Data Management Information

In harmony with the European Union’s Data Management Regulations, Titatuta.com controls strictly the handling of personal information. The EU GDPR regulations specify that we must give information to our users in a short and comprehensible way concerning the data management regulations and processes in effect.

Our data management information offer a detailed description on how we handle the personal data of our customers and the users of our website; what kind of personal data we handle, on what legal basis we handle, what aim we use them for, who we give them to, and what rights You have concerning the management of your own personal data.

Because of changes in laws, a change in data management information might also be necessary in the future, but we will inform you in any cases if this happens! If the changes require the consent of the concerned person, we will ask for your approval of our data management policy again if this is necessary.

Data Management Principles:

  1. handling data legally and fairly, and in a way that it is transparent for the concerned person (“legality, righteous process and transparency”);
  2. collecting data can happen only for a defined, clear and legal purpose, and these data mustn’t be handled in a way that is incompatible with this purpose (“purpose-bound”);
  3. must be relevant to the aim and must be limited to necessary information only (“data saving”);
  4. it must be accurate and up-to-date if necessary; we must do every reasonable measure in order to delete or correct those personal data which are considered to be inaccurate from the point of view of the aim of data collection (“accuracy”);
  5. storage must happen in a way that makes possible the identification of the concerned people only to the time necessary for achieving the original aim of personal data collection; the storage of personal data for a longer period of time than necessary can take place only if the management of personal data will take place according to the (1st) paragraph of article 89 for public interest archiving purposes, for scientific and historic researches, or for statistical purposes, regarding also the implementation of suitable technical and organizational measures specified to protect the rights and freedom of the ones concerned in this decree (“limited storability”);
  6. data handling must happen only in such way that the proper safety of personal data is ensured - including also the protection against unauthorized and illicit handling, accidental loss, annihilation, or damage of this data - by applying suitable technical and organizational measures, (“integrity and private nature”);
  7. The data manager is responsible for meeting the above mentioned criteria, furthermore they also have to be capable to prove this adequacy (“accountability”).

Basic concepts:

Personal data: All information referring to an identified or identifiable natural person (concerned person). A natural person is identifiable if he/she directly or indirectly can be identified, especially on the basis of some kind of an identifier, for example name, number, location data, online nickname, or on the basis of any factor, or several factors related to his/her physical, philosophical, genetic, mental, economic, cultural or social identity.

Concerned person: The subject of data handling, a natural person who is identified, or – directly or indirectly - can be identified by some definite personal data.

Data handling: Any operation or a collection of operations performed in an automated or not automated method on the personal data or data files, like collection, fixation, systematization, subdivision, storage, transformation or changing, by asking down information, observation, utilization, communication transmission, dissemination or making data accessible in any other kind of methods, harmonizing, or linking, limiting, deleting, and destruction of data.

Data manager: A natural or legal person, public authority, agency or any other kind of authority, who defines the goals and tools of handling personal data on his/her own or together with others; if EU regulations or member state laws determine the aim and tools of personal data management, the person of the data manager, or the specific standpoints pertaining the assignment of a data manager can be defined by EU regulations or the laws of the member state as well.

Data processor: A natural or legal person, or legal organization that does not have a legal personality, who or which practises data processing on the basis of a contract, including contracts based on legal provisions as well.

Personal type of information and data that are concerned in data management

Based on the GDPR personal data is any data related to the concerned person – especially the concerned person name, tax ID number, and one or several pieces of information characterizing physical, physiological, mental, economic, cultural or social identity – or conclusion pertaining to the concerned person that can be deducted from the data.

From the concerned registered user’s personal data we handle their name, billing address and delivery address, telephone number and email address.

The Titatuta.com does not check the personal data given by the concerned person. The concerned person is the one who is solely responsible for the accuracy of the given data. When giving his/her email address, the concerned person takes responsibility also that he/she uses the service from the given email address exclusively. Regarding the taking of this responsibility, all kinds of responsibility related to the logging in from a given email address is to be held by the concerned person who registered that specific email address.

 

All personal data get to our handling through the concerned person’s voluntary information giving (registration, purchase). Considering personal data, the following information get/can get to our management:

  • identification data, which include surname and family name (name), billing address, delivery address, nickname and password;
  • contact data, these are the personal information which allows contact, thus these include email address and telephone number;
  • order data, which are data related to the ordered items or services, like delivery and payment methods, including the administered list of complaints too;
  • settings, which mean such data that one’s account contain, mainly the saved addresses and profiles, newsletter settings, taking part in announced games, membership in loyalty programmes, shopping lists, list of watched items (product watch), the rating of products and services and filled-in questioners;
  • information gathered during the use of customer service, such as recorded conversations, identification of sent mail, including such identifiers like IP address as well.

 

We do not ask for and do not handle data related to payments, thus we do not ask for and do not handle bank account numbers, credit card numbers, pin codes and verification codes/data.

During payment processes, such data concerning the transaction might be asked for by our partners who operate payment processes, but such information do not get to the management of Titatuta.com.

There is one exception to this, namely the bank account data related to refund processes (bank account number, data of the accounting bank, the data of a beneficiary person), which we delete immediately after the closing of refund transaction.

Handling of further information:

When the concerned person visits Titatuta.com website, because of technical reasons, we store the following technical data in our log files:

  • the IP address of the equipment used by the concerned person;
  • the website from where the concerned person visited us (reference link);
  • the time and duration of the visit to the Titatuta.com website;
  • the browser, operation system, and the settings of the operation system used by the concerned person.

 

We store the data for maximum 60 days because of technical alertness, in order to protect our data processing system against unauthorized log-ins.

Beyond the handling of personal data, during the activity of concerned persons, further information is generated, which we also handle with great care. We handle these data separately and we might store them for statistical purposes, ensuring the anonymity of data (they mustn’t be related to the concerned person). We collect and handle these data by applying the Google Analytics system (further information: google.com).

 

We manage the same way:

  • activity data, with the help of which we can follow online activity, such as browsing, especially the opened and viewed products and services, clicking data (from newsletter and from our website) moving methods on our website, and the scrolling of the screen, and the data of the equipment form which one browsed our website, like IP address and the derived place, the identification of the equipment, its technical parameters, like for example the operation system and its version number, the screen resolution, the used browser and its version number, and information gathered from cookies and similar technologies aiming the identification of the equipment;
  • derived data, which are derived from the settings, information from the purchased items and services, information related to the attitude showed on the website, and information related to the reading of newsletters sent via email.

Other purpose data management

We store and utilize the concerned person’s data when they contact us on phone, via email, or via the contact form on our site, or if they send information to us in any other possible way and so their data get to our care.

Beside this, we store and utilize their personal data and technical information in such measure as it is necessary in order to avoid improper, incorrect, unethical usage or illegal activity on Titatuta.com, or to assist proceedings up against such activity, for example in case of an IT attack against our system to maintain data protection. Handling your personal data, in case of legal obligation, your data might be handed over to legal authorities, or to courts. Also as part of possible requisition management, to ensure the rights and to support the claims of Titatuta.com, your data might be handed over to legal authorities and courts.

When we transmit the concerned person’s personal data to the data processor, the Titatuta.com takes responsibility for the observance of legal regulations pertaining to data management. Thus we transmit the data of the concerned person only to such partner companies and service units, with whom we contracted data processing contract and who take responsibility in this contract for the protection of the received data.

As part of fulfilling your order we transfer your personal data (payment and delivery data) for card management, account management, and delivery logistical companies, postal services contracted with Titatuta.com for delivering our products.

The aim, method, time and duration of storing personal data:

One can handle personal data exclusively for a defined reason, in order to practise rights and fulfil obligations. Only such personal data can be managed which are essentially necessary for the materialization of the aim of the data management, or suitable to reach this aim. Personal data can be handled and stored only for the time necessary for the materialization of this aim. Personal data can be handled exclusively if the concerned person gives his/her consent to it, if a law or – on the authority based on a law, in the measure defined in it - a local council’s decree ordains it referring to public interest.

For the validity of a legal notice containing the consent of a young adult concerned who turned 16, the permission of his/her legal representative, or the past-factum consent of him/her is not necessary.

Within the regulations of the GDPR we collect, process and utilize the concerned person’s personal data, especially when they visit Titatuta.com, when they register or log in, or when they order products from our web shop. We handle your personal data only to the extent corresponding to the current legislation and to the present document, and with the consent of the concerned person.

During the ordering process we gather, process and use the personal data given by the concerned person within the framework of current data management laws. Those information that are necessary for the fulfilment of the service claimed by the concerned person appear on the form as compulsory fields, the providing of all other data is voluntary.

For the contracting and implementation of the contract of sale, depending on some cases, other contact information may also be needed, like for example name, delivery and billing address, and the information given on the payment method that the concerned person choose. Beside this we also use the concerned person’s data to update our customer database, in order to store only relevant information there.

On Titatuta.com you have chance to avoid typos and to correct your personal data before finalizing your order.

We may store personal data several different ways, including the online database of the website, and the offline (paper-based) storage too, which are defined by laws. Considering online data storage in general, in case of registration we store your data until the cancellation of the account (voluntary modification or deletion of the registration), and in case of purchase we store your data until the closing of the transaction.

Considering offline storage, we store solely those data that are related to purchase, according to the type of the buying, for 5+1, 8, but maximum 10 years. These are created through the filling out of bills, delivery notes, or customs forms, which we have to keep in such form, and for as long as it is defined in the current laws.

According to the GDPR, the concerned person has the right to withdraw his/her consent to the data management at any time! The duration of the data managing process lasts from the registration to the deletion of the registration. Accounting documents (filled in invoices, delivery notes, customs forms) are exception to this rule, which we store depending on their type, according to current laws for 5+1, 8, but maximum 10 years. Those documents which we have to store because of legal, or contractual obligations in order to reserve our commercial register, instead of cancellation, are locked in order to prevent their utilization for other purposes.

We fulfil the destruction of data immediately after the expiry of the deadline, but maximum within 5 workdays, later on they won’t be accessible or restorable.

 

According to the method and type of giving information we store personal data for the below intervals:

The form of data management The aim of data management Legal basis The circle of handled data The duration of data management
Registration Purchasing on our website, satisfying customer demands and customization of website services, giving information pertaining to contract fulfilment, legal enforcement, on behalf of handling customer rights Related to contract and based on our mutual interest Identification data, order data, contact data For the general limitation period after the deletion of a registration or counted from the time of the last purchase, that is 5 years, +1 year
Billing, delivery data Filling in invoice, delivery note, customs form Data management ordered by a law Identification data Limitation time defined by law but for maximum 10 years
Newsletter service Keeping in touch with customers, informing them about sales and discounts The consent of the concerned person Contact data, settings, behaviour data, derived data Withdrawal of consent
Online marketing Showing personalized offers based on the analyzation of customer habits The consent of the concerned person Settings, behaviour data, derived data Withdrawal of consent
Customer service data management Handling customer demands and complaints, taking orders, quality assurance of services, correcting and rising the quality level of services Linked to contract and based on our mutual interest Identification data, order data, contact data, information collected during the use of customer service Data related to the handling of complaints – 1 year, data related to orders, the general limitation period after the order, that is 5 years, +1 year
Handling log files Because of IT protection measures Based on our mutual IT protection interest Behaviour data 5 years

Data processing

We handle all data recorded by us as data processors. This means that we define the functions of certain personal data, the tools of the data management and we are responsible for the proper completion of the process.

In most cases we, as data processors, handle your personal data only for our own purposes, with constant recognition and security of the concerned person’s interest.

In some cases we may transmit your data to our partners in order to ensure all details related to your order, like payment, delivery and other conditions. In case you consent to it, we may also transmit your personal data to advertising and social media websites to promote the appearance of customized ads for you on further websites.

In case we involve any further data processor (in payment transactions, during delivery and customs processes), we sign a contract with the data processor in all cases based on article 28. of the GDPR, and we inform the concerned person properly about this arrangement.

We store the concerned person’s personal data exclusively on servers located inside EEA (European Economic Area, namely the EU and Iceland, Norway, Lichtenstein) countries. We store the concerned person’s personal data solely on our own servers, but because of security reasons, we apply temporary data storage on outer data storing devices.

Should the need for international data transmission occur, we will inform the concerned person and ask for his/her consent if it is necessary!

Pseudonym user accounts

Within the framework of legal provisions, for advertising and marketing research purposes and also to adjust our services more and more to our customers’ needs, based on customer accounts, we create statistics anonymously and evaluate them.

Electronic messages, advertisements and newsletter

We store the email address provided by the concerned person in order to send information on the products and discounts offered by Titatuta.com. If you do not wish to receive newsletters, you may block this function any time by clicking on the link included in one of the newsletters, or by sending a notice to Titatuta.com in the form of postal letter sent to the data processor’s address, or via the contact form.

Such electronic informational notices, which are not considered newsletters because they do not contain any direct offers, and which are necessary for the fulfilment of the contract and thus for the operation of Titatuta.com as well, for example like information on services or fee payment packages (for example: confirmation of orders, contract documents, or the processing of payments), cannot be blocked, since the sending of these notices are the mutual interest of Titatuta.com and our customers, contractors. We send these messages to the concerned person’s email address.

The use of cookies

We must use cookies on Titatuta.com.

Cookies are such text files that do not contain personal data, and which facilitate the more comfortable use of the website. The setting serving the showing of the basket’s content is an example to this. Cookies contain a clear letter/number combination, which identifies the browser used by the concerned person. These cookies are stored on your computer only temporarily, and they move to the server of Titatuta.com only when the concerned person visits the website.

By visiting the website, the user gives his/her consent to that the website can send one or more cookies (a little file that contains a string of characters) to the user’s computer, thus its browser can be identified simultaneously.

You can check, delete or define the method of application of the cookies stored on your computer by the help of the settings of your browser.

If the concerned person block the use of cookies in his/her browser this can result in that some functions of Titatuta.com might become limited or entirely inaccessible for the user!

Cookies are insured by Google, Facebook and by us, the use of the former ones happen within the system of Google Adwords and Facebook Pixel, while the use of the latter happen within the web shop. The web shop sends these cookies to the user’s computer only if he/she visits certain subpages, the operator stores only the mere fact and time of a visit to the subpage, other information and data are not stored.

The application of the sent cookies are the following: with the help of these cookies outer providers store whether the user has made a visit earlier to the advertising site, and on the basis of this, they visualize ads for the user on the websites of their partners. Users can block Google cookies on the website provided for blocking Google ads (this can also mean for the users that on the Network Advertising Initiative site, they can block the cookies of outer providers too).

Applied cookies include: analytics, following, following through a website, and logging in, user identification cookies. A “Help” function can be found in the menu bar of most browsers, this function can give you information on how to block cookies in your browser, how you can accept new ones, or how you can block other cookies.

 

Google Analytics: Our site uses Google Analytics programme, the web analytics service of a Google Inc. ("Google"). Google Analytics work with cookies too, these are such text files that are stored on the concerned person’s computer, and they facilitate the analysis of the use of our website. Information, which is collected by cookies, and which pertain to the use of our website by the concerned person, they are usually moved to the Google server in the USA, and they are stored there too. However the concerned person’s IP address are transmitted in a previously shortened form only, if it can be found in one of the member states of the European Union, or in countries that signed the agreement of the European Economic Area. The entire IP address is transmitted to the Google server in the USA, and is shortened there, only in special cases. Google uses these information in order to evaluate the use of the website by the concerned person, in order to create reports on the visiting of the website, and to provide further services to the operator of the site in connection with website usage. Google does not combine this IP address sent within the framework of Google Analytics with other kinds of Google data. The concerned person can prevent the storage of these cookies by adjusting their browser properly. In addition to this, if you download and install the browser aid software (plugin) from the Google website, you can prevent the data created by cookies, containing the concerned person’s website usage information (like IP address) to be transmitted to and processed by Google.

Google AdWords remarketing: when visiting our website, we send one or more cookies (a little file that contains a string of characters) to the user’s computer, due to which the user’s browser can be identified simultaneously. These cookies are insured by Google, the application of them happens within the system of Google Adwords. We send these cookies to the user’s computer only if he/she visits certain subpages, thus we store only the mere fact and time of a visit to the subpage, other information and data are not stored. With the help of these cookies outer providers, among them Google too, store whether the user has made a visit earlier to the advertising site, and on the basis of this, they visualize ads for the user on the websites of their partners. Users can block Google cookies on the website provided for blocking Google ads.

Facebook Pixel remarketing: the site uses Facebook Pixel codes. Facebook Pixel codes are such codes with the help of which a report is made on our site on the conversions, we can compile target audience and we get detailed analytic data on that how people use our site. We use these information to display more relevant ads on the advertising channels of Facebook. We do not give data to Facebook Pixel which are suitable for identification, but in case you are logged in to other services of Facebook while you are browsing our website, Facebook, as data manager, can identify you and you activity on titatuta.com. You can find further information on Facebook Pixel here: https://www.facebook.com/business/help/651294705016616

The transmitting of personal data to authorities

In case of magisterial or judicial requests, if the authority properly define the basis of data conveyance, we transmit your stored personal data that the state authority asks for according to point C paragraph (1) in the 6th article of GDPR. The data manager convey personal data to the state authority – in case only if the precise aim and the range of data are properly marked – in such amount only which is necessary for the realization of the aim of the data transmission request. Before such data service we ascertain whether all conditions of the request is given an every case, and if yes, we satisfy the request.

Protection of data

The security of your personal data is very important for us. Thus, we protect all of your personal and technical data stored by Titatuta.com with technical and organizational measures, and we do every expected step in order to prevent the access and manipulation of these data by a third party.

 

We choose and operate IT equipment used for the handling of personal data in such way that their

  • accessible for the authorized persons is provided (availability);
  • credibility and authentication is provided (credibility of data management);
  • invariability is verifiable (data integrity);
  • protection against unauthorized accessibility (confidentiality of data) is ensured.

 

We take care of the security of personal data with technical, organizational and institutional measures, which provide a proper security level against the risk factors related to the storage of personal data, and during data management they preserve the

  • confidentiality (unauthorized persons mustn’t access personal data);
  • integrity (protect the accuracy and totality of the information and the method of processing);
  • availability (we ensure that when the authorized user needs it, he/she must access the required data, and that the equipment linked to this must be also available) of data.

 

The IT system and network of the data manager is protected against fraud, spying, sabotage, vandalism carried out by computers, against floods and fire damage, in addition to this it is also protected against computer viruses, computer burglary, and attacks aiming for service surrender. We provide safety with server level and application level security proceedings.

In case of data protection incidents, the data manager will do any necessary measures, and will cooperate with the users and declares that he/she has suitable regulations for handling data protection incidents.

Your rights and legal remedy in connection with your personal data

According to the provisions of the GDPR, the concerned person has the right to ask for information about personal data handled by Titatuta.com, and also to modify or cancel his/her personal data. Those data, which we have to store because of legal, juristic or contractual obligations in order to preserve commercial register, are blocked instead of being deleted, this way we can prevent being utilized for other aims.

When we intend to use your personal data – because of legal regulations - which demands the concerned person’s consent, we ask explicit permission from the concerned person, and his/her permission will be stored according to data protection policy (logging).

The permission once given can be withdrew any time freely, and/or the concerned person can protest against such future usage of his/her data like advertisement, market research and opinion research. The technical transition of the concerned person’s protest or the withdrawal of his/her consent to data management (the realization of this in the database) lasts for maximum 5 workdays, thus, during the time of this transition the concerned person might still receive messages from Titatuta.com. The permission or blocking of messages can be done on the mail address of the data manager, or via the contact form.

In order to be able to practise either of the following rights, please contact us via the customer service of Led promenade.

 

The concerned person has the right

  1. to ask copies of information referring to data management, and the processed data (right to access GDPR article 15);
  2. to ask the rectification of inaccurate data or the correction of incomplete data (right for correction GDPR article 16);
  3. to ask for the cancellation of his/her personal data, furthermore, if his/her personal data is made public, he/she also has the right to ask the conveyance of his/her request for deletion for other data managers as well, (right for cancellation GDPR article 17);
  4. to ask for the restriction of data management GDPR article 18);
  5. to acquire the personal data pertaining to you in a structured, generally applied, and readable form, and also to ask for the handing over of these data to another data manager (the right for data portability GDPR article 20);
  6. to protest against data management (the right for protest GDPR article 21);
  7. to withdraw his/her consent at any time – only in case of data management based on consent - but the withdrawal of the consent does not affect the legality of the data management of the previous time period. (the right to withdraw consent, GDPR article 7 paragraph 3);
  8. to present his/her complaint for the supervisory authority, if he/she believes that the data management is unstatutable in some way. (the right to complain to supervisory authority GDPR article 77)

 

Some of your rights can be put across by logging in to your profile as well, under the menu “Profile”, “My data”, this way you can download the data of the concerned person, correct these information or delete your profile, thus validating your right to protest. Your consent to newsletter service can be withdrew by clicking on the link at the bottom of the newsletter. The technical transition of the concerned person’s protest or the withdrawal of his/her consent to data management (the realization of this in the database) lasts for maximum 5 workdays, thus, during the time of this transition the concerned person might still receive messages from the Led promenade.

We arrange all other requests pertaining to the validation of rights related to data management forthwith, but at maximum within 30 days. In exceptional cases, especially if the request is difficult, we have the right to lengthen this period with another 60 days. Of course we will inform you about such prolongations and our reasons for them.

According to your right to access, you can ask for copies of those personal data we handle, the first such photocopy is free, the data manager will charge expenses for all further copies.

The concerned person can hand in a complaint about our data management to the Hungarian National Data Management and Freedom of Information Authority (Szilágyi Erzsébet fasor 22/c, Budapest H-1125, Hungary, telephone: +36 1 391-1400, fax: +36 1 391-1410, E-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu), or he/she initiate a litigation as part of further legal remedy. He/she can start the lawsuit at the court competent according to the concerned person’s permanent or temporary address.

If the data manager causes damage by the illicit usage of the concerned person’s personal data, or by violating the requirements of data management, the data manager must compensate for the damage; in addition to this, if the data manager violates someone’s personal data, the concerned person can ask for a grievance fee.

 


Notice: Undefined index: data in /home/creartmd/public_htmls/titatuta/Template/Titatuta/HTML/part_cookiebox.php on line 11