Name: Masterworks Hungary Kft
Headquarters: 1136 Budapest, Pannónia Street 30. Ü3. door
Mailing address, complaint handling: 1136 Budapest, Pannónia utca 30. Ü3. door
E-mail: hello@masterworks.hu
Phone number: +36 70 55 77 451
Website: https://www.masterworks.hu
Name: Shopify International Limited
Mailing address: 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
Email address: support@shopify.com
Phone number: 0800-808-5233
This document contains all relevant data management information related to the operation of the webshop based on the European Union's General Data Protection Regulation 2016/679 (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Infotv.).
What are cookies?
The Data Controller uses so-called cookies during the visit to the website. A cookie is a packet of information consisting of letters and numbers that our website sends to your browser with the purpose of saving certain settings, facilitating the use of our website, and helping to collect some relevant statistical information about our visitors.
Some cookies do not contain personal information and are not suitable for identifying individual users, but some contain a unique identifier - a secret, randomly generated number sequence - which is stored by your device, thus ensuring your identifiability. The duration of each cookie's operation is included in the description of each cookie.
The legal background and basis of cookies:
The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation.
Google Adwords cookie When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies – such as the NID and SID cookies – in Google products to customize ads shown in Google Search, for example. These cookies are used to remember your recent searches, previous interactions with ads from specific advertisers or search results, and visits to advertisers' websites. The AdWords conversion tracking feature uses cookies. It saves cookies on the user's computer to track sales and other conversions resulting from ads when the person clicks on an ad. Some common uses of cookies include selecting ads based on what is relevant to the user, refining reports on campaign performance, and avoiding showing ads that the user has already seen.
Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and app owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and generate reports based on statistical data about website usage without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reports generated from website usage statistics, Google Analytics – together with some advertising cookies described earlier – can also be used to display more relevant ads on Google products (such as Google Search) and across the internet.
Strictly necessary cookies for operation: These cookies are essential for using the website and enable the use of the website's basic functions. Without them, many features of the site will not be available to you. The lifespan of these types of cookies is limited exclusively to the duration of the session.
currency Stores the customer's currency. Lifetime is 30 days.
Facebook pixel (Facebook cookie) A Facebook pixel is a code that helps generate reports on conversions on the website, allows the creation of target audiences, and provides the site owner with detailed analytical data about visitors' website usage. With the Facebook pixel, personalized offers and advertisements can be displayed to website visitors on the Facebook platform. You can review Facebook's data management policy here: https://www.facebook.com/privacy/explanation
If you do not accept the use of cookies, certain functions will not be available to you. More information about deleting cookies can be found at the following links:
For the purpose of contract conclusion and fulfillment, several data processing cases may occur. We inform you that data processing related to complaint handling and warranty administration only takes place if you exercise any of the mentioned rights.
If you do not make a purchase through the webshop and are only a visitor to the webshop, then the provisions regarding marketing data processing may apply to you, provided you give us consent for marketing purposes.
Detailed data processing carried out for the purpose of contract conclusion and fulfillment:
For example, if you contact us by email, contact form, or phone with a question about a product. Prior contact is not mandatory; you can place an order from the webshop at any time without it.
Managed data
The data you provided during the contact process.
The duration of data processing
The data will only be processed until the contact is concluded.
The legal basis for data processing
Your voluntary contribution provided to the Data Controller upon contact. [Data processing according to Article 6(1)(a) of the Regulation]
By storing the data provided during registration, the Data Controller can offer a more convenient service (e.g., the data of the data subject does not need to be provided again for a new purchase). Registration is not a condition for concluding the contract.
Managed data
During data processing, the Data Controller manages your name, address, phone number, email address, the characteristics of the purchased Goods, and the time of purchase.
The duration of data processing
Until the withdrawal of your consent.
The legal basis for data processing
Your voluntary contribution provided to the Data Controller upon registration [Data processing according to Article 6(1)(a) of the Regulation]
During the processing of orders, data management activities necessary for the fulfillment of the contract are required.
Managed data
During data processing, the Data Controller handles your name, address, phone number, email address, the characteristics of the purchased Goods, the order number, and the date of purchase.
If you have placed an order in the webshop, data processing and providing data are essential for the fulfillment of the contract.
The duration of data processing
The data is processed for 5 years according to the civil law statute of limitations.
The legal basis for data processing
Performance of the contract. [Data processing according to Article 6(1)(b) of the Regulation]
The data processing procedure is carried out for the purpose of issuing invoices in accordance with legal regulations and fulfilling the obligation to retain accounting documents. According to Section 169 (1)-(2) of the Accounting Act, business companies must retain accounting documents that directly and indirectly support the bookkeeping records.
Managed data
During data processing, the Data Controller manages your name, address, phone number, and email address.
The duration of data processing
Invoices issued must be retained for 8 years from the date of issuance in accordance with Section 169 (2) of the Accounting Act.
The legal basis for data processing
Based on Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, issuing an invoice is mandatory, and according to Section 169 (2) of Act C of 2000 on Accounting, it must be retained for 8 years [Data processing according to Article 6 (1) c) of the Regulation].
The data processing is carried out for the purpose of delivering the ordered product.
Managed data
During data processing, the Data Controller manages your name, address, phone number, and email address.
The duration of data processing
The Data Controller processes the data for the duration of the delivery of the ordered goods.
The legal basis for data processing
Contract performance [Data processing according to Article 6(1)(b) of the Regulation].
The data processing is carried out for the purpose of sending newsletters.
Managed data
During data processing, the Data Controller manages your name, address, phone number, and email address.
The duration of data processing
Until the withdrawal of the data subject's consent.
The legal basis for data processing
Your voluntary contribution, provided to the Data Controller by subscribing to the newsletter [Data processing according to Article 6(1)(a) of the Regulation]
Data processing as a remarketing activity is carried out with the help of cookies.
Managed data
Data processed by cookies defined in the cookie policy.
The duration of data processing
The storage duration of the given cookie data, more information is available here:
Google general cookie information:
https://www.google.com/policies/technologies/types/
Google Analytics information:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
Facebook information:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
The legal basis for data processing
Your voluntary contribution provided to the Data Controller through the use of the website [Data processing according to Article 6(1)(a) of the Regulation].
If the Data Controller intends to carry out further data processing, it shall provide prior information about the essential circumstances of the data processing (the legal background and basis of the data processing, the purpose of the data processing, the scope of the data processed, the duration of the data processing).
Name of the data processor: Shopify International Limited
Contact details of the data processor:
Phone number: 0800-808-5233
Email address: support@shopify.com
Headquarters: 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
Website: https://www.shopify.com/
The Data Processor stores personal data based on the contract concluded with the Data Controller. It is not authorized to access the personal data.
Name of the company operating the newsletter sending system: Shopify International Limited
Headquarters of the company operating the newsletter sending system: 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
Phone number of the company operating the newsletter sending system: 0800-808-5233
Email address of the company operating the newsletter sending system: support@shopify.com
Website of the company operating the newsletter sending system: https://www.shopify.com/
The Data Processor cooperates in sending newsletters based on the contract concluded with the Data Controller. In this process, the Data Processor handles the name and email address of the data subject to the extent necessary for sending the newsletter.
Name of the data processor: KBOSS.hu Kft.
Registered office of the data processor: 1031 Budapest, Záhony Street 7.
The data processor's phone number:
The data processor's e-mail address: kboss.hu.kft@szamlazz.hu
The data processor's website: https://www.szamlazz.hu/
The Data Processor, based on the contract with the Data Controller, assists in the record-keeping of accounting documents. In this process, the Data Processor handles the name and address of the data subject to the extent necessary for accounting records, for the duration specified in Section 169 (2) of the Accounting Act, after which it deletes them.
Name of the data processor: Shopify International Limited
Registered office of the data processor: 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
The data processor's phone number: 0800-808-5233
The data processor's e-mail address: support@shopify.com
The data processor's website: https://www.shopify.com/
The Data Processor, based on the contract with the Data Controller, assists in the record-keeping of orders. In this process, the Data Processor handles the name, address, phone number of the data subject, as well as the number and date of the orders within the civil law limitation period.
Name of the data controller: Stripe Inc
Data controller's headquarters: 354 Oyster Point Blvd South San Francisco, CA 94080 United States
The data controller's phone number: +36706333743
The data controller's e-mail address: support@stripe.com
The data controller's website: www.stripe.com
The payment service provider cooperates in the execution of the Online payment based on the contract concluded with the Data Controller, during which data transfer takes place to the online payment service provider in the course of the purchase process. In this process, the online payment service provider handles the affected billing name and address, the order number, and the time according to its own data management policies.
The purpose of data transfer: to provide the online payment service provider with the transaction data necessary for the payment operation initiated with them related to the purchase.
The legal basis for data transfer: pursuant to Article 6(1)(b) of the Regulation, the performance of the contract concluded between you and the Data Controller, which includes payment by the buyer, and in the case of online payment, the data transfer according to this point is necessary for the payment.
Within the duration of data processing, you are entitled to the following rights in accordance with the provisions of the Regulation:
If you wish to exercise your rights, it will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, for identification purposes, it will be necessary to provide personal data (but the identification can only be based on data that the Data Controller already manages about you), and your complaints related to data management will be accessible in the Data Controller's email account within the time frame specified in this information notice regarding complaints. If you were our customer and wish to identify yourself for complaint handling or warranty processing, please also provide your order identification. Using this, we can also identify you as a customer.
The Data Controller shall respond to complaints related to data management within 30 days at the latest.
You have the right to withdraw your consent to data processing at any time, in which case the provided data will be deleted from our systems. However, please note that if the order has not yet been fulfilled, withdrawal may result in us being unable to complete the delivery to you. Furthermore, if the purchase has already been made, we cannot delete the billing-related data from our systems due to accounting regulations, and if you have an outstanding debt with us, we may continue to process your data based on the legitimate interest related to debt collection even if you withdraw your consent.
You are entitled to receive feedback from the Data Controller regarding whether the processing of your personal data is ongoing, and if data processing is ongoing, you are entitled to:
The purpose of exercising the right may be to establish and verify the lawfulness of data processing; therefore, in the case of multiple requests for information, the Data Controller may charge a reasonable fee for providing the information.
The Data Controller ensures access to personal data by sending you the processed personal data and information via email after your identification. If you have a registration, access is provided by allowing you to view and verify the personal data processed about you by logging into your user account.
Please indicate in your request whether you are requesting access to personal data or information related to data processing.
You are entitled to request that the Data Controller correct any inaccurate personal data concerning you without delay.
You are entitled to request that the Data Controller restrict the processing of data if any of the following conditions are met:
the data processing is unlawful, but you oppose the deletion of the data for any reason (for example, because the data is important to you for enforcing a legal claim), therefore you do not request the deletion of the data, but instead request the restriction of their use;
the Data Controller no longer needs the personal data for the specified purpose of data processing, but you require them for the submission, enforcement, or defense of legal claims; or
If data processing is subject to restriction, such personal data may only be processed, except for storage, with the consent of the data subject, or for the purpose of asserting, enforcing, or defending legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a Member State.
The data controller will inform you in advance (at least 3 working days before lifting the restriction) about the lifting of the data processing restriction.
You have the right to have the Data Controller delete your personal data without undue delay if any of the following reasons apply:
If the Data Controller has disclosed personal data about you for any lawful reason, and is obliged to delete it for any of the reasons mentioned above, it must take reasonable steps—considering the available technology and the cost of implementation—including technical measures, to inform other data controllers processing the data that you have requested the deletion of links to the personal data in question or copies or duplicates of such personal data.
Deletion is not applicable if data processing is necessary:
You have the right to object at any time to the processing of your personal data based on legitimate interests for reasons related to your particular situation. In this case, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or grounds related to the establishment, exercise, or defense of legal claims.
If the processing of personal data is carried out for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, insofar as it is related to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data can no longer be processed for this purpose.
If the data processing is carried out in an automated manner, or if the data processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format, if this is technically feasible, you may request that the Data Controller transmit the data in this format to another data controller.
You are entitled not to be subject to a decision based solely on automated data processing (including profiling) that would have legal effects concerning you or similarly significantly affect you. In such cases, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms, and legitimate interests of the data subject, including at least the right of the data subject to request human intervention from the data controller, express their viewpoint, and contest the decision.
The above do not apply in the case where the decision:
According to the provisions of the Infotv., the Data Controller was required to report certain data processing activities to the data protection register. This reporting obligation ceased on May 25, 2018.
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and against becoming inaccessible due to changes in the technology used.
The Data Controller does everything within organizational and technical possibilities to ensure that the Data Processors also take appropriate data security measures when handling your personal data.
If you believe that the Data Controller has violated any legal provision related to data management or has not fulfilled any of your requests, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information to terminate the presumed unlawful data management (mailing address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969, +36 (30) 549-6838; +36 (1) 391 1400).
We also inform you that in the event of a violation of the legal provisions regarding data management, or if the Data Controller has not fulfilled any of your requests, you may initiate a civil lawsuit against the Data Controller before a court.
The Data Controller reserves the right to modify this data management information in a way that does not affect the purpose and legal basis of data processing. By using the website after the modification takes effect, you accept the modified data management information.
If the Data Controller wishes to carry out further data processing with the collected data for a purpose different from the purpose of their collection, they will inform you about the purpose of the data processing and the following information before the further data processing.
Data processing can only begin after this, if the legal basis for data processing is consent, you must also give your consent in addition to the information provided.
