PRIVACY NOTICE AND INFORMATION ON THE PROCESSING OF PERSONAL DATA

1. Purpose and Scope of the Notice

The goal of this Privacy Notice and Information on the Processing of Personal Data (hereinafter referred to as: „Notice”) is to determine the legal procedure for the use of registers/databases of Monochrome Design Kft. / LLC. (Company Registration Number: 01 09 890786, Budapest, 1026. Nyúl utca 18.) (hereinafter referred to as: „Controller of Data”), and to guarantee the enforcement of the requirements of constitutional standards of data protection, the informational right of self-determination and that of data privacy. Furthermore, its goal is that everyone can dispose of their personal data within the framework of the legal regulations, learn about the circumstances of their management, and prevent unauthorized access, changes and unauthorized disclosure of data. Furthermore, this Notice serves as information for those concerned to present the data management practices of the Data Collector. The scope of the Notice covers the handling of personal and special data at all organizational units of the Data Collector.

 

2. Governing Law

Regulation (EU) 2016/679 of the European Parliament and of the Council, on the protection of natural persons with regard to the management of personal data and the free flow of such data. furthermore on the repeal of 95/46/EK regulation (general data protection regulation; hereinafter referred to as „GDPR”)

๏      year CXII.  act on the right to self-determination of information and freedom of information (hereinafter referred to as: „Infotv.”)

๏      year V. act on Civil Code (hereinafter referred to as: „Ptk.”)

๏      year CXXX. act on civil procedure (hereinafter referred to as: „Pp.”)

๏      year CVIII. act  - on certain issues of electronic commercial services and services related to the information society - (hereinafter referred to as: „Eker. tv.”);

๏      year XLVIII. act – on the basic conditions and certain limitations of commercial advertising activity (hereinafter referred to as: „Grt.”).

 

3. Information on the Data Contoller

Data Controller: Monochrome Design Kft. /LLC.

Registered address: 1026 Budapest, Nyúl utca 18., magasföldszint 1. (Nyul street 18, level 1)

Managing Director: Karajz Zsolt

Company Registration Number: 01 09 890786

Tax ID: 14142242241

Phone number: +36 30 434 6850

Email address: info@mokointerior.com


4. The scope of personal data managed, the purpose, duration and legal title of data management

The Data Controller carries out its data processing based on the voluntary consent of the data subjects or on the basis of legal authorization. In the case of voluntary consent, the data subject may at any time request information on the scope of the processed data and the manner in which it is used, and may also withdraw its consent, except in specific cases in which the data processing continues based on a legal obligation (in such cases, the Data Controller provides the data subject with information on the further processing of the data).

Data informants are obliged to provide all provided data accurately to the best of their knowledge.

If the data informant does not provide its own personal data, the informant is obliged to obtain the consent of the data subject.

If the Data Controller forwards the data to data processors or other third parties, the Data Controller keeps a record of these transmissions. The record of data transmission must include the recipient, the method, the date of the data transmission, as well as the scope of the data transmitted.

 

Subscription to the newsletter

Legal basis of the data management: data subject’s consent

Scope of managed data: name, e-mail address

Goal of data management: sending digital materials and offers by e-mail

Data transfer: does not occur

Data processors: Monochrome Design Kft. / LLC.

Data deletion deadline: until cancellation / revocation

The possible consequence of the lack of data communication: the impossibility of downloading the free material; making it impossible to send free blog article notifications; making it impossible to send free video broadcast notifications; making it impossible to send notifications of free social content; making it impossible to send offer notifications; the impossibility of health-related offer notifications announced by the company's partners

 

Ordering physical products

Legal basis of the data management: data subject’s consent; following the purchase: fulfillment of legal obligation the phone number is used for troubleshooting and for the efficiency of the courier service

Scope of the managed data: e-mail address, name, phone number, address of residence (delivery address), company data, place of birth, date of birth, mother’s name

Goal of data management: fulfillment of contractual obligation, as well as handing over the ordered material and solving technical problems that arise  

Data transfer: to DHL courier service, in order to deliver the product.

Legal basis of the data transfer: fulfillment of contractual obligation.

Data Processors: Monochrome Design Kft. / LLC , DHL courier service.

Deadline for the deletion of data: 9 years after providing the data.

The possible consequence of the lack of data communication: until the ordered product is received: the impossibility of fulfilling the order; in the case of failure to provide the telephone number, the delivery of the product is more likely to fail, in which case the Data Controller reserves the right to attempt repeated delivery at the expense of the person concerned; after completion, only the bank account data and the telephone number can be requested to be deleted (deletion of the former can only be deleted after making a statement if the owner of the data declares that the transaction was completed correctly and does not dispute the transaction in any way), the other data (name , e-mail address, residential address, delivery address) cannot be deleted until the specified date due to legal obligations.

 

5. Data subjects’ rights, legal remedies

At any time, the data subjects can request information in writing from the Data Controller about the way their personal data is managed, indicate their request for deletion or modification, and withdraw their previously given consent at the contact details provided in point 3.

The data subject may not exercise its right to deletion in the case that data management is required by law. 

Content of the right to information: Based on the data subject's request, the Data Controller provides the data subject with the information listed in Articles 13 and 14 of the GDPR regarding the processing of personal data, as well as providing the information contained in Articles 15-22 and Article 34 in a concise, understandable form.

Content of the right to access:  At the request of the data subject, the Data Controller provides information on whether the Data Controller is currently processing data associated with the data subject. If the Data Controller is processing the applicant's data, the data subject is entitled to access with regard to the following:

  1. The personal data concerning the data subject;

  2. goal(s) of the data management;

  3. categories of personal data concerning the data subject;

  4. the persons to whom the data subject’s data has been disclosed or will be disclosed;

  5. the duration of data storage;

  6. the right to correction, deletion, and restriction of data processing;

  7. the right to appeal to the court or to the supervisory authority;

  8. the source of the processed data;

  9. profiling and/or automated decision-making, as well as the details and practical effects of such application;

  10. transfer of processed data to a third country or international organization.

๏      In the event of a request for data according to the above, the Data Controller will issue to the data subject a copy of the data processed by Data Controller corresponding to the request. Upon separate request, it is possible to request electronic delivery from the Data Controller.

๏      Data manager requests an administration fee of HUF 500 per page for each additional copy

๏      The deadline for issuing the requested data is 30 days from the receipt of the request.

๏      Right to rectification: The data subject may request the correction of inaccurate data concerning him/her managed by the Data Controller.

๏      Right to deletion: If any of the following reasons exist, then, at the request of the data subject, the Data Controller will delete the data concerning the data subject as soon as possible, but no later than within 5 working days:

1.     The data was processed illegally (without legal authorization or personal consent);

2.     the processing of the data is unnecessary for the realization of the original purpose;

3.     the data subject withdraws its consent to data processing and the Data Controller has no other legal basis for data processing;

4.     the data in question was collected in connection with the offering of services related to the information society;

5.     personal data must be deleted to fulfill the legal obligations of the Data Controller

๏      It is not possible for the Data Controller to delete the data if the data management is still necessary for any of the following:

1.     further data management is necessary to comply with the legal requirements applicable to the Data Controller;

2.     necessary for the purpose of exercising the right to express an opinion and to obtain information;

3.     public interest;

4.     for archival, scientific, research or statistical purposes;

5.     to assert or defend legal claims

๏      The right to limit data processing: If any of the following reasons exist, the Data Controller will limit data processing at the request of the data subject:

  1. The data subject disputes the accuracy of the data concerning him, in which case the restriction applies to the time until the review of the accuracy and correctness of the data in question takes place in a satisfactory and credible manner;

  2. the data processing is illegal, but at the same time the data subject requests not to delete it, but only requests the limitation of data processing;

  3. the data are no longer needed for data management, but the data subject requests their further storage to enforce or protect their legal claims;

๏      If the Data Controller introduces restrictions on any managed data, during the period of the restriction, it will only manage the relevant data if and to the extent that:

  1. the data subject consents

  2. necessary to assert or defend legal claims;

  3. necessary to assert or protect the rights of another person;

  4. necessary to assert public interest.

๏      Right to withdraw:  The data subject has the right to withdraw his consent to the Data Controller - in writing - at any time. In the event of such a request, the Data Controller shall immediately and permanently delete all data that it has processed in relation to the data subject and whose further storage is not required by law or is not necessary for the enforcement or protection of rights related to legitimate interests. The legality of the data management up to the withdrawal of the consent is not affected by the withdrawal.

๏      The Right to Data Portability: The data subject has the right to request that the data controller transmits the data relating to him to another data controller in a commonly used format that can be read by computer software. The Data Controller fulfills the request as soon as possible, but within 30 days at the latest.

๏      Automated decision-making and profiling: The data subject has the right not to be the subject of a decision based solely on automated data management (e.g. profiling) that would have a legal effect on him or otherwise adversely affect him. This right is not applicable if:

  1. data management is essential for the purpose of concluding or fulfilling the contract between the data subject and the Data Controller;

  2. the data subjects expressly consents to the application of such procedure;

  3. its application is permitted by law;

  4. its necessary to protect or enforce legal claims.

6. Contact

The e-mail received during contact with the Data Controller and its content (especially the sender's name, address, date, attachments) are stored by the Data Controller for 5 years and then deleted. 

7. Method of data storage and provision

๏      The Data Controller keeps the data it manages – both in paper and electronic form – at its headquarters.

๏      An exception to point (1) is the data stored by the data processors of the Data Controller, whose storage location is located at the headquarters of the data processors.

๏      The Data Controller uses an IT system for its operation that ensures that the data:

  1. its immutability can be verified (data integrity);

  2. authenticity must be ensured (authenticity of the data);

  3. be accessible to those entitled to it (availability);

  4. and, to be protected against unauthorized access (data confidentiality).

๏      Data protection particularly extends to:

  1. unauthorized access;

  2. changing;

  3. forwarding;

  4. deletion;

  5. disclosure;

  6. accidental damage;

  7. accidental annihilation;

  8. or to inaccessibility resulting from a change in the technique used

๏      In order to protect the electronically managed data, the data manager uses a solution that provides an appropriate level of security according to the current state of the art. During the examination of compliance, particular emphasis is placed on the degree of risk arising during data processing by the Data Controller. IT protection ensures that the stored data cannot be directly assigned or linked to the data subjects (unless permitted by law).

๏      During its data management, Data Controller ensures that:

  1. the person entitled to access should have access whenever needed 

  2. only those should access the information who has the authority to do so;

  3. the accuracy and completeness of the information and the method of processing must be protected

๏      The Data Controller and any potentially used data processors at all times provide protection against fraud, espionage, viruses, break-ins, vandalism, and natural disasters against their IT systems. The data manager (or the data processor) uses server-level and application-level protection procedures. 

๏      Messages sent to the Data Controller via the Internet - in any form - are highly exposed to network threats that lead to the modification of information, unauthorized access, or other illegal activities. At the same time, in order to safeguard against these threats, the Data Controller does everything that can reasonably be done and is expected of it according to the state of the art at the time. To this end, the applied systems are monitored in order to record security deviations, to obtain evidence of a security incident, and to examine the effectiveness of precautions.


8. Treatment of Cookie(s)

๏      The purpose of cookies is to collect information about visitors and their devices; they record the individual settings of the visitors, which will/can be used, e.g. when using online transactions, so there is no need for retyping the information; facilitate the use of the website; they provide a quality user experience. In order to provide customized service, a small data package, so-called „cookie” is placed on the user’s computer that is read by it during the user’s next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user's current visit with previous ones, but only with regard to its own content.

๏      Session cookies are absolutely necessary. The purpose of these cookies is to allow visitors to fully and smoothly browse the website, use its functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing. ,

๏      Cookies placed by third parties: Google's third-party cookies are also used on our company's website. By using these services for statistical and marketing purposes, it collects anonymous information about how visitors use the websites. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.

๏      Deletion of cookies: During the first visit, the user can decide whether to consent to the storage of cookies. If the user later decides to delete its data, the user can do so in its browser settings.


9. Procedural rules

๏      If based on GDPR’s Articles 15-22. Data Controller receives a request, accordingly the Data Controller shall inform the data subject in writing as quickly as possible, but no later than within 30 days, of the measures taken based on the request.

๏      If the complexity of the request or other objective circumstances justify it, the above deadline can be extended once, for a maximum with 60 days. The Data Controller shall notify the data subject in writing of the extension of the deadline, together with the appropriate justification for the extension.

๏      Data Controller provides the information free of charge, unless:

  1. the data subject repeatedly requests information/measures on essentially unchanged content;

  2. the request is clearly unfounded;

  3. the request is excessive

๏      In the cases contained in the third clause, Data Controller is authorized to: 

  1. deny the request;

  2. bind the fulfillment of the request to the payment of a reasonable fee related to it.

๏      If the applicant requests the transfer of data on paper or electronic media (on CD or DVD), the Data Controller will transfer a copy of the relevant data free of charge in the manner requested (unless the chosen platform would be technically disproportionately difficult). An administration fee of HUF 500 per page/CD-DVD is charged for each additional requested copy. 

๏      The data controller notifies all persons to whom the relevant data were previously disclosed of the correction, deletion, or restriction it has implemented, unless the disclosure is impossible or requires a disproportionately large effort.

๏      If requested by the data subject, the Data Controller will provide information about  the persons to whom their data has been forwarded to.

๏      The Data Controller shall respond to the request in electronic form, unless:

  1. the data subject specifically requests the answer in a different way, and it does not cause unreasonably high additional expenses for the Data Controller;

  2. the Data Controller does not know the electronic contact information of the data subject.

 

10. Damages

๏      If any person concerned suffers material or non-material damage as a result of the violation of data protection legislation, he is entitled to demand compensation from the Data Controller and/or the data processor. If the Data Controller and data processor(s) are also involved in the infringement, they are jointly and severally liable for the resulting damage.

๏      The data processor is only responsible for the damages incurred if it has violated the provisions of the relevant data protection legislation specifically formulated for data processors, or if the damage occurred due to disregarding the instructions of the Data Controller.

๏      The Data Controller and any data processors are only liable if they cannot prove that they are not responsible for the event or circumstance that caused the damage.


11. Remedies

๏      If you have objections or problems related to the Data Controller's data management, please feel free to contact the Data Controller's data protection officer.

๏      If, according to the data subject's point of view, his rights have been violated by the Data Controller and/or the data processors, he is entitled to a court, in accordance with the Civil Code, with jurisdiction and authority. The court acts promptly in the case.

๏      If the data subject wishes to make a complaint about data management, he can do so at the National Authority for Data Protection and Freedom of Information, at the following contact address: registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.; mailing address: 1530 Budapest, Pf.: 5. Phone: 06-1/391-1400; fax: 06-1/391-1410; e-mail address: ugyfelszolgalat@naih.hu; website: www.naih.hu.


12. Cooperation with Authorities

๏      If the Data Controller receives an official request from the authorized authorities, it will be obligated to hand over the specified personal data.

๏      The Data Controller only provides data in the cases referred to in clause (1) that are absolutely necessary to achieve the goal indicated by the requesting authority.


13. Activities of external service providers

External Service Providers:

Monochrome Design Kft.; in the course of some of the Services of the companies belonging to MOKO Interior, is considered to be a cooperating partner determined in terms of the sub-service(s) defined in the Terms of Use, and together with the Companies belonging to MOKO Interior, it is considered to be a multiple data manager or data processor.

Some third-party service providers manage data according to their own data management policies.

Current list of our data processors:

Magyar Posta Zrt. / Ltd.

Principal business activity: 5310. Postal activity (with universal obligation)

Registered address: 1138 Budapest, Dunavirág utca 2-6.

Tax ID: 10901232-2-44

Company registration number: 01-10-042463

Website: www.posta.hu

Scope of transmitted data: usernames, zip code and address, billing name and address, delivery name and address, package collection name and address, cash on delivery amount.

Goal of transmitted data: delivery of packages, samples, materials, tools

 

Mediacenter Hungary Kft. /LLC.

Principal business activity: 6209. Other informational-technological services

Registered address: 6000 Kecskemét, Erkel Ferenc utca 5.

Tax ID: 13922546203

Company registration number: 03 09 114492

Website: www.mediacenter.hu

Scope of transmitted data: Usernames, e-mail address, phone number, place of residence / registered address, billing name and address, delivery address.

Goal of transmitted data: provision of server services for the purpose of data storage, among other things.

 

DHL Express Magyarország Kft. /LLC.

Principal business activity: 5320. Other postal and courier activity  

Registered address: 1185 Budapest, BUD Nemzetközi repülőtér / International airport 302. ép.

Tax ID: 10210798244

Company registration number: 01 09 060665

Website: www.dhl.hu

Scope of transmitted data: user’s name, zip code and address, billing name and address, delivery name and address, package collection name and address, cash on delivery amount

Goal of transmitted data: domestic and international delivery of packages, samples, materials, tools. 

 

Ábrahám Műhely Kft. /LLC.

Principal business activity: 1623. Production of carpentry products

Registered address: 2234 Maglód, hrsz. 1534/5

Tax  ID: 13231332213

Company Registration number: 13 09 098115

Website: www.szepbutor.hu

Scope of transmitted data:  user's name, zip code and address, billing name and address, delivery name and address, package collection name and address, cash on delivery amount.

Goal of transmitted data: Delivery of products and devices

 

Mailchimp

Registered address: The Rocket Science Group, LLC 675 Ponce de Leon Ave NE; Suite 5000

Atlanta, GA 30308 USA

Website: www.mailchimp.com

Scope of transmitted data: user’s name, e-mail address, IP address..

Goal of transmitted data: electronic newsletters, sending promotions, database management   

 

Budapest, March 31, 2023