Search ×

  1. Home
  2. Privacy Policy

Privacy Policy

MarilyNails Korlátolt Felelősségű Társaság
Date of entry into force: 19.09.2022.
 
PRIVACY AND DATA PROTECTION NOTICE
 
  1. Purpose and scope of the Notice
  1. The purpose of this Notice is to set out the data protection and data processing principles and the data protection and data processing policy applied by the Company, which the Company as data controller (hereinafter referred to as the "Company/Data Controller") acknowledges and applies.
  1. This Notice sets out the principles for the processing of Personal Data provided by Users on the Services' websites.
  1. When drafting the provisions of the Notice, the Company has taken in particular account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), the provisions of the Act No. CXII. of 2011 on the Right to Information Self-Determination and Freedom of Information (Information Act), Act No. CXII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities ("Advertisement Act") and Act No. V of 2013 on the Civil Code ("Civil Code").
  1. Unless otherwise stated and/or informed, the scope of this Notice does not cover services and data processing related to promotions, sweepstakes, services, other campaigns and content published by third parties other than the operator of the website or the Data Controller of certain websites referred to in Notice.
  1. Unless otherwise stated and/or informed, the scope of this Notice does not cover the services and data processing of websites and service providers to which links are provided on the websites covered by this Notice. Such services shall be governed by the provisions of the privacy policy of the third party service providers operating those websites and the Data Controller shall not be liable for any such data processing.
 
  1. Definitions
  1. Processing: irrespective of the method used, any operation or set of operations which is performed on Personal Data, in particular collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
  1. Data Controller: who determines, alone or jointly with others, the purposes and means of the Processing. For the Services referred to in this Notice, the Company is the Data Controller. Moreover, the operator of the relevant Service also does/may carry out independent processing activities, in which case the operator of the Service is considered to be the controller.

    The data processing activities carried out by the operators of each Service are governed by the provisions set out in the privacy and data protection notice made available by the operator of the Service on the Service's website.
  1. Personal data or information: any data or information that allows a natural person User to be identified, directly or indirectly.
  1. Data Processor: a service provider who processes personal data on behalf of the Data Controller. For the Services referred to in this Notice, the Data Processors may be the followings:

    DOPAMA Informatikai Korlátolt Felelősségű Társaság (cégjegyzékszám: 01-09-197639, székhely: 1163 Budapest, Döbrőce utca 45.)
    WanWay Global Korlátolt Felelősségű Társaság (cégjegyzékszám: 03-09-129414, székhely: 6000 Kecskemét, Jókai utca 40.)
    Digital Optimizer Korlátolt Felelősségű Társaság (cégjegyzékszám: 13-09-184053, székhely: 2040 Budaörs, Baross utca 89.)
     
    Eazy Digital Korlátolt Felelősségű Társaság (cégjegyzékszám: 01-09-327229, székhely: 1054 Budapest, Alkotmány utca 4. 4. em. 15.)
     
    X-Profit.hu Informatikai Szolgáltató Korlátolt Felelősségű Társaság (cégjegyzékszám: 01-09-322335, székhely: 1135 Budapest, Szent László út 31. 3. em. 12. )
  1. Service(s): publications or services operated by the Data Controller or by service providers contracted with the Data Controller, on whose websites the Data Controller processes data. These publications or services: the group of services available on the www.marilynails.com website.
  1. User: a natural person who does web browsing on the group of services available on the www.marilynails.com website, contact the Company via its e-mail address or subscribe to the newsletter.
  1. Third Party Service Provider: third party service partners used by the Data Controller or the Service Operator, either directly or indirectly, in connection with the provision of certain Services, to whom Personal Data are or may be transferred in order to provide their services, or who may transfer Personal Data to the Data Controller.

    Service providers that are not in cooperation with the Data Controller or the operators of the Services, but by accessing the websites of the Services, collect data about Users, which may be used to identify the User, either individually or in combination with other data, are also considered as Third Party Service Providers.
    Furthermore, when providing the hosting service, the Data Controller also considers the User as Third Party Service Provider for the purposes of the data processing activities carried out on the hosting space used by the User.
  1. Notice: this Privacy Notice of the Data Controller.
 
  1. Scope of Personal Data Processed
  1. When the User visits the interface of a Service, the IP address of the User is automatically recorded by the Data Controller's system.
  1. If the User sends an e-mail to a Service, the Data Controller records the User's e-mail address and processes it to the extent and for the duration necessary for the provision of the Service.
  1. If the User has given his/her explicit consent, the Data Controller or the Data Processor will send him/her newsletters. In this case, the Data Controller and/or the Data Processor may process the User's name and e-mail address and may occasionally collect additional data about the User (such as interests, consumption habits, needs, demographics) by using questionnaires. The legal basis for processing is the express consent of the User concerned
  1. Notwithstanding the above, it is possible that a service provider technically related to the operation of the Services may carry out data processing activities on one of the websites without informing the Data Controller. Such activity shall not constitute Processing by the Data Controller. The Controller shall use its best endeavours to prevent and detect such processing.
  
  1. Other data processed by the Data Controller
  1. The Data Controller places a small data package (so-called "cookie") on the User's computer in order to provide a personalized service. The purpose of the cookie is to ensure the highest possible quality of the operation of the site, to provide personalized services and to enhance the user experience. The User can delete the cookie from his/her computer or set his/her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie, the functionality of the site is not fully-fledged.
  1. In the course of providing personalised services, the Data Controller processes the following Personal Data by using cookies: interest information, habits, preferences (based on browsing history).
  1. Data technically recorded in the course of the operation of the systems: the data of the User's computer logging in, which are generated during the use of the Service and which are recorded by the Data Controller's system as an automatic result of technical processes. The automatically recorded data are automatically logged by the system upon logging in or logging out, without any specific declaration or action by the User.
  1. For more information, see the Cookie Settings.
 
  1. Purpose and legal basis of the processing
  1. Purpose of the processing carried out by the Data Controller:
    a) online content delivery;
    b) producing statistics, analyses;
    c) technical development of the IT system;
    d) protect the rights of Users;
    e) direct marketing or sales enquiries (e.g. newsletter, eDM, etc.)
    f) to enforce the legitimate (legally protected) interests of the Data Controller.
    The Controller will not use the Personal Data provided for purposes other than those described in these points.
  1. The processing of Personal Data is based on the voluntary and duly informed consent of the Users, which includes their express consent to the use of their Personal Data provided by them during the use of the site and the Personal Data generated about them for the purposes indicated. In the case of processing based on consent, the User has the right to withdraw his/her consent at any time, without prejudice to the lawfulness of the processing prior to the withdrawal.

    The Data Controller records the User's IP address when the User accesses certain websites in connection with the provision of the Service, in the legitimate interest of the Data Controller and for the lawful provision of the Service (e.g. to filter unlawful use or unlawful content), without the User's consent.
     
    Upon request, the Data Controller shall provide the data subject with the information described in this Notice in relation to this paragraph.
  1. Data may be transferred to the Data Processors specified in this Notice without the User's particular consent. Unless otherwise provided by law, the disclosure of personal data to third parties or public authorities shall only be possible on the basis of a final and binding decision by a public authority or with the prior express consent of the User.
  
  1. Principles and methods of data processing
  1. The Data Controller shall process Personal Data in accordance with the principles of good faith and fairness and transparency, as well as in accordance with the applicable laws and the provisions of this Notice.
  1. The Data Controller shall use the Personal Data necessary for the use of the Services on the basis of the consent of the User concerned and only for the purpose for which it is intended.
  1. The Controller shall process Personal Data only for the purposes set out in this Notice and in the applicable laws. The scope of the Personal Data processed shall be proportionate to the purpose of the processing and shall not go beyond that purpose. In any case where the Controller intends to use the Personal Data for a purpose other than that for which it was originally collected, the Controller shall inform the User thereof and obtain his or her prior explicit consent or provide the User with the opportunity to object to such use.
  1. The Data Controller does not verify the Personal Data provided to him/her, either formally or in terms of content. The person providing the Personal Data shall be solely responsible for the correctness of the Personal Data provided.
  1. The Personal Data of a person under the age of 16 may only be processed with the consent of the person who is the legal guardian of the person concerned. The Data Controller is not able to verify the eligibility of the person giving consent or the content of the consent, so the User or the person who is the legal guardian of the person concerned guarantees that the consent is in accordance with the law. In the absence of a declaration of consent, the Data Controller shall not collect Personal Data relating to a data subject under the age of 16, except for the IP address used when using the Service, which is automatically recorded due to the nature of the Internet services.
  1. The Data Controller will not transfer Personal Data processed by it to third parties other than the Data Processors specified in this Notice and, in certain cases referred to in this Notice, to Third Party Service Providers. An exception to the provision of this clause is the use of data in aggregate statistical form, which shall not include any other form of data that can identify the User concerned and shall therefore not constitute Processing or transfer of data. In certain cases, the Data Controller may make available to third parties the Personal Data of the User concerned, which are accessible to third parties, in response to a formal judicial or police request, legal proceedings for infringement or reasonable suspicion of infringement of copyright, property rights or other rights, or for the purpose of prejudicing the interests of the Data Controller, endangering the provision of the Services, etc.
  1. The Data Controller's system may collect data on the activity of Users, which cannot be linked to other data generated by the use of other websites or services.
  1. The Data Controller shall notify the User concerned and all those to whom the Personal Data was previously transmitted for the purpose of Processing of the rectification, restriction or deletion of the Personal Data processed by the Data Controller. The notification may be omitted if this does not harm the legitimate interests of the data subject with regard to the purposes of the processing.
  1. The data must be stored in a form which permits identification of the User concerned only for the time necessary to achieve the purposes for which the Personal Data are processed.

    The Data Controller shall ensure the security of Personal Data, take technical and organizational measures and establish procedural rules to ensure that the data collected, stored or processed are protected and to prevent their accidental loss, unlawful destruction, unauthorized access, unauthorized use, unauthorized alteration or unauthorized disclosure. The Data Controller shall invite all third parties to whom it transfers Personal Data to comply with this obligation.
  1. . In view of the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a data protection officer.
 
  1. Duration of Data Processing
  1. The Data Controller shall store the IP addresses automatically recorded on a case-by-case basis for a maximum period of 7 days after their recording, unless in an individual case the legitimate interest of the Data Controller justifies the further processing of the Personal Data, until the expiry of the legitimate interest of the Data Controller.

    In the case of e-mails sent by the User, the requested Data Controller shall delete the e-mail address 90 days after the closure of the case referred to in the request, unless in a specific case the legitimate interest of the Data Controller justifies the continued processing of the Personal Data, until the Data Controller's legitimate interest has been established.
  1. The processing of the Personal Data of the User subscribed to the newsletter shall continue until the User unsubscribes from the newsletter. In this case, the Personal Data will be deleted from the Controller's systems.
  1. Data that are automatically, technically recorded during the operation of the system are stored in the system for a period of time from the moment they are generated that is reasonable to ensure the operation of the system. The Data Controller shall ensure that these automatically recorded data cannot be linked to other Personal Data, except in cases required by law. If the User has withdrawn his/her consent to the processing of his/her Personal Data or has unsubscribed from the Service, his/her identity will no longer be identifiable from the technical data, except for investigative authorities or their experts.
  1. If a court or public authority has issued a final order for the erasure of the Personal Data, the erasure shall be carried out by the Data Controller. Instead of deletion, the Controller shall, after informing the User, restrict the use of the Personal Data if the User so requests or if the information available to the Controller indicates that deletion would be detrimental to the legitimate interests of the User. The Data Controller shall not delete the Personal Data as long as the processing purpose which precluded the deletion of the Personal Data is still valid.
 
  1. Rights of the User and how to enforce them
  1. The User may request that the Data Controller inform him/her whether it processes his/her Personal Data and, if so, provide him/her with access to the Personal Data processed by the Data Controller. The User may at any time ask information about the processing of Personal Data in writing, by registered or certified mail sent to the postal address of the Controller, or by e-mail sent to adatvedelem@marilynails.hu. The Data Controller will consider a request for information sent by letter as authentic if the User can be clearly identified from the request. The request for information may cover the data of the User processed by the Controller, their source, the purposes, legal basis and duration of the processing, the names and addresses of any Data Processors, the activities related to the processing and, in case of transfer of Personal Data, who has received or is receiving the User's data and for what purposes.
  1. The User may request the correction or modification of his/her Personal Data processed by the Data Controller. Taking into account the purpose of the Processing, the User may request the completion of incomplete Personal Data. The Personal Data provided by the User in relation to a particular Service may be modified in the access control settings of the Services or on the profile pages of each Service. Once a request to modify Personal Data has been fulfilled, the previously (deleted) data can no longer be restored.
  1. The User may request the deletion of his/her Personal Data processed by the Controller. The newsletters sent by the Data Controller may be cancelled via the unsubscribe link contained therein. In case of unsubscribing, the Controller will delete the User's Personal Data in the newsletter database Erasure may be refused (i) if the processing of Personal Data is authorized by law; furthermore (ii) for the establishment, exercise or defense of legal claims. In any case, the Data Controller shall inform the User of the refusal of a request for erasure, indicating the reasons for the refusal. Once the request for erasure of personal data has been complied with, the previous (erased) data can no longer be restored.
  1. The User may request the Data Controller to restrict the processing of his/her Personal Data if the User disputes the accuracy of the Personal Data processed. In this case, the restriction shall apply for the period of time that allows the Data Controller to verify the accuracy of the Personal Data. The Data Controller shall flag the Personal Data it processes if the User contests its accuracy or correctness but the incorrectness or inaccuracy of the contested Personal Data cannot be clearly established. The User may request that the Data Controller restrict the processing of his Personal Data even if the processing is unlawful, but the User opposes the erasure of the processed Personal Data and instead requests the restriction of its use. The User may also request that the Controller restrict the processing of his or her Personal Data where the purpose of the processing has been fulfilled but the User requires the processing by the Data Controller for the establishment, exercise or defense of legal claims.
  1. The User may request the Data Controller to transfer Personal Data provided by the User and processed by the User in an automated way to the Data Controller in a structured, commonly used, machine-readable format and/or to another controller.
  1. The User may object to the processing of his or her Personal Data (i) if the processing of the Personal Data is necessary solely for compliance with a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests pursued by the Data Controller, a Service operator or a third party; (ii) if the processing is for direct marketing, public interest surveys or scientific research; or (iii) if the processing is carried out for the performance of a task of public interest. The Data Controller shall examine the lawfulness of the User's objection and, if the objection is justified, shall terminate the processing and block the Personal Data processed and notify the objection and the action taken on it to all those to whom the Personal Data concerned by the objection have been disclosed.
  
  1. Data processing
  1. The Data Controller uses the Data Processors named above in this Policy to carry out its activities.
  1. Processors do not take independent decisions, they are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. Processors shall, after 25 May 2018, record, process or handle Personal Data transmitted to them by the Data Controllers and processed or handled by them in accordance with the provisions of the GDPR and shall make a declaration to the Data Controllers on that.
  1. The Data Controller shall monitor the work of the Processors.
  1. Processors may only use an additional processor with the consent of the Data Controller.
     
  1. Third Party Service Providers
  1. The operators of the Services or the Data Controller may use Third Party Service Providers in connection with the provision of the Services, with which the Data Controller shall cooperate. The Personal Data processed in the systems of the Third Party Service Providers shall be governed by the provisions of the Third Party Service Providers' own privacy notices. The Data Controller shall use its best efforts to ensure that the Third Party Service Provider processes the Personal Data transferred to it in accordance with the law and uses it only for the purposes specified by the User or set out in this Notice. After 25 May 2018, the Third Party Service Providers shall record, control or process the Personal Data transmitted to them by the Data Controllers and control or processed by them in accordance with the provisions of the GDPR and shall provide a declaration to the Data Controllers to that effect. The Data Controller will inform Users about the transfer of data to Third Party Service Providers in the context of this Notice.
  1. Web analytics and ad serving Third Party Service Providers

    In connection with the pages of the Services, the operators of the Services and/or the Data Controller cooperate with Third Party Service Providers of web analytics and ad serving services. These Third Party Service Providers may have access to the User's IP address, and in many cases also provide personalization or analysis of the Services, and statistics, through the use of cookies, sometimes web beacons (web markers used on websites, sometimes in emails or mobile applications to record the IP address or the visited website), click tags (a metric identifying a click on a particular advertisement) or other click metrics. Cookies set by these Third Party Service Providers can be deleted from the User's device at any time and the use of cookies can generally be refused by selecting the appropriate settings on the browser(s). A cookie placed by a Third Party Service Provider can be identified by the domain associated with that cookie. It is not possible to refuse web beacons, clicktags and other click metrics. These Third Party Service Providers process the Personal Data transferred to them in accordance with their own privacy policies. Third Party web analytics and ad serving service providers that cooperate with the Data Controller: Meta Platforms Ireland Limited, Google LLC, Instagram LLC., Infogram Software Inc, Pinterest Europe Ltd., Viber Media LLC, YouTube LLC, tawk.to UK LTD.
  1. Third Party Service Providers of customized messaging

    The operators of the Services or the Data Controller shall cooperate with a Third Party Service Provider that allows the User to use certain services he/she has used within the framework of the Services through other channels used by the same User (e.g. e-mail, gmail, Facebook, Messenger, Viber, Instagram, etc.). The Third Party Service Providers may collect additional data about the User by using cookies, questionnaires or by registering the User on the Third Party Service Provider's website or interfaces, which may be used to identify the User, either individually or in combination with other data. These Third Party Providers will process the Personal Data transferred to them in accordance with their own privacy policies. Such Third Party Service Providers cooperating with the Data Controller are: Meta Platforms Ireland Limited, Ireland LTD., Google LLC, Instagram LLC., Infogram Software Inc, Pinterest Europe Ltd., Twitter International Company, Viber Media LLC, YouTube LLC, tawk.to UK LTD., SendInBlue, The Rocket Science Group LLC d/b/a Mailchimp.
  1. Other

    There are Third Party Service Providers with which neither the operators of the Services nor the Data Controller have a contractual relationship or do not intentionally cooperate with regard to the processing of data, but regardless of this, the websites of the Services - even without the User’s involvment - are accessible by these Third Party Service Providers. By accessing the websites of the Services these Third Party Service Providers may collect data about Users or about User activities on the websites of the Services, which may, on occasion, be used to identify the User, either individually or in combination with other data collected by these Third Party Service Providers. Such Third Party Service Providers may include, but are not limited to: Meta Platforms Ireland Limited, Ireland LTD., Google LLC, Instagram LLC., Infogram Software Inc, Pinterest Europe Ltd., Twitter International Company, Viber Media LLC, YouTube LLC.
    These Third Party Service Providers process the Personal Data transferred to them in accordance with their own privacy policies.
 
  1. Possibility of data transfer
  1. The Data Controller is entitled and obliged to transfer to the competent authorities any Personal Data at its disposal and stored by it in accordance with the law or by final and binding administrative decision which obliges the Data Controller to transfer Personal Data. The Controller shall not be held liable for such transfers and the consequences thereof.
  1. If the Data Controller transfers the operation or use of the content service and hosting service on the Services' pages to a third party, in whole or in part, the Personal Data processed by the Data Controller may be transferred to the new operator, in whole or in part, without the User's prior consent, but with the Users' prior notice, provided that such transfer shall not place the User in a less favourable position than the data processing rules set out in the current version of this Notice. In the event of a transfer of data pursuant to this point, the Data Controller shall provide Users with the opportunity to object to the transfer prior to the transfer. In the event of an objection, the transfer of the User's data pursuant to this point shall not be possible.
  1. The Data Controller shall keep records of data transfers for the purposes of monitoring the lawfulness of data transfers and providing information to the User.
 
  1. Amendments to the Privacy Notice
  1. The Data Controller reserves the right to amend this Notice at any time by unilateral decision.
  1. The User accepts the currently valid and published provisions of the Notice by entering the Website, and no further consent of the individual User is required.
 
  1. Enforcement options
  1. If you have any questions or comments about data processing, you can also contact the Data Controller's staff at adatvedelem@marilynails.hu e-mail address.
  1. The User may directly contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) with any complaint regarding the Data Processing.
  1. In case of violation of the User's rights, the User may take legal action. The court of law (in Hungarian: törvényszék) shall have jurisdiction to decide on the action. The action may also be brought, by choice of the person concerned, before the court of law of the place of residence or domicile of the person concerned.
 
Upon request, the Data Controller shall inform the User of the possibilities and means of redress.
 
Budapest, 19. September 2022.
 

MarilyNails, the gel expert: Modern gels and gel polishes for those nail technician professionals, who would like provide quality service with products at favorable price. “Gels with Love” - From Marilyn to You.