the card
Person paying online with a credit card in the webshop	Name	Authorizing the payment transaction	GDPR Article 6(1)(b) for contract performance	If the data is necessary for compliance with tax obligations, it will be stored and retained for 5 years from the last day of the calendar year in which the tax return, data declaration, or notification should have been submitted or, in the absence of such, the tax should have been paid. If the data is necessary for compliance with accounting obligations, it will be stored and retained for 8 years. The data will be retained for 5 years from the date of the payment transaction (general civil statute of limitations).
Phone number
Email address
Transaction amount
IP address
Transaction date and time
Shipping address
Billing address
Bank card data saved during the payment via SimplePay/Paypal/Stripe at the Merchant: number, expiry date, CVV code, name on the card
Person paying online with a credit card in the webshop	Name	Monitoring and preventing payment fraud, assessing chargeback claims and customer complaints	GDPR Article 6(1)(f) for legitimate interests	The data will be retained for 5 years from the date of the payment transaction (general civil statute of limitations).
Phone number
Email address
Transaction amount
IP address
Transaction date and time
Shipping address
Billing address
Comment attached to the order by the customer
Whether the customer is a regular, returning buyer
Data on the document confirming receipt of the product ordered by the customer
Person paying online with a credit card in the webshop	Name	Strong customer authentication with 3D Secure 2.0 to prevent fraud during online credit card payment	GDPR Article 6(1)(f) for legitimate interests	The data will be retained for 5 years from the date of the payment transaction (general civil statute of limitations).
Phone number
Email address
IP address
Shipping address
Billing address
Data collected from the browser used by the customer during the online purchase: Accept HTTP header value, the format appearing in the HTTP request body, name and version number of the browser and operating system used, default language, source IP address of the browser, whether the browser can run Java code, language of the browser, color depth of the browser, height and width of the browser screen, timezone of the browser
Method of the customer's purchase at the Merchant: As a guest, without registration As a registered customer

Legitimate Interest: The Data Controller processes data for fraud prevention and monitoring purposes, using the personal data utilized for strong customer authentication. The Data Controller has a legitimate interest in preventing fraud related to the payment process and online payments, detecting probable fraud, identifying actual fraud, and assisting and participating in criminal and other legal proceedings related to fraud by providing information on the committed fraud. The Data Controller has no legal obligation to file complaints or initiate legal proceedings related to online payment fraud but may provide data on the fraud if it files a complaint or initiates legal proceedings. Preventing fraud in online payments strengthens public trust in online payments, reduces future fraud, which is not only in the legitimate interest of the Data Controller but also in the public interest. Preventing fraud directly reduces the amounts the Data Controller must refund due to fraud, which is also in its business interest. In the case of data processing based on legitimate interest, the data subject may object to the processing at any time. In this case, the Data Controller will perform a re-evaluation to justify that, considering the reasons indicated in the request, other legitimate interests outweigh the interests of the data subject. The legitimate interest assessment can be viewed in full by data subjects upon request. The request must be submitted to the above email or postal address of the Data Controller. The Data Controller cannot access the bank card data used during online credit card payment as it is not entitled to do so under the regulations of the International Card Organizations. These card details are processed and stored by the payment service provider in a PCI DSS certified environment.

The Data Controller uses the following data processor for the online payment-related data processing:

Raiffeisen Bank MasterCard

Purpose of Data Processing: Processing online payment transactions, authorizing, monitoring, and preventing related fraud, strong customer authentication with 3D Secure.

Categories of Data Processed: As specified in the above data processing information table.

Raiffeisen Bank's data protection information can be accessed by clicking the following link:

https://www.raiffeisen.hu/raiffeisen-csoport/raiffeisen-bank-zrt/jogi-nyilatkozatok/adatkezelesi-tajekoztato

Data Processed for Product Delivery

We inform data subjects that the Data Controller uses the services of GLS General Logistics Systems Hungary Ltd., Magyar Posta Zrt., and DDP for product deliveries, depending on the delivery address of the ordered product. These courier services act as independent data controllers for personal data processed in connection with the delivery of products ordered electronically through the webshop, managing personal data in their own names and according to their data protection policies. The privacy policies of the contracted courier services can be accessed through the following links:

GLS General Logistics Systems Hungary Ltd.: https://gls-group.eu/HU/hu/adatkezelesi-tajekoztato
Magyar Posta Zrt.: https://www.posta.hu/adatkezelesi_tajekoztato#1
DDP: https://www.dpd.com/hu/hu/

The transfer of personal data necessary for delivering products ordered electronically through the webshop within EEA member states is based on the contract (order) between the data subject and the Data Controller under GDPR Article 6(1)(b). For deliveries outside the EEA to third countries, personal data is transferred as necessary for contract performance under GDPR Article 6(1)(b) and Article 49(1)(b).

For more detailed information on the safeguards for data transfers to non-EEA countries, please refer to the DDP privacy policy and contact DDP or request further information if you have any unanswered questions.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who purchase and request delivery (home delivery) of products offered in the webshop	Name, email address/phone number, delivery details (country, city, street, house number, floor, door), ordered product(s) identification and quantity, the price of the ordered product(s), chosen payment and delivery method, purchase date	Until the delivery is completed

Legal Basis for Data Processing: Processing is necessary for the performance of a contract (GDPR Article 6(1)(b))
Source of Data: Directly from the data subject
Purpose of Data Processing: Delivery of the ordered product to the address provided by the data subject and necessary communication and coordination with the courier
Consequence of Failing to Provide Data: Failure of delivery following the purchase in the webshop
Recipients of Personal Data:
1. Billingo: For supporting operational and billing system management; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
2. GLS General Logistics Systems Hungary Ltd. (Address: 2351 Alsónémedi, GLS Európa utca 2., Phone: +36 29 886 670, Email: info@gls-hungary.com) for product delivery; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b) and Postal Act Section 54(1)).
3. Magyar Posta Zrt. (Address: 1138 Budapest, Dunavirág utca 2-6., Phone: +36-1-767-8200, Email: ugyfelszolgalat@posta.hu) for product delivery; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b) and Postal Act Section 54(1)).
4. DDP: For product delivery; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b) and Article 49(1)(b)).
5. Online hosting provider: Legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Data Transfers to Third Countries: As described above
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Customer Contact (Request for Information Electronically)

The Data Controller allows data subjects interested in its products to request information on subjects not related to quotation requests via the email address morejoyfullife@gmail.com.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All data subjects who request information from the Data Controller about its products and services by providing their personal data and whose request does not fall under quotation requests	Name, email address, subject of the message (for postal requests, notification address details: city, street, house number, floor, door, postal code), content of the request	Until the purpose is fulfilled

Legal Basis for Data Processing: The data subject's voluntary consent (GDPR Article 6(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: Providing information (responses) to the data subject and maintaining necessary communication
Consequence of Failing to Provide Data: Failure of the information request
Recipients of Personal Data:

Shopify: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

Handling Quality Complaints

The Data Controller records and investigates quality (warranty) complaints submitted in person, by email, or by mail regarding the products it manufactures and distributes and informs the data subject of the investigation results.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who submit quality (warranty) complaints orally in person or electronically or on paper regarding the products or services provided by the Data Controller	In the recorded complaint report: the consumer's name, address, place, time, method of complaint submission, detailed description of the consumer's complaint, list of documents and other evidence presented by the consumer, the company's statement regarding the consumer's complaint if the complaint can be immediately investigated, the signature of the person recording the complaint and the consumer (except for complaints submitted by phone or other electronic communication services), place, time of recording the report	3 years based on Section 4(6) of the Consumer Protection Act

Legal Basis for Data Processing: Processing is necessary for compliance with a legal obligation (GDPR Article 6(1)(c), considering Section 4(6) of the Consumer Protection Act)
Source of Data: Directly from the data subject
Purpose of Data Processing: Handling quality complaints related to the products and services provided by the Data Controller, ensuring compliance with the warranty and guarantee provisions under the Consumer Protection Act, and facilitating the inspection and procedures of the consumer protection authority
Consequence of Failing to Provide Data: Failure to handle quality complaints, inability to exercise consumer rights
Recipients of Personal Data:
- Shopify: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
- Microsoft Ireland Operations Limited: Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Phone: +353 1 706 3117, for providing email system and related IT services; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

Microsoft's data protection information can be found at the following links:

Microsoft Privacy
Microsoft Privacy Statement
Data Transfers to Third Countries: None
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Marketing Database, Newsletter, Advertisement Sending

The Data Controller sends newsletters and other marketing messages to natural persons who have provided separate consent for sending marketing and advertising messages (by checking a checkbox, clicking on the subscribe button). Data subjects can withdraw their consent at any time without any restrictions.

The newsletters sent by the Data Controller are general and uniform, and no profiling is done in connection with sending these newsletters.

To subscribe to the newsletter and transfer personal data (full name, email address) to a third country – a data controller outside the EEA – the explicit consent of the data subjects is required under GDPR Article 49(1)(a).

By subscribing to the newsletter, data subjects acknowledge and are aware that they provide their personal data at their discretion and responsibility, as the Data Controller cannot guarantee the level of protection required by GDPR in the third country where the newsletter system is operated.

By reading this Privacy Policy and providing voluntary consent (by checking a checkbox, clicking the subscribe button) for marketing and advertising messages, data subjects give their consent under GDPR Article 49(1)(a) for transferring personal data (full name, email address) to the "Gmail" system operator in a third country.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who use the Data Controller's newsletter service by subscribing to the newsletter and providing their personal data	Full name, email address, consent for direct marketing messages and newsletters, advertising messages	Until the data subject withdraws their voluntary consent. The Data Controller reviews the newsletter subscription list every two years and requests confirmation via email for further newsletter sending. If the data subject does not send a confirmation email within one week, the Data Controller will delete the data subject from the newsletter list

Legal Basis for Data Processing: The data subject's voluntary consent (GDPR Article 6(1)(a) and Article 49(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: Providing information to the data subject about the Data Controller's products and services in the form of newsletters and advertising messages (e.g., promotions, news, events, service changes, prices) in compliance with Sections 6(1) and (5) of the Advertising Act. The data subject can unsubscribe from newsletters and advertising messages at any time free of charge and without any conditions by sending an email to webshop@stuhmer.hu or by sending a written letter to the contact details provided in Section II of this Privacy Policy.
Consequence of Failing to Provide Data: The data subject will not receive newsletters, or the previously subscribed data subject will no longer receive further newsletters without a confirmation email.
Recipients of Personal Data:
- Shopify: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Data Transfers to Third Countries: As described above
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Data subjects may withdraw their voluntary consent to the processing of their personal data at any time in writing (via email or postal mail) for the specified data processing purpose at the contact details provided by the Data Controller.

Presence on Social Media (Facebook, Instagram, YouTube)

The Data Controller is available on the Facebook social platform at https://www.facebook.com/ and the Instagram platform at https://www.instagram.com/, where data subjects can share, comment on, and react to various opinions, comments, and posts related to the products distributed by the Data Controller. Additionally, data subjects can find the Data Controller's YouTube account at https://www.youtube.com/channel/ where they can view and comment on the videos uploaded by the Data Controller.

The Data Controller does not request any statistics (e.g., visitor age, gender, marital status) based on personal data from Facebook, Instagram, or YouTube.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who are registered on Facebook/Instagram and share, like, comment on, or voluntarily follow the Data Controller's Facebook/Instagram page and its content. Also, those data subjects who view, comment on, and share the videos uploaded by the Data Controller on its YouTube account	The data subject's registered name on the social platform, public profile picture, and other uploaded pictures, email address, other voluntarily uploaded data, opinions, messages, etc. related to the Data Controller and its products. In the case of YouTube, the data subject's name, public profile picture, comments, any shared or published information, content	Until the data subject voluntarily withdraws consent by deleting the comment/post

Legal Basis for Data Processing: The data subject's voluntary consent (GDPR Article 6(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: Operating the Facebook/Instagram social media pages and the YouTube account. This includes contacting, maintaining contact, sharing, and liking the products, promotions, and content uploaded by the Data Controller on these social platforms, making the products distributed by the Data Controller more known and popular, being informed about the promotions and other information advertised by the Data Controller, and providing feedback to the Data Controller to improve product quality. Responding to messages and comments from visitors.
Consequence of Failing to Provide Data: Failure to appear on the Data Controller's social media pages
Recipients of Personal Data:
- Meta, operating Facebook/Instagram: as an independent data controller. Contact information: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Online contact: https://www.facebook.com/help/contact/1650115808681298. Joint privacy policy for Facebook and Instagram: https://hu-hu.facebook.com/privacy/policy?section_id=13-HowToContactMeta. Meta Privacy Center: https://www.facebook.com/privacy/center/.
- Google, operating YouTube: as an independent data controller. Privacy policy: https://policies.google.com/privacy?hl=hu#intro. Contact information: Dublin, Gordon House Barrow St, Dublin 4, Ireland.
Data Transfers to Third Countries: None
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

The Data Controller informs data subjects that Facebook/Instagram (Meta) and Google are independent data controllers. Accordingly, the placement, deletion, withdrawal, and processing of personal data voluntarily provided by the data subject on the Data Controller's Facebook/Instagram page and YouTube account are governed by the data protection policies of Facebook/Instagram (Meta) and Google. Please refer to the data protection policies and guidelines of Facebook/Instagram (Meta) and Google through the above-mentioned websites and privacy notices.

Data Processing System

Activity of the Data Processor: Data storage, providing billing system
Name and Contact Information of the Data Processor:
- Billingo Technologies Zártkörűen Működő Részvénytársaság
- Address: 1133 Budapest, Árbóc utca 6. I. emelet
- Company registration number: 01-10-140802
- Tax number: 27926309-2-41
- Website: www.billingo.hu
Data Processed: Name, email address, billing data, webshop data, contact data, shipping address, phone number
Categories of Data Subjects: Subscribers, interested parties of the dropship service
Purpose of Data Processing: Maintaining contact with customers and interested parties
Duration of Data Processing: Until the termination of the service or upon customer request
Legal Basis for Data Processing: Processing is necessary for the performance of a contract (GDPR Article 6(1)(b))
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay.

Data Processed for Product Delivery

GLS General Logistics Systems Hungary Ltd.: GLS Privacy Policy
Magyar Posta Zrt.: Magyar Posta Privacy Policy
DDP: DDP Privacy Policy

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who purchase and request delivery (home delivery) of products offered in the webshop	Name, email address/phone number, delivery details (country, city, street, house number, floor, door), ordered product(s) identification and quantity, the price of the ordered product(s), chosen payment and delivery method, purchase date	Until the delivery is completed

Legal Basis for Data Processing: Processing is necessary for the performance of a contract (GDPR Article 6(1)(b))
Source of Data: Directly from the data subject
Purpose of Data Processing: Delivery of the ordered product to the address provided by the data subject and necessary communication and coordination with the courier
Consequence of Failing to Provide Data: Failure of delivery following the purchase in the webshop
Recipients of Personal Data:
1. Billingo: For supporting operational and billing system management; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
2. GLS General Logistics Systems Hungary Ltd. (Address: 2351 Alsónémedi, GLS Európa utca 2., Phone: +36 29 886 670, Email: info@gls-hungary.com) for product delivery; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b) and Postal Act Section 54(1)).
3. Magyar Posta Zrt. (Address: 1138 Budapest, Dunavirág utca 2-6., Phone: +36-1-767-8200, Email: ugyfelszolgalat@posta.hu) for product delivery; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b) and Postal Act Section 54(1)).
4. DDP: For product delivery; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b) and Article 49(1)(b)).
5. Online hosting provider: Legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Data Transfers to Third Countries: As described above
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Customer Contact (Request for Information Electronically)

The Data Controller allows data subjects interested in its products to request information on subjects not related to quotation requests via the email address morejoyfullife@gmail.com.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All data subjects who request information from the Data Controller about its products and services by providing their personal data and whose request does not fall under quotation requests	Name, email address, subject of the message (for postal requests, notification address details: city, street, house number, floor, door, postal code), content of the request	Until the purpose is fulfilled

Legal Basis for Data Processing: The data subject's voluntary consent (GDPR Article 6(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: Providing information (responses) to the data subject and maintaining necessary communication
Consequence of Failing to Provide Data: Failure of the information request
Recipients of Personal Data:

Shopify: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

Handling Quality Complaints

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who submit quality (warranty) complaints orally in person or electronically or on paper regarding the products or services provided by the Data Controller	In the recorded complaint report: the consumer's name, address, place, time, method of complaint submission, detailed description of the consumer's complaint, list of documents and other evidence presented by the consumer, the company's statement regarding the consumer's complaint if the complaint can be immediately investigated, the signature of the person recording the complaint and the consumer (except for complaints submitted by phone or other electronic communication services), place, time of recording the report	3 years based on Section 4(6) of the Consumer Protection Act

Legal Basis for Data Processing: Processing is necessary for compliance with a legal obligation (GDPR Article 6(1)(c), considering Section 4(6) of the Consumer Protection Act)
Source of Data: Directly from the data subject
Purpose of Data Processing: Handling quality complaints related to the products and services provided by the Data Controller, ensuring compliance with the warranty and guarantee provisions under the Consumer Protection Act, and facilitating the inspection and procedures of the consumer protection authority
Consequence of Failing to Provide Data: Failure to handle quality complaints, inability to exercise consumer rights
Recipients of Personal Data:
- Shopify: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
- Microsoft Ireland Operations Limited: Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Phone: +353 1 706 3117, for providing email system and related IT services; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).

Microsoft's data protection information can be found at the following links:

Microsoft Privacy
Microsoft Privacy Statement
Data Transfers to Third Countries: None
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Marketing Database, Newsletter, Advertisement Sending

The newsletters sent by the Data Controller are general and uniform, and no profiling is done in connection with sending these newsletters.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who use the Data Controller's newsletter service by subscribing to the newsletter and providing their personal data	Full name, email address, consent for direct marketing messages and newsletters, advertising messages	Until the data subject withdraws their voluntary consent. The Data Controller reviews the newsletter subscription list every two years and requests confirmation via email for further newsletter sending. If the data subject does not send a confirmation email within one week, the Data Controller will delete the data subject from the newsletter list

Legal Basis for Data Processing: The data subject's voluntary consent (GDPR Article 6(1)(a) and Article 49(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: Providing information about the Data Controller's products and services through newsletters and advertising messages (e.g., promotions, news, events, service changes, prices) under Sections 6(1) and (5) of the Advertising Act. The data subject can unsubscribe from newsletters and advertising messages at any time free of charge and without conditions by sending an email to webshop@stuhmer.hu or by sending a written letter to the contact details provided in Section II of this Privacy Policy.
Consequence of Failing to Provide Data: The data subject will not receive newsletters, or the previously subscribed data subject will no longer receive further newsletters without a confirmation email.
Recipients of Personal Data:
- Shopify: For providing online hosting; legal basis: processing is necessary for the performance of a contract (GDPR Article 6(1)(b)).
Data Transfers to Third Countries: As described above
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Presence on Social Media (Facebook, Instagram, YouTube)

The Data Controller does not request any statistics (e.g., visitor age, gender, marital status) based on personal data from Facebook, Instagram, or YouTube.

Category of Data Subjects	Categories of Personal Data Processed	Duration of Data Processing
All natural persons who are registered on Facebook/Instagram and share, like, comment on, or voluntarily follow the Data Controller's Facebook/Instagram page and its content. Also, those data subjects who view, comment on, and share the videos uploaded by the Data Controller on its YouTube account	The data subject's registered name on the social platform, public profile picture, and other uploaded pictures, email address, other voluntarily uploaded data, opinions, messages, etc. related to the Data Controller and its products. In the case of YouTube, the data subject's name, public profile picture, comments, any shared or published information, content	Until the data subject voluntarily withdraws consent by deleting the comment/post

Legal Basis for Data Processing: The data subject's voluntary consent (GDPR Article 6(1)(a))
Source of Data: Directly from the data subject
Purpose of Data Processing: Operating the Facebook/Instagram social media pages and the YouTube account. This includes contacting, maintaining contact, sharing, and liking the products, promotions, and content uploaded by the Data Controller on these social platforms, making the products distributed by the Data Controller more known and popular, being informed about the promotions and other information advertised by the Data Controller, and providing feedback to the Data Controller to improve product quality. Responding to messages and comments from visitors.
Consequence of Failing to Provide Data: Failure to appear on the Data Controller's social media pages
Recipients of Personal Data:
- Meta, operating Facebook/Instagram: as an independent data controller. Contact information: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Online contact: Meta Privacy Contact. Joint privacy policy for Facebook and Instagram: Meta Privacy Policy. Meta Privacy Center: Meta Privacy Center.
- Google, operating YouTube: as an independent data controller. Privacy policy: Google Privacy Policy. Contact information: Dublin, Gordon House Barrow St, Dublin 4, Ireland.
Data Transfers to Third Countries: None
Automated Decision-Making, Profiling: The Data Controller does not engage in such data processing, and data subjects are not scored or categorized based on any system or criteria

Data Processing System

Activity of the Data Processor: Data storage, providing billing system
Name and Contact Information of the Data Processor:
- Billingo Technologies Zártkörűen Működő Részvénytársaság
- Address: 1133 Budapest, Árbóc utca 6. I. emelet
- Company registration number: 01-10-140802
- Tax number: 27926309-2-41
- Website: www.billingo.hu
Data Processed: Name, email address, billing data, webshop data, contact data, shipping address, phone number
Categories of Data Subjects: Subscribers, interested parties of the dropship service
Purpose of Data Processing: Maintaining contact with customers and interested parties
Duration of Data Processing: Until the termination of the service or upon customer request
Legal Basis for Data Processing: Processing is necessary for the performance of a contract (GDPR Article 6(1)(b))
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay.

Hosting Provider

Activity of the Data Processor: Hosting services
Name and Contact Information of the Data Processor:

Company Name: Shopify Inc.
Address: 150 Elgin St, Suite 800, Ottawa, ON, K2P 1L4, Canada
Phone: +1 888 746 7439
Email: support@shopify.com
Website: shopify.com

Data Processed: All personal data provided by the data subject
Categories of Data Subjects: All users of the website
Purpose of Data Processing: Making the website available, ensuring its proper operation
Duration of Data Processing: Until the termination of the agreement between the Data Controller and the hosting provider or until the data subject requests deletion from the hosting provider
Legal Basis for Data Processing: GDPR Article 6(1)(f) and Section 13/A(3) of the Act on Electronic Commerce Services and Information Society Services (Act CVIII of 2001)
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay. e. You have the right to object to the processing of your personal data.

Website Operation

Activity of the Data Processor: Website operation (monitoring, technical updates, security system development, other development, repair tasks)
Name and Contact Information of the Data Processor:

Name: Do Média Szolgáltató Korlátolt Felelősségű Társaság
Company registration number: 11-09-016434
Tax number: 11743435-2-11
Address: 2500 Esztergom, Kossuth Lajos utca 54. 4.
Phone: +36.33999616
Email: hello@domdom.hu

Data Processed: All personal data provided by the data subject
Categories of Data Subjects: All users of the website services and all users who registered/placed orders on the website
Purpose of Data Processing: Website operation (development, monitoring, error corrections)
Duration of Data Processing: Until the termination of the agreement between the Data Controller and the website operator or until the data subject requests deletion from the website operator
Legal Basis for Data Processing: GDPR Article 6(1)(f) and Section 13/A(3) of the Act on Electronic Commerce Services and Information Society Services (Act CVIII of 2001)
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay. e. You have the right to object to the processing of your personal data.

Accounting Tasks, Billing

Activity of the Data Processor: Accounting tasks and billing
Name and Contact Information of the Data Processor:

Name: Retcon International Accounting Office
Address: 1157 Budapest, Zsókavár utca 38. 5/20.
Phone: +36 1 706 1355
Company registration number: 01-09-321941
Email: info@retcon.hu

Data Processed: Name, billing name, billing address, email address, phone number
Categories of Data Subjects: All data subjects placing orders on the website
Purpose of Data Processing: Performing accounting tasks
Duration of Data Processing: 8 years based on Section 169(2) of Act C of 2000 on Accounting
Legal Basis for Data Processing: GDPR Article 6(1)(c) and Section 13/A(3) of the Act on Electronic Commerce Services and Information Society Services (Act CVIII of 2001)
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay.

Email Services

Activity of the Data Processor: Processing orders, customer service, customer communication
Name and Contact Information of the Data Processor:

Name: Google LLC
Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Contact: Google Contact

Data Processed: Name, billing name, billing address, email address, phone number, message content
Categories of Data Subjects: All data subjects contacting the Data Controller via email
Purpose of Data Processing: Email communication with customers
Duration of Data Processing: Until the termination of the relationship between the Data Controller and the data subject, or for 5 years following the contract in case of claims
Legal Basis for Data Processing: GDPR Article 6(1)(c) and (f)
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay.

Online Marketing Services

Activity of the Data Processor: Online marketing
Name and Contact Information of the Data Processor:
1. Name: Facebook Inc.
2. Address: 1 Hacker Way, Menlo Park California, CA 94025 USA
3. Web: www.facebook.com
4. Customer Service: +1 (650) 543-480
5. Name: Pinterest-Europe Ltd
6. Address: Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
7. Web: https://pinterest.com/
Data Processed: Name, email address, visitor data
Categories of Data Subjects: All users of the website and newsletter subscribers
Purpose of Data Processing: Promoting and advertising products available on the website, increasing website traffic
Duration of Data Processing: Until the termination of the agreement between the Service Provider and the data processor specified in this section or until the data subject requests deletion from the data processor
Legal Basis for Data Processing: User consent, Section 5(1) of the Information Act, Article 6(1)(a) of the GDPR, and Section 13/A(3) of the Act on Electronic Commerce Services and Information Society Services (Act CVIII of 2001)
Rights of the Data Subject: a. You can obtain information about the circumstances of data processing. b. You have the right to receive confirmation from the data controller on whether your personal data is being processed, and to access all information related to the data processing. c. You have the right to receive your personal data in a structured, commonly used, and machine-readable format. d. You have the right to request the data controller to rectify inaccurate personal data concerning you without undue delay.

Cookie Management

A cookie is a small file that is stored on your device (computer, smartphone, tablet, etc.) by the websites you visit. They help ensure that the service provider displays the website content as expected by the user, making browsing more efficient and helping display content tailored to the user’s interests, such as language settings or playing audio and video files. We also share information about your use of our site with our social media, advertising, and analytics partners, who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. By continuing to browse the site, you consent to the use of cookies. Cookies come with various functions and lifespans, and many types are known.

According to Section 155(4) of Act C of 2003 on Electronic Communications (Ehtv.), data can be stored or accessed on the terminal device of a subscriber or user only with the clear and comprehensive information of the data subject and their consent, covering the purpose of data processing. If you do not wish to allow cookies, the Data Controller will not place cookies on your device. Restricting cookies will mean that the website content will be available in a "limited mode," and certain functions may not be available or only partially available.

Cookies often store settings related to websites, such as default language or location. When you return to the website, the browser sends the cookies related to that website, allowing the site to provide personalized information.

By default, the collection and sending of cookie data is invisible to the user. However, browser settings can be modified to approve or reject the storage of cookies or to request their deletion upon closing the browser.

Cookies typical for online stores include "password-protected session cookies," "shopping cart cookies," "security cookies," "necessary cookies," "functional cookies," and "website statistics cookies," which do not require prior consent from the data subjects.
Data Processed: Unique identifier, dates, times
Categories of Data Subjects: All users visiting the website
Purpose of Data Processing: Identifying users, maintaining the "shopping cart," and tracking visitors
Duration of Data Processing:

Cookie Type	Legal Basis for Data Processing	Duration of Data Processing	Data Processed
Session cookies	Section 13/A(3) of Act CVIII of 2001	Until the end of the relevant visitor session	Start of visit, items in cart and their quantities
Permanent cookies	Section 13/A(3) of Act CVIII of 2001	Until the data subject deletes them	Website statistics (anonymized)
Necessary cookies	Section 13/A(3) of Act CVIII of 2001	Until the data subject deletes them	Customer group (default end-user, retailer upon login)
Marketing cookies	Section 13/A(3) of Act CVIII of 2001	Until the data subject deletes them	Start of visit, end of visit, number and type of pop-up windows during visit
Cross-marketing cookies	Section 13/A(3) of Act CVIII of 2001	Until the end of the relevant visitor session	Start of visit, end of visit, anonymized user ID
Customer service cookies	Section 13/A(3) of Act CVIII of 2001	Until the end of the relevant visitor session	Start of visit, end of visit, anonymized user ID, started chat session ID

Potential Data Processors Authorized to Access Data: The Data Controller does not process personal data with the use of cookies.
Description of Data Subjects’ Rights Related to Data Processing: Data subjects can delete cookies in the browser’s Tools/Settings menu, usually under the privacy settings.
Legal Basis for Data Processing: No consent is required from the data subject if the sole purpose of using cookies is to transmit communication over an electronic communications network or if the service provider needs the cookie to provide an information society service explicitly requested by the subscriber or user.

Using Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. By activating IP anonymization on this website, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage for the website provider.
Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with future effect by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: Google Analytics Opt-out.

Facebook Pixel

The Facebook Pixel is a code that helps generate conversion reports, build target audiences, and provides detailed analytics on how visitors use the website. With the Facebook remarketing pixel tracking code, personalized offers and ads can be displayed to visitors on Facebook. The Facebook remarketing list is not suitable for personal identification. More information about the Facebook Pixel can be found here: Facebook Pixel Information.

Legal Remedies

To ensure the enforcement of data subjects' rights, the Data Controller will examine and decide on the legitimacy of any requests submitted by the data subject as soon as possible, but no later than one month from submission, and inform the applicant in writing (electronically, if the request was made electronically) free of charge. If you, as a data subject, have any questions or requests regarding the processing of your personal data by us, please contact us directly at morejoyfullife@gmail.com for information, access, rectification, blocking, deletion, withdrawal of consent, or objection.

Complaint Handling

Personal Data	Purpose of Data Processing
First and last name	Identification, communication
Email address	Communication
Phone number	Communication
Billing name and address	Identification, handling quality complaints, questions, and issues related to ordered products

Data Collection Facts, Categories of Data Processed, and Purpose of Data Processing:
Categories of Data Subjects: All data subjects purchasing on the website and submitting quality complaints.
Duration of Data Processing: Copies of complaint records and responses must be retained for 5 years based on Section 17/A(7) of Act CLV of 1997 on Consumer Protection.
Potential Data Processors Authorized to Access Data, Recipients of Personal Data: Customer service employees of the Data Controller can process personal data with respect to the above principles.
Description of Data Subjects’ Rights Related to Data Processing:
- The data subject can request access to, rectification, deletion, or restriction of processing of their personal data from the Data Controller, and
- the data subject has the right to data portability and to withdraw consent at any time.
Methods for Initiating Access, Deletion, Modification, or Restriction of Processing of Personal Data, and Data Portability:
- By post to 2621 Verőce Migazzi u.3.
- By email to morejoyfullife@gmail.com
Legal Basis for Data Processing: The data subject's consent, Article 6(1)(c), and Section 17/A(7) of Act CLV of 1997 on Consumer Protection
We inform you that:
- Providing personal data is based on a legal obligation.
- The processing of personal data is a precondition for concluding a contract.
- You must provide personal data to handle your complaint.
- Failure to provide data will result in us being unable to handle your complaint.

Customer Relations and Other Data Processing

If the data subject has any questions or issues while using the services provided by the Data Controller, they can contact the Data Controller via the methods provided on the website (phone, email, social media, etc.).
The Data Controller deletes emails, messages, phone numbers, and other data provided via Facebook, etc., including the name and email address of the interested party, along with any other personal data voluntarily provided, within a maximum of 5 years from the date of data provision.
Data processing not listed in this notice will be disclosed at the time of data collection.
In exceptional cases, the Service Provider may be required to provide information, transfer data, or make documents available upon lawful requests from authorities or as authorized by law.
In such cases, the Service Provider will only disclose the minimum amount of personal data necessary to fulfill the purpose of the request.

Rights of Data Subjects

Right of Access: You have the right to receive feedback from the Data Controller on whether your personal data is being processed, and if such processing is ongoing, to access your personal data and the information listed in the regulation.
Right to Rectification: You have the right to request the Data Controller to correct inaccurate personal data concerning you without undue delay. Considering the purpose of data processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to Erasure: You have the right to request the Data Controller to delete your personal data without undue delay, and the Data Controller is obliged to delete your personal data without undue delay under certain conditions.
Right to be Forgotten: If the Data Controller has made your personal data public and is obliged to delete it, the Data Controller will take reasonable steps, including technical measures, to inform other data controllers processing the personal data that you have requested the deletion of any links to, or copies or replications of, those personal data, considering available technology and the cost of implementation.
Right to Restrict Processing: You have the right to request the Data Controller to restrict processing if any of the following conditions apply:
- You contest the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the personal data;
- The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- The Data Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims;
- You have objected to processing pending verification of whether the Data Controller's legitimate grounds override your legitimate grounds.
Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to a Data Controller in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided.
Right to Object: In cases of processing based on legitimate interests or the exercise of official authority, you have the right to object at any time to the processing of your personal data, including profiling based on those provisions.
Right to Object to Direct Marketing: If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, personal data can no longer be processed for such purposes.
Right to Not Be Subject to Automated Decision-Making, Including Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- Is necessary for entering into, or the performance of, a contract between you and the Data Controller;
- Is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- Is based on your explicit consent.

Time Limit for Taking Action

The Data Controller will inform you of the action taken on a request without undue delay, and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. If the Data Controller does not take action on your request, the Data Controller will inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Data Security

The Data Controller and the Data Processor will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. These measures include, as appropriate: a) The pseudonymization and encryption of personal data; b) The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d) A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Notification of a Personal Data Breach to the Data Subject

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller will communicate the personal data breach to the data subject without undue delay. The communication to the data subject will describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in Article 33(3) of the GDPR. The data subject will not be informed if any of the following conditions are met:

The Data Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
The Data Controller has taken subsequent measures to ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
It would involve disproportionate effort. In such a case, there will be a public communication or similar measure whereby the data subjects are informed in an equally effective manner. If the Data Controller has not already communicated the personal data breach to the data subject, the supervisory authority, after considering the likelihood of the personal data breach resulting in a high risk, may require it to do so.

Reporting a Personal Data Breach to the Authorities

The Data Controller will report the personal data breach to the competent supervisory authority pursuant to Article 55 without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification to the supervisory authority is not made within 72 hours, it will be accompanied by the reasons for the delay.

Complaint Procedure

Data subjects can lodge complaints about potential data protection breaches with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box: 5. Phone: +36 -1-391-1400 Fax: +36-1-391-1410 Email: ugyfelszolgalat@naih.hu

Conclusion

The Data Controller’s data processing activities are governed by the following laws:

Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
Act V of 2013 on the Civil Code
Act C of 2000 on Accounting
Act CLXIV of 2005 on Trade
Act CLV of 1997 on Consumer Protection
Act CVIII of 2001 on Electronic Commerce Services and Information Society Services
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising
Act CL of 2017 on the Rules of Taxation
Act CLIX of 2012 on Postal Services
NGM Decree 19/2014 on the Rules of Procedure for Handling Warranty and Guarantee Claims for Items Sold under Contracts between Consumers and Businesses

MONEY-BACK GUARANTEE

If you are not satisfied with your product, you can return it within 14 days of delivery.

RELIABLE CUSTOMER SERVICE

We are available Monday to Friday from 9 am to 5 pm.
Contact us via e-mail.

FREE SHIPPING

Free shipping on ALL orders.

Privacy policy

Data Processed for Product Delivery

Customer Contact (Request for Information Electronically)

Handling Quality Complaints

Marketing Database, Newsletter, Advertisement Sending

Presence on Social Media (Facebook, Instagram, YouTube)

Data Processing System

Hosting Provider

Website Operation

Accounting Tasks, Billing

Email Services

Online Marketing Services

Cookie Management

Using Google Analytics

Facebook Pixel

Legal Remedies

Complaint Handling

Customer Relations and Other Data Processing

Rights of Data Subjects

Time Limit for Taking Action

Data Security

Notification of a Personal Data Breach to the Data Subject

Reporting a Personal Data Breach to the Authorities

Complaint Procedure

Conclusion

MONEY-BACK GUARANTEE

RELIABLE CUSTOMER SERVICE

FREE SHIPPING

ABOUT US

SITES

INFORMATION

Take your everyday life to the next level!

Got a Question?

Age Check

Privacy policy

Data Processed for Product Delivery

Customer Contact (Request for Information Electronically)

Handling Quality Complaints

Marketing Database, Newsletter, Advertisement Sending

Presence on Social Media (Facebook, Instagram, YouTube)

Data Processing System

Hosting Provider

Website Operation

Accounting Tasks, Billing

Email Services

Online Marketing Services

Cookie Management

Using Google Analytics

Facebook Pixel

Legal Remedies

Complaint Handling

Customer Relations and Other Data Processing

Rights of Data Subjects

Time Limit for Taking Action

Data Security

Notification of a Personal Data Breach to the Data Subject

Reporting a Personal Data Breach to the Authorities

Complaint Procedure

Conclusion

MONEY-BACK GUARANTEE

RELIABLE CUSTOMER SERVICE

FREE SHIPPING

Take your everyday life to the next level!

Got a Question?