DATA PROCESSING NOTICE
1. Data Controller
Next Stage Brands Limited Liability Company
Registered office: 1145 Budapest, Amerikai út 13.
Represented by: Levente Kircsi, CEO
Email: iroda@next-stage.hu
2. Data Processing Activities
Data:
Purpose of Data Processing:
Retention Period:
Legal Basis for Data Processing:
Rights:
For orders placed by individuals until fulfillment:
Name, email address, billing address, shipping address
Fulfillment of orders
8 years
Data processing is necessary for the performance of a contract. Providing the data is a requirement for placing an order. [GDPR Article 6(1)(b)]
Sections 4.2.-4.6.
For orders placed by companies until fulfillment:
Name, email address
Data processing is necessary for the performance of a contract and for the preservation within the warranty period. You have the right to object to the data processing at any time using the contact details provided in section 1. [GDPR Article 6(1)(f)]
Sections 4.2., 4.3., 4.5., 4.7.
After fulfillment:
Name, email address, billing address, shipping address (in the case of individuals' residential address)
Ensuring traceability
Data processing is necessary for our legitimate interest in preserving within the warranty period. You have the right to object to the data processing at any time using the contact details provided in section 1. [GDPR Article 6(1)(f)]
Sections 4.2., 4.3., 4.5., 4.7.
Data on issued invoices:
Name, billing address (in the case of individuals' residential address)
Compliance with legal obligations
Data processing is necessary to fulfill legal obligations. The retention of data is required for tax and accounting purposes. Providing the data is a requirement for placing an order. [GDPR Article 6(1)(c)]
4.2., 4.3., 4.5.
Profile used to access the program:
Email address, password
Ensuring program access
Until deletion
Data processing is necessary for the performance of a contract. Accessing the program is not possible without providing the data. [GDPR Article 6(1)(b)]
Sections 4.2.-4.6.
Contact information for company contacts:
Name, position, email address, phone number
Business communication
Until the termination of the business relationship or the change of the contact person
Data processing is necessary for the performance of a contract and for maintaining business contacts. You have the right to object to the data processing at any time using the contact details provided in section 1. [GDPR Article 6(1)(f)]
Sections 4.2., 4.3., 4.5., 4.7.
Subscription to newsletter:
Name, email address
Sending notifications about our news and promotions
Until unsubscribed
Consent provided by subscribing. The consent can be withdrawn at any time using the contact details provided in section 1. Withdrawal does not affect the lawfulness of data processing prior to withdrawal. [GDPR Article 6(1)(a)]
Sections 4.1.-4.6.
Personal data provided in inquiries:
Name, email address, other provided personal data
Responding to inquiries and handling complaints
1 year
Consent provided by submitting the inquiry. The consent can be withdrawn at any time using the contact details provided in section 1. Withdrawal does not affect the lawfulness of data processing prior to withdrawal. [GDPR Article 6(1)(a)]
Sections 4.1.-4.6.
Data provided on Facebook and YouTube channels:
Profile data
Information about current news, sharing experiences
Until the termination of tracking (unsubscribe)
Consent provided by following. The consent can be withdrawn by unsubscribing. Withdrawal does not affect the lawfulness of data processing prior to withdrawal. [GDPR Article 6(1)(a)]
Sections 4.1.-4.6.
Automatic logging of IP address when visiting the website
Technical development of the IT system, monitoring the operation of the service, generating statistics
30 days
Based on Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services, it is our legitimate interest to ensure the proper functioning of the website. You have the right to object to the data processing at any time using the contact details provided in section 1. [GDPR Article 6(1)(f)]
Sections 4.2., 4.3., 4.5., 4.7.
3. Data Processors and Other Data Controllers
3.1. Data Processors
The server and cloud services are provided by Rackforest Ltd. (registered office: 1132 Budapest, Victor Hugo utca 18-22, 3rd floor, 3008) and Amazon Web Services EMEA SARL (registered office: 38 Avenue John F. Kennedy, L-1855, Luxembourg);
IT services are provided by Panosys Ltd. (registered office: 7500 Nagyatád, Kiszely L. utca 6, building b, 1st floor, 3);
Our enterprise management system is provided by MiniCRM Ltd. (registered office: 1075 Budapest, Madách Imre út 13-14).
3.2. Other Data Controllers
Book deliveries are carried out by Magyar Posta Ltd. (registered office: 1138 Budapest, Dunavirág utca 2-6; data processing information: https://www.posta.hu/adatkezelesi_tajekoztato)
We use the ZOOM system for online meetings (Zoom Video Communications, Inc.; 5 Almaden Blvd, Suite 600; San Jose, CA 95113; data processing information: https://zoom.us/privacy#_Toc44414845)
Payment services by Barion Inc, Stripe Inc.
Invoice service by KBOSS.hu Ltd.
Companies operating social media platforms are separate data controllers:
Facebook and Instagram (Facebook Ireland Ltd.; registered office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; https://www.facebook.com/privacy/explanation; https://www.facebook.com/help/instagram/155833707900388/)
Youtube (Google Ireland Limited; registered office: Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/technologies/product-privacy?hl=en)
4. Your Rights
Regarding data processing, you have the rights outlined in points 4.1-4.7. If you wish to exercise any of these rights, please contact us using one of the contact details provided in point 1.
Verification
Before fulfilling your request, we need to verify your identity. To do so, you need to provide us with some personal data that is available to us.
Response to the Request
After verification, we will provide you with information regarding your request, either by mail or email, depending on the form of your inquiry.
Processing Time
We will inform you about the measures taken in response to your request no later than 1 (one) month from the receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this deadline can be extended by an additional 2 (two) months, about which we will inform you within the initial 1 (one) month processing time. If we fail to take action, we will notify you within the initial 1 (one) month processing time. In such cases, you can file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (point 5.1) and exercise your judicial remedies (point 5.2).
Fees for Processing
The requested information and measures are provided free of charge. An exception to this rule is if the request is clearly unfounded or excessive, in which case we may charge a fee or refuse to fulfill the request.
4.1. Withdrawal of Consent
You can withdraw your consent at any time regarding data processing based on your consent. The withdrawal does not affect the lawfulness of processing based on your previous consent.
4.2. Request for Information (Access)
You can request information about whether your personal data is being processed and, if so:
What is the purpose of the processing?
What specific data is being processed?
To whom are these data disclosed?
How long are these data stored?
What are your rights and remedies in relation to this?
From whom did we obtain your data?
Do we make automated decisions based on your personal data? In such cases, you can also request information about the logic/method used and the significance and expected consequences of such processing.
If you notice that your data is being transferred to an international organization or a third country (non-EU member state), you can request an explanation of the safeguards ensuring the proper handling of your personal data.
You can request a copy of the processed personal data (additional copies may be subject to an administrative fee).
4.3. Request for Rectification
You can request the correction or completion of your inaccurate or incomplete personal data.
4.4. Request for Erasure (Right to be Forgotten)
You can request the deletion of your personal data if:
The personal data is no longer necessary for the purposes for which it was collected or processed.
The processing was based on your consent.
It is determined that the processing of personal data is unlawful.
You have successfully exercised your right to object.
The personal data must be erased to comply with a legal obligation under EU or Member State law.
Personal data cannot be deleted if it is necessary:
For exercising the right to freedom of expression and information.
For compliance with a legal obligation that requires the processing by the data controller under EU or Member State law or for the performance of a task carried out in the public interest.
For the establishment, exercise, or defense of legal claims.
4.5. Request for Restriction of Processing
You can request the restriction of processing if any of the following applies:
If you contest the accuracy of the personal data, the restriction will apply for the period allowing us to verify the accuracy of the personal data.
If the processing is unlawful, but you oppose the erasure of the data and instead request the restriction of their use.
If we no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims.
If you have objected to the processing, the restriction will apply for the period until it is verified whether our legitimate grounds override yours.
During a restriction, except for storage, personal data may only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
4.6. Request for Data Portability
You can request to receive your processed personal data in a machine-readable format and have the right to transmit those data to another controller, or we can transmit them at your request if the processing is based on your consent or is necessary for the performance of a contract, and is carried out by automated means.
4.7. Right to Object to Processing
You have the right to object to the processing of your personal data when the legal basis for the processing is the legitimate interest of the Data Controller or a third party. In such cases, we will erase your personal data unless compelling legitimate grounds override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
5. Remedies
5.1. Lodge a Complaint with the National Authority for Data Protection and Freedom of Information (NAIH)
If you believe that the processing of your personal data infringes the provisions of the Data Protection Regulation, you have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).
NAIH (National Authority for Data Protection and Freedom of Information):
President: Dr. Attila Péterfalvi
Mailing address: 1374 Budapest, Pf. 603, Hungary
Address: 1055 Budapest, Falk Miksa utca 9-11, Hungary
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: http://naih.hu
Email: ugyfelszolgalat@naih.hu
5.2. Resort to Court
If you believe that the processing of your personal data is in violation of the provisions of the Data Protection Regulation and has infringed upon your rights under the Data Protection Regulation, you have the right to resort to court.
The court has jurisdiction over the adjudication of the case. The lawsuit may be filed before the court having jurisdiction over your place of residence or domicile, as chosen by the data subject. Any person who does not have legal capacity in litigation may also be a party to the lawsuit. The Authority may intervene in the lawsuit to protect the interests of the data subject. In addition to the provisions of the GDPR, the provisions of the Second Book, Third Part, Title XII (Sections 2:51-2:54) of the Civil Code of 2013 and other applicable legal provisions relating to litigation are also applicable to the court proceedings.
5.3. Compensation and Damages
If the Data Controller causes harm by unlawfully processing the data of the data subject or infringes upon the data subject's personality rights, the data subject is entitled to claim damages. The Data Controller is exempt from liability for the damage caused and the obligation to pay damages if it can prove that the damage or infringement of the data subject's personality rights was caused by an unavoidable circumstance beyond the scope of data processing.
6. Data Security
We make every effort, taking into account the state of the art, the costs of implementation, the nature of the data processing, and the risks to the rights and freedoms of natural persons, to ensure a level of data security appropriate to the risk. Personal data is always handled confidentially and with maximum resistance and recoverability in case of problems.
Last updated: April 2, 2023.