1. General guidelines
  • We collect and process personal data only in accordance with applicable laws.
  • Personal data will only be transferred to third parties with consent.
  • Under no circumstances will we sell the personal data we manage to third parties.
  • We store data as securely as possible.
  • We only send newsletters to those who have given their prior and clear consent.
  • The data subjects can request to view, modify or delete the data stored about them at any time.
  1. Data and contact details of our company (data controller, Service Provider).

Name of the data controller: 3H Garden Kft.

Contact information of the data controller: 3045, Bér, Kossuth út 17.

Telephone: +36305233045

E-mail: info@the3hourgarden.com

Web: www.the3hourgarden.com

Tax number: 27506303-2-12

The service provider reserves the right to amend this Data Management Information, of which it will inform the affected parties in an appropriate manner. Information related to data management is published on the shop.the3hourgarden.com website.

  1. Definitions according to the GDPR (Regulation).

3.1. Data subject/User: any natural person identified or – directly or indirectly – identified on the basis of personal data;

3.2. personal data: data that can be associated with the data subject – in particular the data subject’s name, identification mark, and one or more pieces of information characteristic of his or her physical, physiological, mental, economic, cultural or social identity – as well as the conclusion about the data subject that can be drawn from it;

3.3. consent: the voluntary and firm statement of the data subject’s wishes, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations;

3.4. data controller: the natural or legal person or organization without legal personality who, independently or jointly with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or implements them with the data processor;

3.5. data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);

3.6. data transfer: making the data available to a specific third party;

3.7. disclosure: making the data available to anyone;

3.8. data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible;

3.9. data processing: the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;

3.10. data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract, including a contract concluded under the provisions of the law;

3.11. data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

  1. The scope of the managed data, the purpose and duration of the data management and the processor of the data
Type of managed data Purpose of data management Duration of data management Legal basis of data management The processor of the given personal data
Username Identification, registration. Until consent is revoked Consent of the data subject.
Password Secure access to the user account. Until consent is revoked Consent of the data subject.
Name Contact, consultation of arising questions. Until consent is revoked Consent of the data subject.
E-mail Contact, consultation of arising questions. Until consent is revoked Consent of the data subject.
Phone number Contact, consultation of arising questions. Until consent is revoked Consent of the data subject.
Billing name and address Regular invoice issuance, contract creation and then fulfillment. We process the data for 5 years according to the civil law statute of limitations. CXXVII of 2007 on VAT. On the basis of § 159, paragraph (1), the issuance of the invoice is mandatory and on the basis of § 169, paragraph (2) of Act C of 2000 on accounting.
Delivery name and address Enable home delivery. Until the ordered goods are delivered. Fulfillment of contract. [Data management according to Article 6 (1) point b) of the Regulation]
Date of purchase/registration Proof of consent. Az adatkezelés megszűnését követő elévülési ideig Article 7 (1) of the Regulation prescribes this obligation for the limitation period following the termination of data management. [Data management according to Article 6 (1) point c) of the Regulation]
The IP address at the time of purchase/registration Proof of consent. For the limitation period following the termination of data management Article 7 (1) of the Regulation stipulates this obligation. [Data management according to Article 6 (1) point c) of the Regulation]

Scope of stakeholders: All stakeholders registered/purchased on the webshop website.

We share personal data only and exclusively with the third party indicated in the “Processor of the given personal data” column, in order to fulfill the obligations contained in the contract.

Data and tasks of data processors used during data management

Hosting provider

Name: ELIN Kft.

Address: 7900 Szigetvár, Szent István ltp 17. IV/25.

Telephone: +36 30 2222 444

E-mail: info@elin.hu

Web: www.elin.hu

Tax number: 14315754208

Company registration number: 08 09 016359

Accounting tasks

Name: AGRO-KO BT.

Address: 6077, Orgovány, Vörösmarty u. 10.

E-mail: konyvelo.palasti@gmail.com

Tax number: 20488725103

Company registration number: 03 06 104768

4.1 Contact form:

Type of data handled Purpose of data management Duration of data management Legal basis for data management
Name Contact 90 days after the last contact with the data subject Consent of the data subject during contact
Email Contact 90 days after the last contact with the data subject Consent of the data subject during contact
Telephone Contact 90 days after the last contact with the data subject Consent of the data subject during contact
Other personal data that you provide when contacting the person concerned 90 days after the last contact with the data subject Consent of the data subject during contact

The scope of those affected: People who contact us by phone, e-mail or via the contact form.

We do not share personal data with third parties.

  1. Newsletter, direct marketing activity

We only send the newsletter to Users who have expressly consented to this in advance. Consent is made using the “Newsletter subscription” form.

Type of data handled Purpose of data management Duration of data management Legal basis for data management
Name Send a newsletter Until withdrawal (unsubscription). Consent of the data subject
E-mail Send a newsletter Until withdrawal (unsubscription). Consent of the data subject
Date of consent and IP address of the person concerned. Verifiability of consent Until withdrawal (unsubscription). Article 7 (1) of the Regulation stipulates this obligation.

Scope of stakeholders: All stakeholders who subscribed to the newsletter.

The operator of the newsletter sending system and the data processor of the data:

Name:

Title:

5.1 Procedure for withdrawing consent (unsubscribing).

The person concerned can unsubscribe from the newsletter at any time, free of charge. Unsubscribing can be done using the link sent in the newsletters, or via e-mail sent to the e-mail address EMAIL ADDRESS HERE.

  1. Management of cookies

6.1 What is a cookie?

The Data Controller uses so-called cookies when visiting the website. The cookie is an information package consisting of letters and numbers that our website sends to the affected browser with the aim of saving certain settings, facilitating the use of our website and contributing to the collection of some relevant, statistical information about our visitors. Cookies do not contain personal information and are not suitable for identifying an individual user. Cookies often contain an individual identifier – a secret, randomly generated string of numbers – that is stored on the affected device.

Some cookies are deleted after closing the website, and some are stored on your computer for a longer period of time.

6.2. Legal background and legal basis for the management of cookies

Cookies typical for online stores are the so-called “cookie used for a password-protected session”, “cookies required for the shopping cart” and “security cookies”, the use of which does not require prior consent from the data subjects.

The fact of the data management, the scope of the managed data: Unique identification number, dates, times

Scope of stakeholders: All stakeholders visiting the website.

Purpose of data management: Identification of users, tracking of visitors.

Legal basis for data management: Infotv. Consent of the data subject in accordance with Section 5 (1) point a).

6.3 Duration of data management, deadline for deleting data: the website uses the following cookies:

  • Security cookies: __cfduid, _biz_flagsA, _biz_nA 3, _biz_pendingA, _biz_sid, _biz_uid
  • Google Analytics cookies: _ga, _gid
  • Cookies required for proper use of the site:

The person of the possible data controllers entitled to access the data: The data controller does not manage personal data through the use of cookies.

Description of data processing rights of data subjects: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.

If the data subject does not accept the use of cookies, certain functions will not be available to the data subject. You can find more information about deleting cookies at the following links:

  • Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-managecookies#ie=ie-11
  • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-yourcomputer
  • Chrome: https://support.google.com/chrome/answer/95647?hl=en
  • Safari: https://support.apple.com/kb/ph21411?locale=en_US
  1. Google Analytics

7.1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.

7.2. The information created by cookies related to the website used by the User is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.

7.3. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.

7.4. Within the scope of Google Analytics, the IP address transmitted by the User’s browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User’s website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en

  1. Google Adwords conversion tracking and remarketing

8.1. The data controller uses the online advertising program called “Google AdWords”, and also uses Google’s conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).

8.2. When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.

8.3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.

8.4. Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.

8.5. The information – obtained with the help of conversion tracking cookies – serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.

8.6. If you do not want to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. After that, the data subject will not be included in the conversion tracking statistics.

8.7. Further information and Google’s privacy policy are available at www.google.de/policies/privacy/

8.8. Google AdWords Remarketing

8.9. Data management as a remarketing activity is carried out with the help of cookies.

Managed data

Data managed by cookies specified in the cookie information.

Duration of data management

The data storage period of the given cookie, more information is available here:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analytics information:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Legal basis for data management

The voluntary consent of the person concerned, which he gives to the service provider by using the concerned website.

  1. Rights of data subjects

9.1 Right to information

At the request of the data subject, the Service Provider, as a data controller, provides information about the data it manages, or processed by the processor commissioned by it, its source, the purpose, legal basis, duration of data processing, the name and address of the data processor and its activities related to data processing, the circumstances of the data protection incident, about its effects and the measures taken to prevent them, as well as, in the case of data transfer, about its legal basis and recipient. The data controller shall provide the information in writing at the request of the data subject in an understandable form as soon as possible, but no later than 30 days after the submission of the request. This information is free of charge if the information requester has not yet submitted a request for information to the data controller regarding the same data set in the current year. In other cases, the Service Provider determines reimbursement.

9.2 Right of rectification

The Service Provider corrects personal data if it does not correspond to reality and personal data corresponding to reality is available.

9.3 Right to block

The Service Provider locks the personal data if the data subject requests this, or if, based on the available information, it can be assumed that the deletion would harm the legitimate interests of the data subject. Locked personal data can only be processed as long as the data management purpose that precluded the deletion of personal data exists. The Service Provider marks the personal data it manages if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.

9.4 Right to erasure

The Service Provider deletes personal data if its processing is illegal, the data subject requests it, the processed data is incomplete or incorrect – and this situation cannot be legally remedied – provided that the deletion is not precluded by law, the purpose of the data management has ceased, or the data storage law the specified deadline has expired, it was ordered by the court or the National Data Protection and Freedom of Information Authority.

9.5 Procedural rules

The data manager has 30 days to delete, block, or correct personal data. If the data controller does not comply with the data subject’s request for correction, blocking or deletion, within 30 days, the reasons for the refusal will be communicated in writing or electronically with the consent of the data subject. The Service Provider will notify the data subject of the correction, blocking, marking and deletion, as well as all those to whom the data was previously transmitted for the purpose of data management. The notification is omitted if this does not violate the legitimate interest of the data subject in view of the purpose of the data management.

9.6 Objection

The data subject may object to the processing of his personal data if

  1. a) the processing or transmission of personal data is necessary only to fulfill the legal obligation of the data controller or to assert the legitimate interests of the data controller, data receiver or third party, unless the data processing is mandated by law;
  2. b) in other cases specified by law.

The Service Provider examines the objection as soon as possible, but no later than 15 days after the submission of the application, makes a decision on its validity, and informs the applicant of its decision in writing. If the data controller determines that the objection of the data subject is well-founded, the data management – including further data collection and transmission – will be terminated and the data will be locked, as well as notify all those to whom the personal data affected by the objection was previously transmitted about the objection and the measures taken based on it. and who are obliged to take measures to enforce the right to protest.

If the data subject does not agree with the decision made by the data controller, he may appeal to the court within 30 days of the decision being made.

The Service Provider cannot delete the data of the data subject if the data management is mandated by law. However, the data cannot be forwarded to the data recipient if the data controller has agreed to the protest, or the court has established the legitimacy of the protest.

9.7. Right to portability

If the data management is carried out in an automated way or if the data management is carried out by the data subject

based on his voluntary consent, the data subject has the right to request from the Data Controller that the data subject

requested data provided to the Data Controller by the Data Controller in xml, JSON, or csv

format, if this is technically possible, you can request

that the Data Manager forwards the data in this form to another data manager.

9.8 Damages and damage fee

The Service Provider compensates the damage caused to others by the illegal handling of data of the data subject or by violating data security requirements. In the event of a violation of the data subject’s right to privacy, the data subject may demand damages (§ 2:52 of the Civil Code). The data controller is also liable to the data subject for the damage caused by the data processor. The data manager is exempted from responsibility if the damage was caused by an unavoidable cause outside the scope of data management.

The data manager will not reimburse the damage and no damages may be claimed if the damage resulted from the intentional or grossly negligent behavior of the injured party or the violation of privacy rights.

9.9 Right to go to court

In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.

9.10 Complaint

You can file a complaint with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Pf.: 5.

Phone: +361/391-1400

Fax: +361/391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

  1. Data security

The service provider plans and implements data management operations in such a way as to ensure the protection of the privacy of the data subjects.

The data processor ensures the security of the data, takes the technical and organizational measures and develops the procedural rules that Info tv. and are necessary to enforce other data and confidentiality rules.

The service provider uses appropriate measures to protect the data, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as inaccessibility resulting from changes in the technology used.

During data management, the service provider keeps:

  • confidentiality: it protects the information so that only those who have the right to access it can access it
  • integrity: protects the accuracy and completeness of the information and the method of processing
  • availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

The IT system and network of the service provider and its partners involved in data management

computer-aided fraud, espionage, sabotage, vandalism, fire and flood are equally protected,

as well as computer viruses, computer hacking and denial of service

against attacks. The operator is responsible for security with server-level and application-level protection procedures

takes care of.

  1. Current legislation used for the data management information
  • CXII of 2011. Act – on the right to self-determination of information and freedom of information (Infotv.)
  • Act V of 2013 – on the Civil Code (Ptk.)
  • CLV of 1997. law – on consumer protection (Fgytv.)
  • XIX of 1998 law – on criminal procedure (Be.)
  • CVIII of 2001 Act – on certain issues of electronic commercial services and services related to the information society (Eker. tv.)
  • Act C of 2003 – on electronic communications (Eht.)
  • XLVIII of 2008 Act – on the basic conditions and certain limitations of economic advertising activity (Grt.)
  • The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information
  • GDPR, the European Parliament and the Council No. 2016/679 Regulation on the management and protection of the personal data of natural persons and the free flow of data

2022.09.12.