Privacy policy

PRIVACY POLICY/USER AGREEMENT/GDPR
The provision of data is voluntary
The purpose of this information is to provide you with concise, transparent and comprehensible information regarding the handling of your personal information, in clear and unambiguous terms.
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46 / EC (General Data Protection Regulation) (GDPR), the website operator provides the following information.
"Personal Data" under the GDPR
Any information relating to an identified or identifiable natural person ("data subject"); identifiable by a natural person who, directly or indirectly, in particular by virtue of one or more factors such as name, number, positioning data, online identification or physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person identified.
It is a priority to protect the personal information we provide to our clients. In this respect, we will fully contribute to the provision of safe internet access for visitors, in full compliance with applicable laws. The Website treats the personal data of the visitors confidentially, in accordance with the applicable legal regulations, ensures their security, takes technical and organizational measures and establishes rules of procedure in order to fully comply with the principles of data management and protection.
This Prospectus contains the principles that govern our practice with respect to the handling and protection of personal data, taking into account applicable laws. If you have any questions regarding the content, interpretation or application of this Prospectus, please contact us. At the request of our clients, we will always provide detailed information about the personal data processed, the purpose, legal basis, duration, and activities related to the data processing, as requested.
I. Principles of Data Management
We handle the data in a manner that ensures appropriate security of personal data through appropriate technical and organizational measures. To this end, we have taken all necessary precautions to prevent unauthorized or unlawful handling, accidental loss, destruction or damage to the data.
II. Objectives and Practice
1. Purpose of Data Management: sending free higher resolution photo(s) to be background photo, sending quotes, talking with the interested people over the phone, selling oil and acrylics paintings, fulfilling orders, issuing invoice, sending electronic advertising or other addressed content to the buyer, market research, compiling statistics.
2. When our customers are on the Website, they can usually do so without having to disclose their identity or provide any personal information. When the customer request a painting quote or purchases a painting, it will be needed to provide personal information. When purchasing a painting or other product, the invoicing details will also be needed.
3. The purpose of the management of the data provided by the customer on the Website is primarily to fulfill the orders placed in the webshop, to deliver the ordered products, to handle warranty and other legal claims, and to maintain contact with the customer.
This information is required to purchase the products offered by the webshop (placing an order), so if you do not provide your personal information, you may not be able to use this service, without filling in the order, the order cannot be successfully completed, so failure to fill in or inadequate filling in of certain fields may result in rejection of the registration or failure to place the order. These elements are required data elements.
Personal information is required to place an order and fulfill it. Required information: name, address, email address, phone number, billing information: billing name, zip code, city, street and house number.
The following personal information is requested if the customer asks for a price or custom quotation: name, email address, telephone number, title of the product interested, message.
4. We do not supplement or link personal or other data provided by data subjects with data or information from other sources. Under no circumstances will we disclose any personal information made available by our clients to third parties unless authorized or legally required to do so
5. If the Authorized Authorities request the Provider to provide personal data in the manner prescribed by law, they shall, subject to their legal obligation, provide the requested and available information.
6. In the event that our clients provide us with personal information, we will take all necessary steps to ensure the security of this information, both during network communication and when storing or storing the data.
7. The Operator shall send to its clients a business message and a newsletter only with the prior consent of the stakeholders and shall always ensure the termination of such communication services. Interested parties who, at any time after subscribing to the newsletter service offered on our sites, decide not to receive the newsletter anymore may opt-out by sending an email. You can find the email address on the same web page where the service was ordered.
8. The Operator uses the IP address of the customers visiting the Website for analytical / statistical purposes, on the one hand, to improve and improve the quality of its services, and on the other hand, for the aggregation of the traffic data.
III. Legal basis for data management
1. Subscribe
Registration is not required to use the Website. Signing up for the newsletter or free photos is voluntary and only an email address is needed to provide via a form. If the user requests more information about the items in the painting gallery, or interested to get a quote, he will submit his personal information via another form. The legal basis for data management is the User's consent under Article 6 (1) (a) of the GDPR. 
2. Order fulfillment
After placing the order, the Operator will confirm the order to the email address provided by the customer. The legal basis for the processing of personal data necessary for the fulfillment of the order, contact with the customer, delivery, enforceability of any legal claims arising from the order is the performance of the request of  the customer as a stakeholder pursuant to GDPR the fact that data management is necessary to take action at the customer's request. Delivering information, addressed content to customers (which is not a direct solicitation).
3. In some cases, 
customer information materials (such as new products, promotions, etc.) may be posted, and the legal basis for data processing during the posting of such content will be Article 6 (1) (b) of the GDPR and the fact that data management is necessary to take action at the customer's request. In some cases, notices are sent as part of a legal obligation (eg order confirmation), in which case the additional legal basis for data processing is Article 6 (1) (c) of GDPR (data processing necessary to fulfill the legal obligation of the Operator).
4. Direct marketing requests, market research
Data processing for direct marketing or market research purposes is subject to the customer's prior consent. The legal basis for data management in these cases is the voluntary customer consent pursuant to Article 6 (1) (a) of the GDPR.
5. Statistics, technical development of IT system, protection of clients' rights
The Operator manages the personal data provided by the customer for statistical purposes, for the protection of the rights of the customers, and for technical development and through this the provision of a high quality service, which is a legitimate interest of the data controller and third parties (further users). The legal basis for this kind of data management is GDPR. Pursuant to Article 6 (1) (f) the Operator or a third party has a legitimate interest.
6. Data management for the performance of a statutory or public interest task
Various pieces of legislation contain provisions that require the Data Controller to process certain personal data. Tax accounting legislation, eg. provide for a period of documentary evidence. In such cases, the legal basis for data management is the legal obligation on the Operator under Article 6 (1) (c) of the GDPR.
7. Data management is technically necessary to provide the service
The Operator uses the IP address of registered and unregistered customers visiting the Website for analytical / statistical purposes and to improve and improve the quality of its services. In order to maintain a high level of quality of our services, we use cookies on this website in order to provide the best user experience while browsing safely.
IV. Specification of the data to be managed
1) In the case of a free background image, only one email address is given. (The customer will receive a free image if they consent to the storage of their personal data, have read and accepted the privacy statement and voluntarily subscribed to the newsletter)
2) If you are interested in a quote, the website will request the following personal information: name, email address, telephone number. This is required to provide the information requested by the customer (the customer can send the completed form if he / she has read and accepted the storage of the personal information and to receive email updates from the gallery in the future. If you do not wish to subscribe, you may contact the Operator yourself using the contact information provided at "Contact" submenu)
3) The range of data required to place an order and complete it: surname, first name, email address, telephone number, billing name, zip code, city, street and house number. (The customer will be able to submit an order if they consent to the storage of their personal data, have read and accepted the privacy statement. However, signing up for the newsletter is not required for the order).
V. Duration of Data Management
For personal data required to fulfill an order or processed for warranty or other legal purposes, Operator shall, for the data processing requested by Customer, the duration of customer relationship between Customer and Operator, or the period during which Customer does not withdraw your consent. If the customer does not purchase the product for 2 calendar years following the order intent, the data management period will last until the end of the 2 calendar year following the registration, after which the data manager will immediately delete the data provided during the registration. Data management begins with the customer's newsletter registration, insight request or order placement. The customer's data will be deleted immediately if the customer withdraws his / her data management statement, unless the data is further processed for other purposes and on a legal basis (eg fulfillment of legal obligations, enforcement of legal claims, data processing for statistical and statistical purposes). Deleting data will end the data management
Controller and contact details for communicating and questions:
Name: Gerendás Paula e.v. (Hereinafter referred to as "the Operator")
Tax number: 67938218-1-33
Headquarters: 2030 Érd, Cseresznyefa u. 31st
Phone: +36 70 52 66 522
Email: paula.gerendas@gmail.com
Website: www.gerendaspaula.com ("Website")
VI. The fact and the recipients of the transmission of the data
The Operator shall use the information provided by the customer on the Website when placing an order - name, address, e-mail address, telephone number, billing name, full address - in the Billingo online billing program to create an invoice and store it in its own internal CRM system. in the case of non-transmission to a third party
VII. Additional information on data management for market research and direct marketing purposes
The operator shall inform the customers contributing to this activity that:
(1) the provision of data is voluntary,
(2) the legal basis for the management of the data is the informed consent of the data subject as set out in this Prospectus,
(3) the duration of the processing of the data is the period until the data subject's consent to the processing of the data is withdrawn,
(4) the data of the data subjects shall be accessible only to the employees of the Operator to the extent necessary for the performance of their duties.
VIII. Procedure of updating this privacy policy
This term and privacy policy will be reviewed annually, but we always keep an eye on it with our personnels.
IX. Your rights as an affected party
1. Pursuant to Article 15 of the GDPR, you may request access to your personal information as follows:
1. The data subject shall have the right to receive feedback from the Operator as to whether their personal data are being processed and, if so, to have access to the personal data and the following information:
(a) the purposes of the processing
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third-country recipients or international organizations;
(d) where applicable, the intended period for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
(e) the data subject's right to request from the Operator the rectification, erasure or restriction of processing of personal data concerning him or her and to object to the processing of such personal data;
(f) the right to lodge a complaint to a supervisory authority;
(g) if the data are not collected from the data subject, all available information on their source;
(h) the fact of automated decision-making, including profiling (Article 22 (1) and (4) of the GDPR) and, at least in these cases, clear information on the logic used and the importance of such data management; the expected consequences for the data subject.
2. Pursuant to Article 16 of the GDPR, you have the right to request the rectification of personal data concerning you. Having regard to the purpose of the processing, the data subject shall have the right to request that personal data which are incomplete be corrected, including by means of a supplementary declaration.
3. Pursuant to Article 17 of the GDPR, you have the right to request the deletion of your personal data if any of the following reasons exist:
(a) personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
(b) withdraws its consent to the processing and has no other legal basis;
(c) protests against data processing in the public interest, in order to exercise public authority or in the legitimate interest of the Operator (third party), and there is no overriding legitimate reason for data processing, or against data processing for direct business purposes;
(d) the personal data have been unlawfully processed;
(e) personal data must be deleted in order to comply with a legal obligation imposed by Union or Member State law (Hungarian law) applicable to the Operator;
(f) personal data have been collected in connection with the provision of information society services (Article 8 (1) GDPR).
However, please note that the Operator is not obliged to delete your personal data, even if requested to do so:
(a) for the exercise of the right to freedom of expression and information;
(b) to comply with a legal obligation to process personal data or to carry out a task in the public interest or in the exercise of official authority vested in the Operator,
(c) on grounds of public interest in the field of public health,
(d) for the purposes of archiving in the public interest, for scientific and historical research or for statistical purposes, if the right to erasure would be likely to render impossible or seriously jeopardize such processing; or
(e) for the filing, enforcement or defense of legal claims.
Pursuant to Article 18 of the GDPR, you have the right to request a restriction on the processing of your personal data if any of the following applies:
a) You contest the accuracy of your personal data, in which case the limitation applies to the period of time that allows the Operator to verify the accuracy of your personal data;
b) the data processing is unlawful and you object to the deletion of the data and instead request a restriction on their use;
c) The Operator no longer needs personal data for the purpose of data management, but you request it for the purpose of submitting, asserting or defending legal claims; obsession
d) You have objected to the processing of data in the public interest, in order to exercise public authority or to the legitimate interest of the Operator (third party); in this case, the limitation applies to the period until it is determined whether Operator's legitimate reasons take precedence over your own legitimate reasons.
If data processing is subject to restrictions as set forth above, such personal data, with the exception of the storage, shall only be with your consent, or for the purpose of filing, asserting or defending legal claims or protecting the rights of other natural or it is in the public interest.
We will inform you in advance of the lifting of the restriction on data management.
3. Pursuant to Article 20 of the GDPR, you are entitled to the portability of your personal data, that is, to the personal data you provide to your Operator, in a structured, widely used, machine-readable format, that this will be prevented by the Operator if your consent is used to manage the data and the data is managed in an automated manner.
When exercising your right to portability of data, you have the right to request the direct transfer of personal data between data controllers, where technically feasible.
4. Pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data as follows:
If the processing of personal data is based on a public-interest task or the legitimate interests of the Operator or a third party, the Operator may not further process the data unless there are compelling legitimate reasons overriding your interests and rights as the data subject legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for this purpose, including profiling, as long as it relates to direct marketing, in which case treated. However, please note that if the processing of data may be carried out on a different legal basis, such data may continue to be processed for a different purpose and on a different legal basis.
5. Pursuant to Article 7 (3) of the GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of the consent shall not affect the legality of the consent based data management prior to the withdrawal. You are entitled to withdraw your consent in the same simple manner as giving your consent.
6. Your right to a judicial remedy pursuant to Infotv. Article 22
In the event of unlawful data processing by you, you may institute civil action against the Operator. The trial court shall have jurisdiction over the case. The lawsuit can be instituted before the court of your domicile, according to the data subject's choice (see the list and contact details of these courts at http://birosag.hu/torvenyszekek).
X. Possibility of complaint to the supervisory authority
Without prejudice to other administrative or judicial remedies, any data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he or she is habitually resident, employed or allegedly infringed, if the data subject considers that his or her GDPR. In Hungary the competent supervisory authority is:
National Data Protection and Freedom of Information Authority (NAIH)
address: 1125 Budapest, Erzsébet Szilágyi alley 22 / c
postal address: 1530 Budapest, Pf .: 5
e-mail: ugyfelszolgalat@naih.hu
phone: +36 (1) 391-1400
fax .: +36 (1) 391-1410
Website: www.naih.hu