top of page
Modern Bedroom

Privacy Policy

This privacy policy sets out the data protection and data management principles applied by the Service Provider on the www.elegantthome.eu website and related social networking sites (hereinafter referred to as "websites"), as well as at its headquarters and premises, and informs customers about them in a clear and comprehensible manner. This Privacy Policy should be read only in the context of the activities of Home Staging, Real Estate Marketing and Sales Support and Full Management.

 

 

PRIVACY AND DATA PROTECTION POLICY 

Effective: 15.06.2021

 

 

General provisions

Amatrine Design Ltd., registered office: 8243 Balatonakali, Csárdás u. 26. 1., tax number: 32155374-1-19, e-mail: hello@elegantthome.eu, telephone: +36 30 082 9252 (hereinafter referred to as the "Service Provider", "Data Controller"), as the operator of Elegantt Home, is subject to the following information.

 

I provide the following information pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

 

It is available on the following page:

 

https://www.elegantthome.eu/adatvedelem

 

Amendments to the Policy will enter into force upon publication at the above address. By accessing and using the Website, the Customer accepts to be bound by these provisions.

 

The purpose of the Policy is to define the scope of the personal data processed by the Data Controller, the methods of processing and to ensure compliance with the constitutional principles of data protection and data processing, data security requirements, in order to respect the privacy of the natural persons of the User in the automated processing and processing of personal data of the data subjects.

 

This privacy policy sets out the data protection and data management principles applied by the Service Provider on the website www.elegantthome.eu and on the related social networking sites (hereinafter referred to as "websites") and on its premises as a place of accommodation and informs customers thereof in a clear and comprehensible manner. 

 

1. Interpretative provisions

1.1 Data Controller:

 

The natural or legal person or unincorporated entity that, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has the data processed by a processor.

 

1.2 Data Management:

 

Any operation or set of operations which is performed on data, regardless of the procedure used, such as collection, recording, organisation, storage, alteration, use, consultation, retrieval, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as any further use of the data

the taking of photographs, audio or video recordings, and the recording of physical characteristics that can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans).

 

1.3 Personal data:

 

Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;

 

1.4 Consent:

 

A voluntary and explicit expression of the data subject's will, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, whether in full or in relation to specific operations.

 

1.5 Processing of data:

 

The performance of technical tasks related to processing operations,regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

 

1.6 Data Processor:

 

A natural or legal person or an unincorporated body who or which carries out the processing of data on the basis of a contract, including a contract concluded pursuant to a legal provision.

 

1.7 Data Subject:

 

Any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.

 

2. Company:

8243 Balatonakali, Csárdás utca 26. 1. 

Tax number: 32155374-1-19

E-mail: hello@elegantthome.eu

Phone: +36 30 082 9252

 

3. This policy only covers the processing of data of natural persons, given that personal data can only be understood in relation to natural persons.

3.1 Website

 

During visits to the www.elegantthome.eu website, one or more cookies - small pieces of information sent by the server to the browser and then returned by the browser to the server for each request directed to the server - are sent to the Client's computer, which will allow the Client's browser(s) to be uniquely identified. These cookies are used solely to improve the user experience and for statistical purposes.

Purpose of processing: identification of users and tracking of visitors.

Duration of processing, time limit for deletion of data:

 

Cookie type:             

Session cookies (session: PHPSESSID).Duration of use.

Legal basis for processing:

Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.)

Description:

(session cookie) identifies the computer of the logged-in user

Duration of data processing:

Period until the end of the relevant visitor session

 

Cookie type:

_ga (Google Analytics cookie)*

Legal basis for processing:

Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.)

Description:

Used to distinguish users

Duration of processing:

2 years.

 

Type of cookie:    

_gid (Google Analytics cookie)*

Legal basis for processing:

Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.)

Description:

Used to distinguish users

Duration of processing:

24 hours.

 

Cookie type:    

_gat (Google Analytics cookie)*

Legal basis for processing:

Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.)

Description:

Used to reduce the request rate

Duration of processing:

1 minute.

*Shot: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Description of data subjects' rights in relation to data processing.

Use of Google Analytics

 

This website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses "cookies", text files that are stored on your computer to help the website analyze how users use the website.

 

The information generated by the cookie about the website you use is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the User's IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.

 

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.

 

Google Analytics will not associate the IP address transmitted by the User's browser with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting and processing information about your use of this website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

 

3.2 Request a quote/book an appointment online

Personal data / Purpose of processing

Surname / Required for identification 

First name / Required for identification

Telephone number / Required for contact

E-mail / Necessary for contacting, replying

Street, house number / Required for invoicing

Municipality / Required for invoicing

Postal code / Required for invoicing

Country / Required to issue an invoice

Comment / Required to reply

Date of contact / Required to perform technical operation

The e-mail address does not need to contain personal data.

Description of data subjects' rights in relation to data processing.

by post to 8243 Balatonakali Csárdás u. 26.1.

by phone: +36 30 082 9252,

by e-mail: hello@elegantthome.eu.

Legal basis for processing: consent of the data subject, Article 6 (1) (a) and (b) GDPR.

This information is provided for your use for the purpose of booking your accommodation.

You are required to provide the personal data in order to contact us. Failure to provide this information will result in your inability to contact the Service Provider.

 

3.3 Obligation to keep records.

 

3.4 Billing

Billing name

Billing address

Purpose of data processing.

Duration of data processing, deadline for deletion of data: 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting.

3.5 Accounting tasks

Name

E-mail address

Phone number

Billing name

Billing address

 

Data subjects: all data subjects using the Service.

Duration of data processing, deadline for deletion of data: 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting.

3.6 Contacts

- Name

- Telephone number

- the data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and the data subject has the right to data portability and to withdraw consent at any time.

Legal basis for processing: consent of the data subject, Article 6(1)(a) and (b) GDPR.

 

3.7 Employee data processing in the context of the employment relationship

The Data Controller processes data for the purposes of establishing facts relating to the employment relationship of employees, payroll, social security administration and statistical reporting. Data processed:

 

- Name of the employee;

- employee's name at birth;

- Place of birth;

- Date of birth;

- mother's name at birth;

- place of residence;

- tax identification number;

- social security number (social security number);

- identity card number;

- number of official residence card;

- current account number;

Purpose of processing: the establishment, performance or termination of an employment relationship.

- the data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and the data subject has the right to data portability and to withdraw consent at any time.

 

Applicable legal provisions:

 

- Act I of 2012 on the Labour Code, § 10 (1) and (3).

- Act LXXX of 1997 on social security benefits and persons entitled to private pensions and on the coverage of these services.

- Act LXXXIII of 1997 on Compulsory Health Insurance Benefits

- The Personal Income Tax Act of 1995. CXVII.

 

4. Data Processors involved

4.1 Service provider

 

1. Activity provided by the processor: Hosting

2. Name and contact details of the data processor:

 

Wix.com, Inc, 40 Namal Tel Aviv St., Tel Aviv, Israel, at Wix.com Inc. , 500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158, or at Wix.com Luxembourg S.a.r.l, 5, rue Guillaume Kroll, L-1882 Luxembourg

Purpose of the processing.

Duration of processing, deadline for deletion of data.

a.    You may be informed of the circumstances of the processing,

b.    You have the right to obtain from the controller feedback on the processing of your personal data and access to all information relating to the processing.

c.    You have the right to receive your personal data in a structured, commonly used, machine-readable format.

d.    You have the right to have inaccurate personal data corrected by the controller without undue delay at your request.

e.    You may object to the processing of your personal data.

 

 

The Customer's data will be processed exclusively by computer processing. The purpose of the automatically recorded data is to compile statistics, to improve the technical development of the IT system and to protect the rights of users. The data that are automatically recorded (log files) are the following: the dynamic IP address of the client's computer, the type of operating system and browser used by the client's computer, depending on the settings of the client's computer, the client's activity on the Website. On the one hand, these data are used for technical purposes - e.g. secure operation of servers, post-checking, on the other hand, the Data Controller uses these data to compile statistics on the use of the site, to analyse user needs in order to improve the quality of services. The above data cannot be used to identify the customer and will not be linked to other personal data by the Service Provider.

 

4.2 Community sites

 

The fact of data collection, the scope of data processed.

 

The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.

4.3 Accounting and payroll

 

Activity performed by the data processor: Accounting and payroll services

Name and contact details of the data processor:

 

Gábor-Ker-Conto Ltd.

1093-H, Budapest

19 Lónyay u.19. I./1-2.

Duration of data processing, time limit for deletion of data: 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting.

7.Legal basis for data processing: Article 6(1)(c) of the GDPR and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

a.    You may be informed of the circumstances of the processing,

b.    You have the right to obtain from the controller feedback on the processing of your personal data and access to all information relating to the processing.

c.    You have the right to receive your personal data in a structured, commonly used, machine-readable format.

d.    You have the right to have inaccurate personal data corrected by the controller without undue delay at your request.

e.    You may object to the processing of your personal data.

4.4 Billing - use of online billing software, Newsletters

 

Activity performed by the Data Processor: Billing tasks

Name and contact details of the data processor:

 

Online billing software name: Billingo.hu

Name and contact details of the billing provider: https://www.billingo.hu/ Name of the company providing the service: Billingo Technologies Zrt.

Registered office: 1133 Budapest, Árbóc utca 6.

 

Newsletter sending system service: Mailchimp, www.mailchimp.com and Brevo, www.brevo.com

Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

a.    You may be informed of the circumstances of the processing,

b.    You have the right to obtain from the controller feedback on the processing of your personal data and access to all information relating to the processing.

c.    You have the right to receive your personal data in a structured, commonly used, machine-readable format.

d.    You have the right to have inaccurate personal data corrected by the controller without undue delay at your request.

e.    You may object to the processing of your personal data.5.

6. Rights of data subjects

1. Right of access

You have the right to obtain from the controller feedback as to whether or not your personal data are being processed and, if such processing is ongoing, the right to access to your personal data and the information listed in the Regulation.

 

2. Right to rectification

You have the right to have inaccurate personal data relating to you corrected by the controller without undue delay upon your request. Taking into account the purposes of the processing, you have the right to request the rectification of incomplete personal data, including by means of a supplementary declaration.

 

3. Right to erasure

You have the right to obtain from the controller the erasure of personal data relating to you without undue delay upon your request, and the controller is obliged to erase personal data relating to you without undue delay under certain conditions.

 

4. Right to be forgotten

If the controller has disclosed the personal data and is under an obligation to erase it, it will take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that you have requested the erasure of the links to or copies of the personal data in question.

 

5. Right to restriction of processing

You have the right to obtain, at your request, the restriction of processing by the controller if one of the following conditions is met:

 

- You contest the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;

- the processing is unlawful and you oppose the erasure of the data and instead request the restriction of their use;

- the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;

- you have objected to the processing; in this case, the restriction applies for a period of time until it is established whether the controller's legitimate grounds override your legitimate grounds.

 

6. Right to data portability

You have the right to receive personal data relating to you which you have provided to a controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller to whom you have provided the personal data (...)

 

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by (...), including profiling based on the aforementioned provisions.

 

8. Objection in case of direct marketing

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, where it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for those purposes.

 

9. Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. The previous paragraph does not apply where the decision:

- necessary for the conclusion or performance of a contract between you and the controller;

- is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or

- is based on your explicit consent.

 

7. Data security

The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons, including, where appropriate:

 

(a) the pseudonymisation and encryption of personal data;

(b) ensuring the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;

(c) the ability to restore access to and availability of personal data in the event of a physical or technical incident in a timely manner;

(d) a procedure for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures taken to ensure the security of data processing.

 

In the case of e-mail communication, personal data are stored in the mail system, which can be accessed by computer and telephone. Appropriate measures are taken to ensure that

personal data is protected against, inter alia, unauthorised access or unauthorised alteration. Regular backups are included in the hosting service.

Personal data is stored on computers, telephones and hosting owned and exclusively used by Amatrine Design Ltd. Use of computers and telephone is password protected. Access to the hosting and the website administration interface is possible with a username and password known to the data controller.

 

With regard to paper storage, the data controller has exclusive use of a diary in which telephone numbers are stored and a tourist tax register book, which is kept locked away from unauthorised persons. Declaration forms and account books containing personal data are also kept in a lockable place.

 

In order to ensure the security of the personal data processed on paper, the Data Controller shall apply the following measures:

- the data may only be accessed by authorised persons and may not be disclosed to others;

- Documents are kept in a lockable, dry room with a security device;

- documents in permanent active management are accessible only to authorised persons;

- the Data Controller's staff handling the data may leave the premises where processing is taking place during the day only by locking the data media entrusted to them or by closing the office;

- the Data Controller's staff member carrying out the processing locks the paper medium at the end of the work;

 

We operate www.elegantthome.eu with a secure data transmission channel: SSL certified, using HTTPS protocol. In the case of HTTPS connection, if the user has

 personal data via a data entry form, the user and the receiving computer will be connected via

 communication between the user and the receiving computer is encrypted through an encrypted channel with special encryption. This minimises

 the risk of this personal information falling victim to phishing.

 

 

8. INFORMING THE DATA SUBJECT OF THE DATA BREACH

Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the personal data breach without undue delay.

 

The information given to the data subject shall clearly and prominently describe the nature of the personal data breach and provide the name and contact details of the data protection officer or other contact person who can provide further information; describe the likely consequences of the personal data breach; describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

The data subject need not be informed if any of the following conditions are met:

 

- the controller has implemented appropriate technical and organisational protection measures and those measures have been applied to the data affected by the personal data breach, in particular measures such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;

- the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;

- the provision of information would require a disproportionate effort. In such cases, the data subjects shall be informed by means of publicly disclosed information or by means of a similar measure which ensures that the data subjects are informed in an equally effective manner.

Where the controller has not yet notified the data subject of the personal data breach, the supervisory authority may, after having considered whether the personal data breach is likely to present a high risk, order the data subject to be informed.

 

9. NOTIFICATION OF A PERSONAL DATA BREACH TO THE AUTHORITY

The controller shall notify a personal data breach to the supervisory authority competent under Article 55 without undue delay and, where possible, no later than 72 hours after the personal data breach has come to its attention, unless the personal data breach is unlikely to present a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.

 

10. POSSIBILITY TO LODGE A COMPLAINT

A complaint against a possible infringement by the controller may be lodged with the National Authority for Data Protection and Freedom of Information:

 

National Authority for Data Protection and Freedom of Information

Address.

Postal address: 1530 Budapest, P.O. Box 5. Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

bottom of page