The objective of the present data processing information is to give particulars on the activities and practice of Pullit! Kft. (“Pullit!”) as data controller regarding to data processing and data management, based on the Regulation No. 2016/679 (“Regulation”) of the European Parliament and of the Council.
With the present data processing information Pullit! Kft. fulfils its obligations to provide prior information as laid down in the Act CXII of 2011 on informational self-determination and freedom of information (“InfoAct”).
- Data Controller
Name: Pullit! Kft. (‘data controller’)
Registered seat: 1212 Budapest, Lőcsei utca 19, Hungary
Company registry number: 01-09-736635
Tax number: 13465904-2-43
Managing director: Mr. Rüdiger Happe
- Terms & definitions
Data subject: shall mean any natural person, who may be identified directly or indirectly based on any definite, personal data (InfoAct, Article 3, (1)) ; a natural person is defined to be identified, if directly or indirectly, it may be identified based on one or more factors regarding identity, in particular an identifying personal data (Regulation, Article 4. (1))
Personal data: shall mean any information relating to an identified or identifiable natural person (‘data subject’) an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (InfoAct Article 3 (2), Regulation, Article 4 (1))
Data controller: shall mean a natural or legal person, or an entity without a legal personality, which alone or jointly with others determines the purposes and means of the processing of personal data; reaches decisions regarding data processing (including the tool used) and implements them, or ensures the implementation by a data processor appointed by him; (InfoAct Article 3 (9), Regulation, Article 4 (7))
Data controlling: shall mean any operation or a set of operations, irrespective of the procedure applied, in particular: any collection, recording, classification, systematisation, storage, adaptation or alteration, use, consultation, consultation by transmission, disclosure, alignment, combination, restriction, blocking, erasure or destruction, as well as preventing further use of the data, taking photos, making voice or visual recordings, just as any recording of identifying physical characteristics (e.g. finger–, or palmprints, DNA-profile, iris characteristics) (InfoAct Article 3 (10), Regulation, Article 4 (2))
Data processing: shall mean operations related to the technical tasks of data processing, irrespective of the method and tools applied for the implementation of the operations, as well as the place of application, provided, that the technical task is being carried out on the data; (InfoAct Article 3 (17))
Data processor: shall mean a natural or legal person, or an entity without a legal personality, a public authority, agency or any such body processing data based on a valid contract with the data controller, including a contract in compliance with the provisions of law; controls personal data on behalf of the data controller; InfoAct Article 3 (18), Regulation, Article 4 (8).
Third party: shall mean a natural or legal person, or an entity without a legal personality who or which is not identical with the data subject, the data controller or the data processor (InfoAct Article 3, (22)) or those persons who have the authorisation to control personal data, under the direct management of the data controller or the data processor (Regulation, Article 4 (10));
Consent of the data subject: shall mean a freely given and explicit statement on the wishes of the data subject, which is based on appropriate information provided to them and by which it gives its unambiguous consent to the control of its personal data – unlimited or limited to certain operations;
Data transmission: shall mean making the data available to a defined third party (InfoAct Article 3 (11));
Erasure of data: shall mean making data unrecognisable in a way that their restoration may not be possible any longer (InfoAct Article 3 (13));
Statement of objection: shall mean a statement from the data subject to claim the processing of its data, and may demand the suspension or termination of the data processing or erasure of its data processed (InfoAct Article 3 (8));
Privacy incident: shall mean a security breach may resulting in accidental or illegal annulment, lost, change or unauthorized disclosure of to the transmitted, stored or in other ways processed data or facilitates an unauthorized access to them.
- Activities related to the data processing
The Controller is using cookies at the website. Cookies are small text files of information stored by your browser on the hard drive of your computer. Cookies allow web applications to adjust their operation to your preferences and to learn more about your likes and dislikes, by collecting and storing preference-related information.
Purpose of data processing: To improve the quality of the Controller’s services; to develop the website content according to the visitors’ needs
Duration of data processing: Until the cookies are deleted by the Data Subject
Erasure or modification of data: Most browsers allow you to view the active cookies on your computer and you may delete them, furthermore you can block the cookies of a specific website or all of the websites. You have the option to set your browser so that it will reject the cookies or warn you when cookies are sent to your device.
- Purchasing and registration
Processed personal data: Surname and first name, country, telephone number, e-mail, billing address, delivery address
Purpose of data processing: To comply with the obligation to provide/issue invoices; To exercise and perform the rights and obligations arising from the contract concluded with the Data Subject
Legal basis of data processing: Legitimate interest, mandatory data processing required pursuant to the tax regulations (statutory legal provision)
Duration of data processing: Obligation of retention according to the tax laws: 10 tax years; the period of time required for achievement of the purpose of data processing
Erasure or modification of data: The Data Subject can ask for information about the processed data and may request rectification of such data.
Payment takes place at SIX Payment Services’ website. Controller shall not receive any information about the data content of the SIX Payment Services payment site (i.e. the data of the respective bank or credit card) since the payment site is a completely secure and protected Internet site, independent from the Controller.
If the Customer had given its consent upon registration, Pullit! Kft. is entitled to send a newsletter and to ensure the unsubscription of it – in line with the InfoAct.
Processed personal data: Surname and first name, e-mail address
Purpose of data processing: Provision of information to the persons subscribing to the newsletter about the Controller’s activities, services, different news.
Legal basis of data processing: The data subject’s voluntary consent
Duration of data processing: Until withdrawal of the consent granted for the sending of newsletters, but maximum for the period of time required for achievement of the processing purpose.
- Policy on processing data and data transmission
- Website operator, webhosting, system administrator, data storage:
Registered seat: 8000 Székesfehérvár, Budai út 9-11
- Payment Services
SIX Payment Services
Registered Seat: Hardturmstrasse 201, 8021 Zurich,Switzerland
E-Mail: For SIX Payment Services Ltd: firstname.lastname@example.org
For SIX Payment Services (Europe) S.A.: email@example.com
Data controller shall pay attention to data protection of its Customers and partners and to respect their rights to informational self-determination. Therefore, it guarantees to handle any obtained personal data confidentially and shall endeavour to make every effort to ensure safety of these data.
Objective of the data control: the data processor/controller and the operating parties solely process the data of the data subject in connection with the purchase or to deliver them and fulfil related legal obligations.
Data to be processed: The data of the Customer provided at www.pullit.eu, such as name, address, e-mail, delivery address, phone number, classified password. On the invoice there will be stated the name and address of the data subject. Electronic invoice may only be sent to the e-mail address provided by the Customer, or will be given to them upon personal pickup, or in case of a delivery, sent in closed packaging.
The data obtained upon registration, purchase order or e-mail request/upon placing an order are confidential and will be used and managed by the data controller and the data processor for the purpose of fulfilling purchase orders.
Data subject shall be responsible for the veracity of the data provided, these shall not infringe any personal or other rights of third parties.
- Data is provided on a voluntary basis (newsletter) or mandatory (invoicing, placing an order). The Customer gives its consent to the data processing by registering on the website or subscribing to newsletter and giving its personal data mandatory in order to place a purchase order.
- Processing of the data is being carried out by the data controller and the data processor.
- Data controller may use the personal data of the data subject free of charge in order to fulfil the purchase orders and for its documentation.
- Pullit! Kft. as data controller offers the Customers the possibility to store their data for the next purchase order so that they would not have to be provided every single time again. If the Customer does not avail itself of this opportunity, it might initiate the complete deletion of its data after having placed its purchase order.
- The date controller transmits the personal data provided in relation to the given purchase order to its contracted logistics partners, who in this respect also qualify as data processors. Transmission of the personal data is aiming the fulfilment of the delivery of the purchase order.
- Data storage and access
Data retention period: if a purchase order was placed through the website, the personal data may be processed up to one year, or until the withdrawal of consent of the data subject. Pullit! offers guarantee for its products for one year. In order to apply guarantee and the potential reproduction of the product we store the data related to the purchase order and to the Customer, as well as parameters of the product.
In case of individual purchase orders, where the demand of the Customer is different from the products to be designed under “custom items – design your own” at the www.Pullit.eu website, the purchase order and therefore the product may be linked to the Customer (and to its personal data) in order to enable reproduction and may be stored until the withdrawal of consent by the data subject.
Excluded of the foregoing are the data of the accounting documents, which may be stored in compliance with national law.
- Rights of the Data subject
Pullit! Kft. guarantees that the data management follows the legal requirements in force. The rights of the data subject concerning the data management and the rules of judicial remedies are being stated in the Act CXII of 2011 on informational self-determination and freedom of information (‘InfoAct’) and Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Based on the legislations above the Customer may request the rectification of its personal data, restriction of the data processing, deletion of the data processed, or further supply of information on the data processing. It may oppose to third parties’ interest in processing its personal data (e.g. surveys).
Data subject is entitled to receive the personal data related to it in a typed, legible form, and to transmit those data to another data controller or processor, if the data management is being carried out on a consent and in an automated way.
If the Customer wishes to delete or amend its data in the database, it may express its intention at any times, without any restriction or justification, free of charge at info@Pullit.hu or by sending a postal item to the data controller, in both cases with the subject indicated “Modification of processing personal data”.
Customer accepts and acknowledges that deletion of its personal data does not automatically mean the deletion of the purchase order already placed. In regard to the withdrawal from the order there shall be Clause 8 of the GTC (General Terms and Conditions) indicative.
Customer has the right to object the processing of its personal data. Data controller shall examine this request within the shortest time possible, but maximum within 25 days, shall take a decision on its reasonable justification and inform the petitioner about its decision in a written form.
The right of the data subject to legal remedy: In case the data subject does not agree with the decision taken by the data controller, it may be going to court within 30 days after the communication.
Legal remedies or complaints may be filed with the National Agency for Data Protection:
Name: National Agency for Data Protection
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Phone number: +36 (1) 391-1400
Any privacy incident shall be reported to the responsible authorities (National Agency for Data Protection) without an unreasonable delay – within 72 hours – unless the incident is unlikely to risk any rights of natural persons. Should the incident be likely to carry high risks in regard to the rights and freedoms of natural persons, data controller shall inform the data subject about the incident without undue delay.
- Other provisions
The Controller’s pages contains weblinks or hyperlinks pointing to pages operated by other service providers (such as Facebook and Instagram) where the Controller has no influence over the processing of personal data, therefore the Controller does not assume any liability for the data processing or data transmission actions or personality right related procedures executed by these pages.
Budapest, 1 July 2020