Rosehip Kft. (hereinafter referred to as the Data Controller) is committed to protecting the personal data of its employees, business partners and third parties who come into contact with it and considers it particularly important to respect the right of informational self-determination of natural persons. The Data Controller always treats the personal data it processes confidentially and in compliance with the provisions of the law, and takes all security, technical and organizational measures that guarantee the security of the data.

1. Name and contact details of the data controller

1.1. Name of the Data Controller: Rosehip Kft. (tax number: 32629716-2-41, company registration number: 01-09-434340, registered office: Hungary 1135 Budapest, Kerekes utca 6. 5th floor, door 9).

1.2. The Data Controller receives all reports, complaints, notifications, and requests for information in connection with its data management activities at the electronic address rosehipkft@gmail.com.

2. Purpose of data processing

2.1. The Data Controller stores the data you provide solely for the purpose of fulfilling the order, later proving the order conditions, or sending newsletters. Your data will not be passed on to third parties, unless they act as our subcontractor for the purpose of fulfilling the contract, e.g. a courier service, which is not entitled to use, store, or pass on to third parties the data received from the Data Controller in any form. When processing your data, we act in accordance with Act LXIII of 1992 on the Protection of Personal Data and the Disclosure of Data of Public Interest.

3. Legal basis for data processing

3.1. Data processing is carried out based on the consent of the data subject / fulfillment of a legal obligation / fulfillment of a contractual obligation / legitimate interest of the Data Controller .

3.2. Relevant legal background: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (GDPR) Article 6

3.3. In the case of data processing based on voluntary consent, the data subject has the right to withdraw consent at any time. However, withdrawal does not affect the lawfulness of data processing carried out on the basis of consent before withdrawal.

4. Data processing method and data security

4.1. The Data Controller records and stores personal data electronically.

4.2. Person entitled to access (understand) the data: sole proprietors and employees who require access to personal data to fulfill their job obligations.

4.3. The Data Controller shall protect the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

4.4. The Data Controller selects and operates the IT tools used during data management in such a way that the data managed:

- accessible to those authorized to do so

- its authenticity and authentication are ensured

- its immutability can be verified

- protected against unauthorized access

be.

5. Duration of data processing

5.1. The Data Controller processes the data for the period necessary to achieve the purpose of data processing, and after this period, the data is deleted immediately.

6. Data transfer

6.1. The transfer of data will only take place in the event of a legal obligation, legal authorization, or the consent of the data subject. Possible recipients of the data transfer: court, authority, third party acting in the performance of a contract concluded with or for the benefit of the data subject (to the extent necessary for the performance of the contract).

7. Rights of data subjects and legal remedies

7.1. The data subject has the following rights in connection with data processing - within the framework of the mandatory legal provisions relating to data processing:

- the right to information related to data processing

- the right to access information related to data processing, including a copy of the personal data processed

- the right to correct or supplement inaccurate or incomplete personal data

- the right to restrict data processing

- the right to data portability

- the right to protest

- the right to erasure, provided that

- the processing of personal data is not necessary for the fulfillment of the Data Controller's legal obligation or for the establishment, exercise or defense of legal claims, and

- the purpose of the data processing has already been achieved, or

- the data subject – in the case of data processing based on consent – ​​the

withdraws his/her consent, or

- the data subject objects to the processing on a reasonable basis, or

- the processing of personal data is unlawful, or

- the obligation to delete arises from law.

7.2. The data controller shall inform the data subject without undue delay, but no later than one month from the receipt of the request, of the measures taken in response to the data subject's request for the exercise of his or her rights. In the event of the complexity of the data subject's request or the high number of requests, the deadline may be extended by a further two months, of which the Data Controller shall inform the data subject within one month from the receipt of the request, indicating the reasons for the delay. The Data Controller shall also inform the data subject within one month from the receipt of the request, at the latest, if the Data Controller does not take measures in response to the data subject's request. In this case, the information shall also include a description of the reasons for the failure to take action and the rights of redress available to the data subject.

7.3. In the event that the data subject considers that the processing of personal data concerning him or her violates the legal provisions governing data processing, in order to enforce his or her rights, the data subject may initiate court proceedings or file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation), Act CXII of 2011 on the right to informational self-determination and freedom of information, and Act V of 2013 on the Civil Code.

7.4. Contact details of the National Data Protection and Freedom of Information Authority:

- mailing address: 1530 Budapest, P.O. Box: 5.

- address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

- phone: +36 1 391 1400

- fax: +36 1 391 1410

- e-mail: ugyfelszolgalat@naih.hu

8. Ownership of information

8.1 I declare that Rosehip Kft. owns the information shown on the site. The content and design of the www.hip-hip.hu site are protected by international and Hungarian laws. It is also prohibited to sell, change or republish information and articles from it in any form. I reserve all further rights related to the published material and, if necessary, I will enforce them in court. Anyone who registers in the webshop considers the data protection declaration accepted and agrees with it.