Barion Pixel

Chinese, Japanese and Taiwanese teas and tea accessories directly from producers and makers - Tea specialist shop and Webshop

Adatvédelmi irányelvek

Data Protection and Data Management Regulations

Introduction

Balázs Károly Nagy ev, the operator of https://teavolution.eu (hereinafter: Service Provider, data controller) submits to the following information.

On the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL 2016.) we provide the following information.

This data management information sheet regulates the data management of the following pages: https://teavolution.eu

The data management information is available from the following page: https://teavolution.eu/adatkezeles

Amendments to the prospectus will take effect upon publication at the above address.

The data controller and its contact details:

Name: Balázs Károly Nagy ev

Headquarters: 2021 Tahitótfalu, Táncsics Mihály út 30.

Email: info@teavolution.eu

Telefon: +36-30-552-19-81

Concept definitions

  1. "personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
  1. "data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;
  1. "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
  1. "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
  1. "recipient": the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
  1. "consent of the data subject": the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
  1. "data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

Principles governing the processing of personal data

Personal information:

  1. its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");
  1. be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose ("purpose limitation");
  1. they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary ("data sparing");
  1. they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing ("accuracy");
  1. its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms ("limited storage capacity");
  2. must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data ("integrity and confidentiality").

The controller is responsible for compliance with the above and must be able to demonstrate such compliance ("accountability").

Data management

Data management related to the operation of a web store

  1. The fact of data collection, the scope of the data processed and the purpose of data management:
Personal data Purpose of data management
Username Identification, enabling registration.
  •  
Provides secure access to the user account.
Surname and first name It is required for making contact, making purchases and issuing legal invoices.
E-mail
  •  
  •  
Keeping in touch, more effectively negotiating questions related to invoicing or delivery.
Billing name and address Issuance of a regular invoice, as well as the creation of the contract, the definition and modification of its content, the monitoring of its fulfillment, the invoicing of the fees arising from it, and the enforcement of the related claims.
Shipping name and address Allow home delivery.
Date of purchase / registration Perform a technical operation.
IP address at time of purchase / registration Perform a technical operation.

Neither your username nor your email address is required to contain personal information.

  1. Scope of stakeholders: All stakeholders registered/purchased on the webshop website.
  1. Duration of data management, deadline for deletion of data: Immediately upon cancellation of registration. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject's deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, since these data must be kept for 2000 years based on § 169 (2) of Act C of 8 on accounting.

The accounting document (including the general ledger accounts, analytical and detailed records) supporting the accounting accounts, directly and indirectly, must be kept in a legible form for at least 8 years, retrievable by reference to the accounting records.

  1. The identity of the potential data controllers entitled to access the data, the recipients of the personal data: Personal data can be managed by the data controller, respecting the above principles.
  2. Az a description of the data subjects' rights in relation to data processing:
  • The data subject may request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her, and
  • you can object to the processing of such personal data, as well as
  • the data subject has the right to data portability and to withdraw his or her consent at any time.
  1. For personal information access to, their deletion, modification or restriction of processing, portability of data, protest against data processing can be initiated by the data subject in the following ways:
  • by post to 1036 Budapest, Nagyszombat utca 1/C. at
  • by email at info@teavolution.eu,
  • by phone at +36-30-552-1981.
  1. Legal basis for data management:
  1. Article 6 (1) point (b) of the GDPR,
  1. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

The service provider may process personal data that is technically necessary for the provision of the service in order to provide the service. If the other conditions are the same, the service provider must choose and in all cases operate the means used in the provision of the information society service in such a way that the processing of personal data takes place only if it is necessary for the provision of the service and other purposes specified in this Act. necessary, but in this case only to the extent and for the time necessary.

  1. In case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).
  1. In the case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. § according to 5 years.

6:22. § [Expiry]

(1) Unless otherwise provided by this Act, claims shall lapse within five years.

(2) The limitation period shall begin when the claim becomes due.

(3) An agreement to change the limitation period shall be in writing.

4. An agreement precluding limitation shall be null and void.

  1. We inform you that
  • data management is necessary to fulfill the contract.
  • obliged provide personal information so we can fulfill your order.
  • failure to provide data with a consequences we are unable to process your order.

The data processors used

Shipping

  1. Activity provided by data processor: Delivery of products, transport
  1. Name and contact information of the data processor:
  • Hungarian post
    3512 Miskolc Customer Service Directorate
  1. The fact of the data management, the scope of the managed data: Delivery name, delivery address, telephone number, e-mail address.
  1. Scope of stakeholders: All stakeholders requesting home delivery.
  1. Purpose of data management: Delivery of the ordered product to your home.
  1. Duration of data management, deadline for data deletion: It lasts until the home delivery is completed.
  1. Legal basis for data processing: Article 6, paragraph 1, point b).

Hosting provider

  1. Activity provided by data processor: Storage service
  1. Name and contact information of the data processor:
    Hosting provider data
    Name: Aruba Group a CISPE (European Cloud Infrastructure Providers)
    Post address
    Availability:

Information on data management: https://www.arubacloud.hu/gdpr-adatvedelem-eu-szabalyozas.aspx

  1. The fact of the data management, the scope of the managed data: All personal data provided by the data subject.
  1. Scope of stakeholders: All stakeholders who use the website.
  1. Purpose of data management: Making the website available and operating it properly.
  1. Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the storage provider, or until the deletion request addressed to the storage provider by the data subject.
  1. Legal basis for data processing: Article 6 (1) points c) and f) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

Recipients with whom personal data is communicated (Data transfer):

Online payment

  1. Activity performed by the Recipient: Online payment
  1. Recipient's name and contact information:
    Barion Payment Zrt.
    Budapest
    Infopark promenade 1.
    1117

+36 1 464 70 99

  1. The fact of the data management, the scope of the managed data: Billing data, name, e-mail address
  1. Scope of stakeholders: All stakeholders who choose to pay on the website.
  1. Purpose of data management: Online payment processing, transaction confirmation and fraud monitoring for the protection of users
  1. Duration of data management, deadline for deleting data: Lasts until the online payment is completed.
  1. Legal basis for data processing: Article 6, paragraph 1, point b) of the GDPR. Data processing is necessary for online payment at the request of the data subject.
  1. The rights of the data subject:
    the. You can find out about the conditions of data management
    b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing
    c. You have the right to receive your personal data in a segmented, widely used, machine-readable format
    d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

Management of cookies

  1. Cookies specific to online stores are the so-called "cookie used for a password-protected session", "cookies required for the shopping cart" and "security cookies", the use of which does not require prior consent from the data subjects.
  1. The fact of the data management, the scope of the managed data: Unique identification number, dates, times
  1. Scope of stakeholders: All stakeholders visiting the website.
  1. Purpose of data management: Identification of users, registration of the "shopping basket" and tracking of visitors.
  1. Duration of data management, deadline for data deletion:

Cookie type

Legal basis for data management

Data handling

Managed data set

Session cookie

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of §

Until canceled by the user or the service provider.

connect.sid

 

  1. The person of the possible data controllers entitled to access the data: The data controller does not manage personal data through the use of cookies.
  1. Description of data processing rights of data subjects: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.
  1. Legal basis for data management: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

Using Google Adwords conversion tracking

  1. The data controller uses the online advertising program called "Google AdWords", and also uses Google's conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").
  1. When a User accesses a website through a Google ad, a cookie is placed on their computer to track conversions. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.
  1. When the User browses certain pages of the website and the cookie has not expired, both Google and the data controller may see that the User has clicked on the advertisement.
  1. Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
  1. The information - obtained with the help of conversion tracking cookies - serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
  1. If you do not wish to participate in conversion tracking, you can disable it by disabling cookies in your browser. You will then not be included in your conversion tracking statistics.
  1. Further information and Google's privacy statement are available on the following page:  www.google.de/policies/privacy/

Use Google Analytics

  1. This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
  1. The information generated by the cookie about the website used by you is typically stored and stored on a Google server in the USA. By activating IP anonymisation on the Website, Google will first abbreviate the User's IP address within the European Union or in other states party to the Agreement on the European Economic Area.
  1. The full IP address will only be transmitted and truncated to Google's server in the United States. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google Analytics does not reconcile the IP address transmitted by the User's browser with any other data held by Google. The User may prevent the storage of cookies by setting their browser appropriately, however, please note that in this case, not all functions of this website may be fully used. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link.

Newsletter, DM activity

  1. XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the User may give prior and express consent to contact the Service Provider with its advertising offers and other mailings at the contact details provided during registration.
  1. In addition, the Customer may, bearing in mind the provisions of this information, consent to the Service Provider managing his personal data necessary for sending advertising offers.
  1. The Service Provider does not send unsolicited advertising messages, and the User may unsubscribe from the sending of offers free of charge without limitation or justification. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.
  1. The fact of data collection, the scope of the data processed and the purpose of data management:
Personal data Purpose of data management
Name, e-mail address Identification, enabling subscription to the newsletter.
Date of subscription Perform a technical operation.
The IP address at the time of subscription Perform a technical operation.
  1. Scope of stakeholders: All stakeholders who subscribe to the newsletter.
  1. Purpose of data management: sending electronic messages containing advertising (e-mail, SMS, push message) to the person concerned, providing information about current information, products, promotions, new functions, etc.
  1. Duration of data management, deadline for deletion of data: data management lasts until withdrawal of consent, i.e. until unsubscription.
  1. Data management registration number: in progress...
  1. The identity of the potential data controllers entitled to access the data, the recipients of the personal data: Personal data may be processed by the data controller's sales and marketing staff in accordance with the above principles.
  1. Az a description of the data subjects' rights in relation to data processing:
  • The data subject may request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her, and
  • you can object to the processing of such personal data, as well as
  • the data subject has the right to data portability and to withdraw his or her consent at any time.
  1. For personal information access to, their deletion, modification or restriction of processing, portability of data, protest against data processing can be initiated by the data subject in the following ways:
  • by post at 1071 Budapest, Dembinszky utca 32,
  • by email at info@teavolution.eu,
  • by phone at +36-30-953-49-39.
  1. At any time, the person concerned you can unsubscribe for free about the newsletter.
  1. Legal basis for data management: the consent of the data subject, points a) and f) of Article 6 (1) and XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. Section 6 (5) of the Act:

The advertiser, the advertising service provider, or the publisher of the advertisement - within the scope specified in the consent - keeps a record of the personal data of the persons who have given their consent. The data recorded in this register - relating to the recipient of the advertisement - can only be handled in accordance with the consent statement, until it is revoked, and can only be transferred to third parties with the prior consent of the person concerned.

  1. We inform you that
  • data management with your consent based on.
  • obliged provide personal information if you would like to receive a newsletter from us.
  • failure to provide data with a consequences we are unable to send you a newsletter.

Complaint handling

  1. The fact of data collection, the scope of the data processed and the purpose of data management:
Personal data Purpose of data management
Surname and first name Identification, communication.
E-mail
  •  
  •  
  •  
Billing name and address Identification, handling of quality objections, questions and problems arising in connection with the ordered products.
  1. Scope of stakeholders: All stakeholders who purchase on the webshop website and complain about quality.
  1. Duration of data management, deadline for deletion of data: Copies of the minutes, transcripts and the response to the objection taken in the CLV of 1997 on consumer protection. Act 17/A. § (7) must be kept for 5 years.
  1. The identity of the potential data controllers entitled to access the data, the recipients of the personal data: Personal data may be processed by the data controller's sales and marketing staff in accordance with the above principles.
  1. Az a description of the data subjects' rights in relation to data processing:
  • The data subject may request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her, and
  • you can object to the processing of such personal data, as well as
  • the data subject has the right to data portability and to withdraw his or her consent at any time.
  1. For personal information access to, their deletion, modification or restriction of processing, portability of data, protest against data processing can be initiated by the data subject in the following ways:
  • by post at 1071 Budapest, Dembinszky utca 32,
  • by email at info@teavolution.eu,
  • by phone at +36-30-953-49-39.
  1. Legal basis for data management: Article 6 (1) point c) and CLV of 1997 on consumer protection. Act 17/A. (7) of §
  1. We inform you that
  • provision of personal data contractual obligation based on.
  • the conclusion of the contract prerequisite processing of personal data.
  • obliged provide personal information so that we can handle your complaint.
  • failure to provide data with a consequences we are unable to handle your complaint.

Community sites

  1. The fact of the data collection, the scope of the processed data: Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc. the name registered on social networking sites and the user's public profile picture.
  1. Scope of stakeholders: All stakeholders who have registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc. on social networking sites and "liked" the website.
  1. Purpose of data collection: To promote the sharing or "liking" of certain content elements, products, promotions or the website itself on social networking sites.
  1. Duration of data processing, deadline for deletion of data, identity of potential data controllers entitled to access the data and data subjects' rights related to data processing: The data subject may be informed about the source of the data, their processing and the legal basis. Data management is carried out on social networking sites, so the duration and method of data management, as well as the possibilities of deleting and modifying data are regulated by the given social networking site.
  1. Legal basis for data processing: the voluntary consent of the data subject to the processing of his or her personal data on social networking sites.

Customer relations and other data management

  1. Should the data subject have any questions or problems during the use of our data management services, he / she may contact the data controller in the ways provided on the website (telephone, e-mail, social networking sites, etc.).
  1. The data controller processes received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.
  1. Information on data processing not listed in this prospectus will be provided at the time of data collection.
  1. Upon exceptional official request, or in case of requesting other bodies based on the authorization of legal regulations, the Service Provider is obliged to provide information, disclose data, or make documents available.
  1. In such cases, the Service Provider shall provide the requester with personal data only to the extent and to the extent that is absolutely necessary for the realization of the purpose of the request, provided that it has indicated the exact purpose and scope of the data.

Deadline for action

The controller shall, without undue delay, but in any case, from the receipt of the request Within 1 monthwill inform you of the action taken on the above requests.

If necessary, this It can be extended for 2 months. The extension of the time limit shall be notified to the controller from the date of receipt of the request, stating the reasons for the delay. Within 1 month informs you.

If the controller does not act on your request, inform you without delay, but no later than one month after receipt of the request, of the reasons for not taking action, and that you can lodge a complaint with a supervisory authority and have the right to a judicial remedy.

Informing the data subject about the data protection incident

If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data protection incident without undue delay.

In the information provided to the data subject clearly and intelligibly the nature of the data protection incident must be described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; it must be explained

probable consequences resulting from a data protection incident; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject need not be informed if any of the following conditions are met:

  • the data controller implemented appropriate technical and organizational security measures, and these measures have been applied to data affected by a data protection incident, in particular measures such as the use of encryption for persons not authorized to access personal data. make the data incomprehensible;
  • the controller has taken further action following the data protection incident which: ensure that the high risk to the data subject's rights and freedoms is unlikely to materialize;
  • the information would require a disproportionate effort. In such cases, the data subject shall be informed through publicly available information or a similar measure shall be taken to ensure that the data subject is equally effectively informed.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority may, after considering whether the data protection incident is likely to involve a high risk, order the data subject to be informed.

Report a privacy incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 72 without undue delay and, if possible, no later than 55 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

Possibility to complain

Complaints against possible breaches of the data controller can be made to the National Data Protection and Freedom of Information Authority:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet avenue 22 / C.

Mailing address: 1530 Budapest, Mailbox: 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

Email: ugyfelszolgalat@naih.hu

During the preparation of the prospectus, we complied with the following legislation:

  • REGULATION (EU) 95/46 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 2016/679/EC (General Data Protection Regulation) (April 2016) 27.)
  • CXII of 2011. Act - on the right to self-determination of information and freedom of information (hereinafter: Infotv.)
  • CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
  • XLVII of 2008 Act on the Prohibition of Unfair Commercial Practices for Consumers;
  • XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising (especially § 6.a)
  • XC of 2005. Act on Electronic Freedom of Information
  • Act C of 2003 on electronic communication (specifically § 155.a)
  • 16/2011. s. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
  • The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 2016, 27) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation 95/46/EC LIII of 2017 Act - on the prevention and prevention of money laundering and terrorist financing (Pmt.);

This data protection policy can be unilaterally amended by the data controller at any time, in compliance with the relevant legal regulations, with the obligation of the data controller to notify the user of this change in a timely manner. In other respects, the data controller complies with the relevant legal regulations and fully enforces them.

Budapest, January 2022, 1.

GLS and DPD home delivery

Fast and accurate home delivery with GLS or DPD

Rare teas and specialties

Directly from small producers in China, Japan and Taiwan that we know personally.

Do you have a question?

Find us in person at the tea shop or online!

100% Secure BARION payment

You can also pay for your purchase with a bank card online or in person at the tea shop.