Privacy Policy

Privacy Policy (GDPR)

Name and Contact Details of Data Controller

Data Controller: Udvarnoki Eszter Ev. (hereinafter referred to as Data Controller)
Mailing Address: 1042 Budapest, Petőfi u. 20 7/40
Email: bastion.showroom@gmail.com
Phone: +36 20 458 30 86
Website: www.bastionatelier.com

Legal Basis, Purpose, Scope, and Duration of Data Processing on the Website

Information on the Use of Cookies

What is a Cookie?

The Data Controller uses cookies on the website. A cookie is a packet of information consisting of letters and numbers sent by our website to your browser to save certain settings, facilitate the use of our website, and help collect relevant statistical information about our visitors. Cookies do not contain personal information and cannot identify individual users. They often contain an individual identifier, a secret, randomly generated sequence of numbers, stored on your device. Some cookies are deleted after the website is closed, while others are stored on your computer for a longer period.

Legal Basis and Legal Background of Using Cookies:

The background for data processing is provided by the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act) and the Act CVIII of 2001 on Electronic Commerce and on Information Society Services. The legal basis for data processing is your consent in accordance with Section 5(1)(a) of the Info Act.

Main Characteristics of Cookies Used by the Website:

Strictly Necessary Cookies: These cookies are essential for the use of the website and enable basic functions of the website. Without these cookies, many features of the site will not be available to you. These types of cookies are only valid for the duration of the session.

Performance-Enhancing Cookies: These cookies collect information about how users use the website, such as which pages they visit most often or what error messages they receive. These cookies do not collect information that identifies the visitor, thus they work with completely general, anonymous information. The data obtained from these cookies are used to improve the performance of the website. These types of cookies are only valid for the duration of the session.

RTB Personalized Retargeting Cookies: These can appear for previous visitors or users when browsing other websites on the Google Display Network or searching for terms related to your products or services. Visitors to the website can opt out of using RTB technology by clicking the following link: RTB Opt-Out.

If you do not accept the use of cookies, certain functions will not be available to you. More information on deleting cookies can be found at the following links:

Data Processing Related to Orders and Billing

Legal Background and Legal Basis of Data Processing:

The background for data processing is provided by the Info Act and the Act C of 2000 on Accounting. The legal basis for data processing is your consent in accordance with Section 5(1)(a) of the Info Act, and in the case of withdrawal of consent, the legal obligation of the Data Controller to comply with the provisions of the Act on Accounting in accordance with Section 6(5)(a) of the Info Act.

Purpose of Data Processing:

Issuing invoices in compliance with legal regulations and fulfilling the obligation to retain accounting documents. According to Section 169(1)-(2) of the Act on Accounting, business entities must retain accounting documents that directly and indirectly support accounting records.

Scope of Data Processed:

Name, address, email address, phone number.

Duration of Data Processing:

Invoices must be retained for 8 years from the date of issuance in accordance with Section 169(2) of the Act on Accounting. If you withdraw your consent for issuing an invoice, the Data Controller is entitled to retain your personal data obtained during the issuance of the invoice for 8 years based on Section 6(5)(a) of the Info Act.

Legal Background and Legal Basis of Data Processing:

The background for data processing is provided by the Info Act. The legal basis for data processing is your consent in accordance with Section 5(1)(a) of the Info Act.

Purpose of Data Processing:

In the case of goods delivery, the purpose of data processing is to deliver the ordered goods to you through our contractual partner, adapted to your needs.

Scope of Data Processed:

Name, address, email address, phone number.

Duration of Data Processing:

The Data Controller processes the data until the ordered goods are delivered.

Additional Data Processing

If the Data Controller wishes to carry out additional data processing, they will provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).

We inform you that the Data Controller must comply with written data requests from authorities based on legal authorization. The Data Controller keeps records of data transmissions in accordance with Section 15(2)-(3) of the Info Act (to which authority, what personal data, on what legal basis, and when the Data Controller transmitted the data), and provides information on the content of these records upon request, except where the provision of information is excluded by law.

Data Storage Related to Data Processing Activities

Data Storage Provider: Shopify Inc.
Contact Information: 150 Elgin Street, 8th Floor, Ottawa, Ontario K2P 1L4, Canada

Data Storage for Direct Marketing (Sending Newsletters)

Data Storage Provider: Mailchimp
Contact Information: 512 Means St Suite 404, Atlanta, GA 30318, USA

Data Security Measures

The Data Controller declares that they have taken appropriate security measures to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage, and to prevent access due to changes in the technology used.

Rights Related to Data Processing

During the period of data processing, you are entitled to:

  • the right to be informed,
  • the right to rectification,
  • the right to erasure,
  • the right to restrict processing,
  • the right to object.

You can request information about the processing of your personal data from the Data Controller during the period of data processing. The Data Controller provides information in writing, in an understandable form, about the data processed, the purpose, legal basis, and duration of data processing, and if data was transmitted, who received the data and for what purpose, within the shortest possible time, but no later than 25 days from the submission of the request.

You can request the Data Controller to rectify your personal data during the period of data processing. The Data Controller complies with the request within 15 days.

You can request the deletion of your personal data, which the Data Controller complies with within 15 days. The right to erasure does not apply if the Data Controller is required by law to further store the data or if the Data Controller is entitled to further process the data in accordance with Section 6(5) of the Info Act (e.g., in connection with billing).

You can request the Data Controller to restrict the processing of your personal data if the final deletion of the data would harm your legitimate interests. Restricted personal data may only be processed as long as the purpose that precluded the deletion of the personal data exists.

You can object to the processing of your personal data if:

  • the processing or transmission of personal data is necessary only for the fulfillment of the Data Controller's legal obligation or for the enforcement of the legitimate interest of the Data Controller, data recipient, or third party, except in the case of mandatory data processing and as specified in Section 6(5) of the Info Act;
  • the use or transmission of personal data is for direct marketing, public opinion polling, or scientific research purposes without your consent.

The Data Controller examines the objection within the shortest possible time, but no later than 15 days from the submission of the request, makes a decision on its merits, and informs you in writing of the decision. If the Data Controller does not comply with your request for rectification, restriction, or deletion, they provide the factual and legal reasons for the refusal within 25 days of receiving the request, in writing or, with your consent, electronically.

Legal Remedies

If you believe that the Data Controller has violated any legal provision related to data processing or has not complied with any of your requests, you may initiate an investigation procedure by the National Authority for Data Protection and Freedom of Information (mailing address: 1530 Budapest, Pf.: 5., email: ugyfelszolgalat@naih.hu) to terminate the presumed unlawful data processing.

Additionally, we inform you that in the event of a violation of legal provisions related to data processing, or if the Data Controller does not comply with any of your requests, you may take legal action against the Data Controller.

Registration in the Data Protection Register

According to the provisions of the Info Act, the Data Controller must register certain data processing activities in the data protection register.

Modification of the Data Processing Information

The Data Controller reserves the right to modify this data processing information. By using the website following the entry into force of the modification, you accept the modified data processing information.