Privacy Policy

Data Controller
Name: Dr. Fanni Alexandra Gyuró
Registered Address: 67 Brassó Road, 1112 Budapest, Hungary
Mailing Address, Complaints: 67 Brassó Road, 1112 Budapest, Hungary
E-mail: fyriee.shop@gmail.com
Phone Number: +36 70 701 3125
Website: https://fyriee.com

Hosting Provider
Name: Tárhely.Eu Szolgáltató Kft.
Mailing Address: 4 Ormánság Street, 1144 Budapest, Hungary
E-mail: support@tarhely.eu
Phone Number: +36 1 789 2789

Description of Data Processing during Webshop Operation

This document contains all relevant information on data processing related to the operation of the webshop based on the European Union’s General Data Protection Regulation (EU GDPR) 2016/679 (hereinafter: Regulation, GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.).

Information on the Use of Cookies

What is a cookie?

The Data Controller uses so-called cookies during the website visit. A cookie is a package of information consisting of letters and numbers sent by our website to your browser to save certain settings, facilitate the use of our website, and help collect some relevant statistical information about our visitors.

Some cookies do not contain personal information and cannot identify individual users, but some contain unique identifiers—a secret, randomly generated number—that your device stores, enabling your identification. The operational duration of individual cookies is described in their respective explanations.

Legal basis and justification for cookies:

We generally distinguish three types of cookies: essential cookies necessary for the proper operation of the website, statistical cookies, and marketing cookies.

The legal basis for data processing is your consent for statistical and marketing cookies according to Article 6(1)(a) of the GDPR, and the legitimate interest necessary for the operation of the website for essential cookies according to Article 6(1)(f).

Main characteristics of cookies used by the website:

Essential cookies:
If you do not accept these cookies, certain functions may not be available to you.

Strictly necessary cookies:
These cookies are indispensable for using the website and enable basic functions. Without these cookies, many features of the website will not be accessible. Their lifespan is limited to the session duration only.

• Session cookie: Stores visitor’s location, browser language, and payment currency. Lifespan is until browser closes or maximum 2 hours.

• Cookie acceptance cookie: Stores your acceptance of the cookie policy via the notification banner. Lifespan: 365 days.

• Backend identifier cookie: Identifies the backend server. Lifespan until browser closes.

Statistical cookies:
Google Analytics cookie:
Google Analytics is a Google tool that helps website and app owners better understand visitor activities. The service may use cookies to collect and report statistical data about website usage without individually identifying visitors to Google. The main cookie used is “__ga.” Besides statistical reports, Google Analytics, together with some advertising cookies, can help display more relevant ads on Google products (e.g., Google Search) and across the internet.

Cookies for improving user experience:
These cookies collect information about your website usage (e.g., most visited pages, error messages). They do not collect personally identifiable information and work only with anonymous, aggregated data to improve website performance. Lifespan limited to session duration.

• Referrer cookies: Record which external website you came from. Lifespan until browser closes.

• Last viewed product cookie: Records products you last viewed. Lifespan: 60 days.

• Cart cookie: Records products placed in your cart. Lifespan: 365 days.

More information about deleting cookies can be found at the following links:

• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito

• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

• Chrome: https://support.google.com/chrome/answer/95647

• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Data Processed for the Purpose of Contract Conclusion and Performance

Several data processing activities may occur for the purpose of contract conclusion and performance. Please note that data processing related to complaint handling or warranty administration only occurs if you exercise any of the rights mentioned.

If you do not purchase via the webshop but only visit it, then the provisions regarding marketing data processing may apply to you, provided you have given us marketing consent.

Detailed data processing activities related to contract conclusion and performance:

Contact

For example, if you contact us by email, contact form, or telephone with a question about a product. Prior contact is not mandatory; you can order from the webshop anytime without prior contact.

• Data processed: The data you provide during the contact.

• Duration of data processing: We process the data only until the contact is concluded.

• Legal basis of data processing: Your voluntary consent given through contacting the Data Controller. [Regulation Article 6(1)(a)]

Registration on the Website

By storing the data provided during registration, the Data Controller can provide more convenient services (e.g., you do not have to re-enter your data for a subsequent purchase). Registration is not a condition for contract conclusion.

• Data processed: The Data Controller processes your name, address, phone number, email address, product characteristics purchased, and the date of purchase.

• Duration of data processing: Until you withdraw your consent.

• Legal basis of data processing: Your voluntary consent given during registration. [Regulation Article 6(1)(a)]

Order Processing

Data processing activities necessary for contract performance occur during order processing.

• Data processed: The Data Controller processes your name, address, phone number, email address, product characteristics, order number, and purchase date.

If you place an order in the webshop, data processing and providing data are indispensable for contract performance.

• Duration of data processing: We process the data for 5 years according to the civil law statute of limitations.

• Legal basis of data processing: Performance of the contract. [Regulation Article 6(1)(b)]

Invoice Issuing

The data processing is carried out for issuing invoices according to legal requirements and fulfilling accounting document retention obligations. According to Article 169 (1)-(2) of the Accounting Act, companies must retain accounting documents directly or indirectly supporting accounting records.

• Data processed: Name, address, email address, phone number.

• Duration of data processing: According to Article 169 (2) of the Accounting Act, invoices must be retained for 8 years from the issue date.

• Legal basis of data processing: According to Section 159 (1) of Act CXXVII of 2007 on VAT, issuing an invoice is mandatory, and according to Section 169 (2) of the Accounting Act, invoices must be retained for 8 years. [Regulation Article 6(1)(c)]

Data Processing Related to Product Delivery

The data processing is carried out to deliver the ordered product.

• Data processed: Name, address, email address, phone number.

• Duration of data processing: The Data Controller processes the data during the delivery period of the ordered goods.

• Legal basis of data processing: Performance of the contract. [Regulation Article 6(1)(b)]

Recipients and Data Processors Related to Product Delivery

Recipient Name: FoxPost Ltd.
Recipient Address: 84 Dózsa György Road, Building B, 1068 Budapest
Recipient Phone Number: +36 1 999 0 369
Recipient Email: info@foxpost.hu
Recipient Website: foxpost.hu

The courier service cooperates in the delivery of ordered goods based on a contract with the Data Controller. The courier handles personal data according to its own privacy policy available on its website.

Recipient Name: Magyar Posta Zrt. (Hungarian Post)
Recipient Address: 2-6 Dunavirág Street, 1138 Budapest
Recipient Phone Number: +36 1 767 8200
Recipient Email: ugyfelszolgalat@posta.hu
Recipient Website: posta.hu

The courier service cooperates in the delivery of ordered goods based on a contract with the Data Controller. The courier handles personal data according to its own privacy policy available on its website.

Recipient Name: Packeta Hungary Ltd.
Recipient Address: 2 Ezred Street, 1044 Budapest
Recipient Phone Number: +36 1 400 8806
Recipient Email: info@packeta.hu
Recipient Website: packeta.hu

The courier service cooperates in the delivery of ordered goods based on a contract with the Data Controller. The courier handles personal data according to its own privacy policy available on its website.

Data Processed Regarding the Verifiability of Consent

During registration, ordering, or newsletter subscription, the IT system stores technical data related to consent for future verifiability.

• Data processed: The time of consent and the IP address of the data subject.

• Duration of data processing: Due to legal requirements, consent must be provable later; therefore, data is stored for the statute of limitations period following the termination of data processing.

• Legal basis of data processing: Regulation Article 7(1) stipulates this obligation. [Regulation Article 6(1)(c)]

Marketing-related Data Processing

Data processing related to newsletter sending

The data processing is performed to send newsletters.

• Data processed: Name, email address.

• Duration of data processing: Until the data subject withdraws consent.

• Legal basis of data processing: Your voluntary consent provided by subscribing to the newsletter. [Regulation Article 6(1)(a)]

Additional Data Processing

If the Data Controller intends to carry out further data processing, prior information will be provided about the essential circumstances of such processing (legal background and legal basis, purpose of processing, scope of processed data, duration).

Recipients of Personal Data

Data processing for data storage

• Data processor name: Tárhely.Eu Szolgáltató Kft.

• Contact details:

  • Phone: +36 1 789 2789

  • Email: support@tarhely.eu

  • Address: 1144 Budapest, Ormánság u. 4.

  • Website: https://tarhely.eu

The Data Processor stores personal data under contract with the Data Controller and is not entitled to access personal data.

Data processing related to newsletter sending

• Newsletter service provider: The Rocket Science Group LLC.

• Address: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

• Email: privacy@mailchimp.com

• Website: mailchimp.com

The Data Processor cooperates with the Data Controller in sending newsletters, processing the subject’s name and email address only to the extent necessary for newsletter distribution.

Data processing related to invoicing

• Data processor name: Számlázz.hu (KBOSS.hu Kft.)

• Address: 1031 Budapest, Záhony utca 7.

• Phone: +36 30 354 4789

• Email: info@szamlazz.hu

The Data Processor cooperates with the Data Controller in maintaining accounting records, processing the subject’s name and address to the extent necessary, and for the period prescribed by law (Accounting Act 169 § (2)).

Data processing related to online payments

• Data Controller: OTP Mobil Kft.

• Address: 1138 Budapest, Váci út 135-139. B. ép. 5. em.

• Phone: +36 1 366 6611

• Email: ugyfelszolgalat@simple.hu

• Website: https://simple.hu

The payment service provider cooperates with the Data Controller for processing online payments. During the purchase process, data transmission occurs to the payment provider, who processes your billing name, address, order number, and date according to their privacy policy.

• Purpose of data transmission: to provide transaction data necessary for payment processing.

• Legal basis: Performance of the contract between you and the Data Controller (Regulation Article 6(1)(b)).

Your Rights During Data Processing

During the period of data processing, you have the following rights according to the Regulation:

• Right to withdraw consent

• Right to access personal data and information about data processing

• Right to rectification

• Right to restriction of processing

• Right to erasure (right to be forgotten)

• Right to object

• Right to data portability

Exercising your rights requires identification and communication with the Data Controller. You may need to provide personal data for identification (based only on data already held by the Data Controller). If you are a customer and wish to identify yourself for complaint or warranty management, please provide your order ID.

The Data Controller will respond to complaints regarding data processing within 30 days.

Right to Withdraw Consent

You may withdraw your consent to data processing at any time, after which your data will be deleted from our systems. Please note:

• If you withdraw consent before order fulfillment, delivery may not be possible.

• Billing data cannot be deleted after purchase due to accounting law requirements.

• Data may be processed despite withdrawal if the Data Controller has a legitimate interest, e.g., to enforce claims.

Right to Access Personal Data

You are entitled to confirmation from the Data Controller on whether your personal data is being processed. If so, you may:

• Access your personal data

• Receive information on:

  • Purpose of processing

  • Categories of personal data processed

  • Recipients of personal data

  • Storage duration or criteria

  • Your rights regarding data correction, deletion, restriction, objection

  • Complaint rights to supervisory authorities

  • Source of data if not collected from you

  • Existence of automated decision-making including profiling, logic, significance, and consequences

Multiple requests may incur a reasonable fee.

Access is provided via email after identification or through user account if registered.

Please specify in your request if you want access to personal data or information about data processing.

Right to Rectification

You have the right to request correction of inaccurate personal data without undue delay.

Right to Restriction of Processing

You may request processing restrictions if:

• You contest accuracy until verified

• Processing is unlawful but you oppose erasure and request restriction instead

• Data is no longer needed by Data Controller but needed by you for legal claims

• You object to processing pending verification of overriding legitimate interests

Restricted data may only be processed with consent, legal claims, protection of others’ rights, or public interest.

The Data Controller will notify you at least 3 working days before lifting restrictions.

Right to Erasure (“Right to be Forgotten”)

You may request deletion without undue delay if:

• Data no longer necessary for purpose

• You withdraw consent and no other legal basis exists

• You object to legitimate interest processing and no overriding interest exists

• Processing was unlawful and complaint confirmed this

• Legal obligation requires deletion

If data was made public and deletion is required, reasonable steps will be taken to inform other controllers to delete links or copies.

Deletion does not apply if processing is necessary for:

• Freedom of expression and information

• Legal obligations (e.g., invoicing data retention)

• Legal claims enforcement or defense

Right to Object

You may object at any time for reasons related to your particular situation to processing based on legitimate interest. The Data Controller must stop processing unless it demonstrates overriding legitimate grounds or legal claims.

For direct marketing, you can object anytime; processing for this purpose must cease immediately.

Right to Data Portability

If processing is automated or based on your consent, you may request your data in a structured, commonly used, machine-readable format (e.g., XML, JSON, CSV) and request transmission to another controller if technically feasible.

Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal or significant effects. The Data Controller must ensure human intervention rights, including expressing your views and contesting decisions.

Exceptions apply if:

• Decision necessary for contract performance

• Permitted by law protecting your rights with safeguards

• Based on your explicit consent

Data Protection Registration

Under the Information Act, the Data Controller had to register certain data processing activities. This obligation ended on May 25, 2018.

Data Security Measures

The Data Controller declares having taken appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, destruction, accidental loss, damage, and inaccessibility due to technology changes.

Data Processors are also required to apply suitable security measures.

Legal Remedies

If you believe the Data Controller violated data protection laws or did not fulfill your requests, you may file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH):

• Mailing address: 1363 Budapest, Pf. 9.

• Email: ugyfelszolgalat@naih.hu

• Phone: +36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400

You may also initiate a civil lawsuit against the Data Controller in court.

Changes to Privacy Notice

The Data Controller reserves the right to modify this privacy notice in ways that do not affect the purpose or legal basis of data processing. Continued use of the website after changes constitutes acceptance.

If further processing beyond the original purpose is intended, you will be informed beforehand about:

• Storage duration or criteria

• Your rights (access, correction, deletion, restriction, objection, data portability)

• Right to withdraw consent

• Complaint rights

• Whether providing data is mandatory or voluntary and consequences of refusal

• Automated decision-making, profiling, logic, and consequences

Data processing based on consent starts only after you give it following the information.