Privacy policy 

This document provides information to Norbert Somogyi, as the data controller (hereinafter referred to as the "Data Controller"), and to the visitors and customers of the website www.octonano-elektonika.hu operated by him, about the processing of their personal data.

1. The purpose of this document is to

The Data Controller processes the personal data of its customers, website visitors and customers who make purchases on its website (hereinafter referred to as "Data Subject") in accordance with the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as "the Information Act"). ) and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter: Regulation, GDPR).

The Data Controller hereby informs the Data Subjects about the processing, the personal data it processes, the purposes of the processing, the retention period, the storage and transmission of the data, the principles and practices followed in the processing of personal data, as well as the means and possibilities for exercising the rights of the Data Subjects.

The Data Controller reserves the right to unilaterally amend this document at any time.

2. The controller

The controller of personal data is Norbert Somogyi, a sole trader.

Office: H-7634 Pecs, Brasso str.2/A

Tax number: 58359860-1-22

Contact details of the data controller: info@octonano-elektronika.hu

The Data Controller does not appoint a Data Protection Officer on the basis of its own decision, because its activities do not fall into the category where the appointment of such a position is mandatory.

The Data Controller can nevertheless be contacted for any matter relating to data protection.

3. Description of data processing

3.1. Processing by the Data Controller in the course of financial performance (invoicing)

On the website www.octonano-elektonika.hu or at the Data Controller's headquarters, Data Subjects may purchase products, for which the Data Controller issues an invoice, in compliance with the legal requirements, containing personal data.

The purpose of the processing is to issue invoices and receipts for the service and to comply with the obligation to keep the records and to provide the supporting documents for the Data Controller.

Legal basis for processing: the legal basis for processing is the fulfilment of a legal obligation, Section 169 (2) of the Accounting Act.

Scope of data processed: billing name, e-mail address, billing address (postal code, municipality, address),

Data retention period: the last day of the 8th year following the last day of the 8th year following the last day of the year of invoicing, pursuant to Section 169 (2) of the Accounting Act.

Place of data processing: IT equipment located at the premises of the Data Controller and at the Data Processor, in the case of paper documents and invoices, the Data Controller's archives.

Transmission of data: invoices are transmitted to the National Tax and Customs Administration

Data processors used for invoicing:

3.2. Personal data processed during contact, general enquiries

The Data Controller may be contacted through any communication channel and the processing of certain personal data of interested customers is essential for the purposes of responding.

Purpose of the processing.

Legal basis for processing: Article 6(1)(b) of the Regulation, i.e. processing is necessary for the performance of a contract to which you are a party or for taking steps at your request prior to entering into the contract.

The controller considers the communication with the customer as preliminary processing in relation to a contract (agreement, purchase) to be concluded at a later stage or processing in relation to a contract already concluded.

The scope of the data processed.

Data retention period: until the question is fully answered.

Place of processing: IT equipment located at the premises of the Data Controller or at the premises of the data processors used by the Data Controller.

Method of data storage: electronic.

Transmission of data: no transmission of the data concerned by the processing under this Chapter will take place.

Contacts, data processors used

3.3. Processing of data in order to fulfil an order or purchase through the website

Customers can purchase products via the website www.octonano-elektornika.hu, for the processing of which the processing of their personal data is necessary

Purpose of the processing: to fulfil the order and related administrative tasks, to deliver the ordered product, to communicate with the customer about the order

Legal basis for processing,

Scope of the data processed:

a.) Personal data necessary for billing and delivery: name, billing and delivery address, contact details (telephone number, e-mail address)

Data retention period: since we issue an invoice for each purchase, the retention period for invoicing data is the last day of the 8th year following the last day of the year in which the invoice was issued, pursuant to Article 169 (2) of the Accounting Act. The delivery data will be deleted after the successful completion of the delivery.

Place of processing: IT equipment located at the premises of the Data Controller or at the data processors used by the Data Controller.

Method of data storage: electronic.

Data transmission:

1.) The invoices are forwarded to the National Tax and Customs Administration, as we are required to do by law.

2.) In the case of parcel delivery, we use the services of parcel delivery companies, the delivery data is transferred to the delivery company, which requires your consent, which you can give by ticking the checkbox indicating that you have read the privacy policy when shopping on the website. The details of the processing of data by the suppliers are described in their respective Privacy Policy. We work with the following parcel delivery companies:

• GLS General Logistics Systems Hungary Kft. (2351 Alsónémedi, GLS Európa utca 2.) GLS Privacy Policy
• Magyar Posta Zrt. (1138 Budapest, Dunavirág utca 2-6.) Posta Privacy Policy
• Packeta Hungary Kft (1044 Budapest, Ezred utca 1-3. building B2/11.) Packeta Privacy Policy
• FoxPost Zrt. (3300 Eger, Maklári út 119.) FoxPost Privacy Policy

Data processors used in the ordering and purchasing process

3.4 Sending a newsletter

Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter: Advertising Act), the User may expressly consent in advance to the Data Controller as a service provider contacting him/her with advertising offers and other mailings at the contact details provided by the Data Subject. In addition, the Data Subject may, subject to the provisions of this Privacy Policy, consent to the processing of personal data by the Controller necessary for the sending of advertising offers.

The Data Controller will not send unsolicited commercial communications and the User may unsubscribe from receiving such communications free of charge, without restriction and without giving any reason. In this case, the Data Controller will delete all personal data necessary for the sending of advertising messages from its records and will not contact the User with further advertising offers. The User can unsubscribe from the newsletter by sending an e-mail to the Data Controller or by clicking on the "unsubscribe" link at the bottom of the newsletter sent.

The purpose of the processing is to send e-mail messages containing advertising to the data subject, to provide information on current information, products and promotions.

The legal basis for the processing is the express, freely given and informed consent of the data subject, which the User gives when subscribing to the newsletter by ticking the "checkbox" provided for this purpose, on the basis of the information contained in this document.

• Data processed: surname, first name, e-mail address.
• Data retention period: until the data subject's consent is withdrawn
• Place of processing.
• Method of data storage: electronic.
• Transfers of data: no transfers of the data concerned by the processing under this Chapter will take place.
• Data processors used for sending the newsletter:

The data processors used to send the newsletter:

3.5. Cookies

When downloading certain parts of the www.octonano-elektronika.hu website, the web server automatically places small data files, so-called cookies ("Cookies") on the User's Device and reads them back during the subsequent visit. In some cases, these data files are considered personal data under the Infotv. and GDPR, as the browser returns a previously saved cookie, and the cookie management service provider has the possibility to link the User's current visit to previous visits, but only with respect to its own content.

The website places a cookie on the User's device during use for the following purposes.

The use of the website only loads a cookie that is essential for its functioning and does not require the user's consent. The essential cookie is PHPSESSID, which is essential for the functioning of the website and does not collect any personal data. Without this cookie, the website will not function properly and will not collect any personal data.

Detailed information about the list of cookies used by the webshop and their retention period is provided in the so-called cookie banner that pops up when you visit the website

4. Data security

The Data Controller respects the provisions on the security of personal data, so both the Data Controller and the authorised data processor shall take all technical and organisational measures and establish the procedural rules necessary to enforce the provisions of the Information Act and the GDPR on confidentiality and security of data processing.

The Data Controller shall take appropriate measures to protect the data processed by it against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, as well as against accidental destruction or damage.

The Data Controller shall retain the data during its processing:

a) confidentiality: it shall protect the information so that only those who are entitled to have access to it may do so;

b) integrity: to protect the accuracy and completeness of the information and the processing method;

(c) availability: ensures that the authorised user has effective access to the information required when he needs it and that the means to access it are available.

5. Rights of data subjects and enforcement

All personal information provided by the Data Subject to the Controller must be true, complete and accurate in all respects.

The Data Subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory processing, and exercise his or her rights of retention and objection, in the manner indicated when the data were collected or by contacting the Controller at the above contact details.

Right to information.

The right to information can be exercised in writing by using the contact details indicated in point 2 of this notice. The data subject may also be provided with information orally at his or her request, after verification of his or her identity.

The data subject's right of access: the data subject has the right to obtain from the controller information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. In the case of transfers of personal data to third countries or international organisations, the data subject is entitled to be informed of the appropriate safeguards for the transfer.

Right of rectification: the data subject may request the correction of inaccurate personal data concerning him or her processed by the Controller and the completion of incomplete data.

Right to erasure:

- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

- the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

- the personal data have been unlawfully processed;

- the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

- the personal data have been collected in connection with the provision of information society services

Right to restriction of processing: at the request of the data subject, the Controller shall restrict processing if one of the following conditions is met:

- the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the accuracy of the personal data to be verified;

- the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

- the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

- the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State. The Controller shall inform the data subject in advance of the lifting of the restriction on processing.

Right to data portability: the data subject has the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit these data to another controller.

Right to object: the data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.

The above right shall not apply where the processing is

- necessary for the conclusion or performance of a contract between the data subject and the controller;

- permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

- is based on the explicit consent of the data subject.

Right of Withdrawal. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.

If the controller fails to act on the data subject's request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the right to lodge a complaint with a supervisory authority and to seek judicial remedy.

The Controller shall provide the requested information and notification free of charge. If the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, charge a reasonable fee or refuse to act on the request.

Data protection authority procedure: the data subject may lodge a complaint about the processing of his or her personal data with the National Authority for Data Protection and Freedom of Information

Right to bring a case to court: the data subject may bring a case against the controller in the event of a breach of his or her rights, regardless of whether or not a complaint has been lodged. The court shall rule on the case out of turn.