Rododendron Art Limited deems it the highest priority to protect the data provided by its Users and to ensure the right of informational self-determination. Rododendron Art Limited is committed to process the Users’ data that makes safe internet use possible while fully complying with all applicable laws and regulations.

Rododendron Art Limited processes Users’ personal data confidentially, in compliance with the applying laws and regulations. It ensures their protection, carries out the technical and organizational duties, and creates the processing rules that are required to enforce applicable laws, regulations and other recommendations.

Privacy Policy

The internet page https://www.rododendronart.com that you are visiting (hereinafter: webpage) is operated by Rododendron Art Kft. (Court registration: 13-09-197342, Tax number: 14204692-2-13).

Rododendron Art Kft. (Hereinafter: Processor) as Provider carries out package sending, web commerce activity during which it is processing personal data.

If you provide personal data (name, address, email, phone number, fax number) using the website by signing up, shopping online or some other way, you consent to the use of that data for a particular reason and also to giving it to third party providers. About this process, we’re informing you about the following.

The Processor processes Users’ personal data confidentially, in compliance with the applying laws and regulations. It ensures their protection, carries out the technical and organizational duties, and creates the processing rules that are required to enforce applicable laws, regulations and other recommendations.

Processor is has considered Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) and Civil Code 2013. V. Law in particular.

Processor fully complies with the above and regulations of the 2011. CXII. Law on information freedom and information self-determination and processes the data provided through the internet the same protected way as data provided by other avenues, eg. email, fax, postal mail.

Provisions

Data Controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means (including the instruments used) of the processing of personal data.

Data Processor: the natural or legal person, public authority, agency or any other body which is contracted – including the contracts made according the guidelines – processes the data.

Processing: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.

Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity

The Data Subject’s Consent: means any freely given specific, informed and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.

The controller implements appropriate measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing, taking into account in particular the risks represented by the processing and the nature of the data to be protected.

Per your request, the Processor will provide information about the data processing, you can ask for the correction of your data at any time and – not including the obligatory processing – you can request the deletion or blocking of your data. The Processor will block your data instead of deleting it if you specifically request it or if the available information suggests that the deletion would be against your interest.

Personal data blocked this way can only be processed until the processing goal that excludes deletion is existing.

Data processing is only possible if the User carries out clear confirmative acts – declaration in writing, including by electronic means. The consent is concrete, information based and clear for the purpose of processing personal data of the user.

The User is entitled to have the Processor delete the User’s personal data without delay per the User’s request. The Processor is obliged to delete the User’s personal data without reasonable delay, if the reason for collecting and processing the data no longer exists.

The Processor uses the data according to the principles of goodwill and transparency.

The processor uses the data provided confidentially and only in conjunction to the activity specified. It does not transfer the data to third parties, unless they are acting as a subcontractor to carry out the duties of the processor. Eg. courier service. Third parties are not authorized to use, keep or transfer the data.

Providing personal or any other data on the website is voluntary in all cases. The consent is given by the User by filling out the sign-up page, by filling out the buyer / payment data, after acknowledging this privacy policy page and checking the box indicating consent before proceeding. With this consent the User agrees for the Processor to use and store the data for the purpose and the duration of providing the service.

The User is assuming unlimited responsibility for filling out the contact form and/or buyer/payment information voluntarily and properly informed. The Processor cannot check the validity of the data provided and if they were indeed provided by the User. The User is solely responsible for the validity of the data provided. The Processor is not responsible for any possible data abuse and the direct or indirect damages caused by it.

The Purpose of Data Processing

The purpose of data processing (by the Processor) is that the data provided by the User purposefully through the website and other avenues (email, fax, postal mail, etc.) can be used for the following purposes:

• purchasing products
• purchasing services
• fulfilling orders
• documenting the proper fulfillment of orders
• controlling the orders
• invoicing
• proof of products and services provided
• customer service (as in satisfaction surveys, product reviews)
• newsletters or sending other relevant information.

The Processor uses the provided data for the above purposes and cannot and will not use them for any other purpose.

The Legal Grounds for Data Processing

The User’s consent is grounded

• in the Regulation on the protection of personal data of natural persons and the free movement of data (EU) 2016/679 Regulation 6. article (1) paragraph a) point
• 2011. CXII. law (Info tv.) 5. § (1) on information self-determination and freedom of information
• 2001. CVIII. law (Eker tv.) 13/A. § (3) paragraph on certain aspects of electronic commercial services and services connected to information society

The Scope of Data Processed

The given name, family name, email address, phone number, postal/physical address of the User, the date of purchase and the specifics of the products purchased.

The Data Processing Period of Time

The processor, is obligedto retain data for a minimum of 5 years, as per 2011. CXII. law (Info tv.) 15. § (3) paragraph.

The Data Processor is obliged to do the following regarding the persona data processed:

The Data Processor is obliged to do the following regarding the persona data processed:

• the safe storage of the data during the duration of the data processing, data deletion and physical destruction of data after the duration
• safeguard the data from unauthorized access and from unauthorized tampering
• continuous training and monitoring employees’ knowledge of the provisions of the Privacy Policy
• paperwork and other documents necessary for the operation of the shop – if at all possible – should be kept in a lockable safe or a drawer/locker with a safe lock after opening or working hours. Documents containing personal data cannot be stored on desktops after working/closing hours.

During the automated processing of personal data, the Data Processor is obliged to prevent unauthorized data input:

• preventing use by unauthorized personnel, by unauthorized communication devices
• to ensure the control and determinability of what organizations could have received or did receive personal data through communication devices
• to ensure the control and determinability of who entered the personal data into the automatic data processing device
• in case of a system failure, that systems can be restored and errors occurring during automatic data processing are logged.

Personal data cannot be deleted, if the data processing is required by law. E.g. if during a contractual obligation an invoice is issued, the data on the invoice must be kept until the deadlines determined by tax and bookkeeping laws.

Access to Data

Besides the Data Processor and the employees of the Data Processor only contracted partners can access personal data, to the extent needed to carry out the necessary operations and services.

By registering, Users give permission to the Data Processor to join the processed data for statistical and information purposes, in order for effective operation. Joined data cannot be given to any third party, they are only available for the Data Processor’s employees. In every case, when the Data Processor intends to use the data for a different purpose than it was provided for, it is obliged to inform the User and obtain the User’s prior consent. The Data Processor must provide the possibility for the User to withdraw this consent at any time.

The User does not consent to making his/her personal data public.

User can require information about the processing of the User’s personal data, the method, duration, time, place, or any other activity connected to data processing. User can withdraw his/her consent at any time.

The withdrawal of consent means the deletion of the User’s registration, and the deletion of the User’s data from the Data Processor’s database. In case of withdrawing consent, email privacy@rododendronart.com

Data Processor will delete personal data upon the request of the User, or when the purpose of data processing ceases, or when the deadline set by law expired or if a court or any other authority determines so.

Cookies

We hereby inform that on this webpage, the Data Processor uses small data packages, so called Cookies for the identification of the User. Cookies do not contain personal information like name or email address.

Cookies are small information packages that are placed on the browser or device as a website in visited. The cookies make it possible to recognize the visitor at the following visit and along with that provide safety functions and user-friendly functions making enriched user-experience possible during using the website. Cookies cannot be read by another website. Contrary to common belief, cookies cannot be used for spying or obtaining unauthorized information collections, as webservers can only read information from cookies that they themselves entered in. The servers already had the information because either the User provided it, or it does not pertain to the User.

Most browsers have a “Help” function in the Menu bar, providing information about how the User can (in the browser):

• block cookies
• receive new cookies
• how you can set your browser to set new cookies
• how to block other cookies

In case User does not want to allow Google Analytics to use the data above for measuring, you can install this blocking add-on:

https://tools.google.com/dlpage/gaoptout

You can also set your browser to let you know when a cookie is placed or to block cookies. If you block cookies, the website remains fully functional.

You can find more information about cookies used by this website in the Cookie Policy that you can find here.

Rights Enforcement Possibilities

With any data processing questions or comments you can contact the representatives of the Data Processor at the privacy@rododendronart.com email address.

User can make a complaint regarding data processing directly at Hungary’s National Data Protection and Information Freedom Authority (Nemzeti Adatvédelmi és Információszabadság Hatósághoz) Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: http://www.naih.hu)

In case his/her rights are violated, User can turn to a court. The determination of a court case is the responsibility of the court. The suit – per the choice of the User – can also be started before a court by the address / residence of the User. Per the request of the Data Processor, the User can be advised on the possibilities of remedy.

Contact Information of Data Processor:

Seat: 2049 Diósd, Hungary Szent Gellért utca 18/A
Representative: Andrea Gál executive
Phone: +36 70 419 5329
E-mail cím: privacy@rododendronart.com