Barion Pixel

WELCOME TO YOUR MATCHA ERA. SLOW MORNINGS. SOFT DAYS.

Privacy Policy

1. Purpose of the data management notice

Ema Design Limited Partnership [(1037 Budapest, Tarhos u. 48.), hereinafter: Service Provider, Data Controller], as a data controller, acknowledges the content of this legal notice as binding upon itself. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy, applicable national legislation, and the legal acts of the European Union.

The data protection policies related to the Data Controller's data processing activities are continuously available at https://emababy.com/adatkezelesi_tajekoztato/ this address.

The Data Controller reserves the right to modify this notice at any time. Of course, the audience will be notified of any changes in due time.

The Data Controller is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect the right of its customers to informational self-determination. The Data Controller handles personal data confidentially and takes all necessary security, technical, and organizational measures to guarantee the security of the data.

The Data Controller describes its data management practices below.

2. Data Controller's details

If you wish to contact us, you can reach the Data Controller at the following email address and phone number.

The Data Controller deletes all incoming emails, along with the personal data contained therein, no later than 5 years after the data was provided.

Name: Ema Design Limited Partnership

Registered address: 1037 Budapest, Tarhos u. 48.

Company registration number: 01 06 511317

Name of the registering court: Metropolitan Court Company Registry

Tax number: 28647379141

Phone number: +36-20/419-5036

Email: info@emababy.com

Data Protection Officer

Name: Huszka-Dobszay Klára

Phone number: +36-20/419-5036

3. Scope of personal data processed

Personal data to be provided during purchase:

  • name
  • home address
  • phone number
  • email address

Technical Data

The Data Controller selects and operates the IT tools used during the provision of the service for the processing of personal data in such a way that the processed data:

  • is accessible to those authorized to access it (availability);   
  • its authenticity and authentication are ensured (authenticity of data processing);
  • its immutability can be verified (data integrity);
  • is protected against unauthorized access (confidentiality of data).

The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction.

The Data Controller ensures the protection of data processing security through technical, organizational and structural measures that provide a level of protection appropriate to the risks associated with data processing.

During data processing, the Data Controller preserves

  • confidentiality: protects information so that only those authorized can access it;
  • integrity: protects the accuracy and completeness of the information and the methods of processing;
  • availability: ensures that when an authorized user needs it, they can actually access the desired information, and that the related tools are available.

Cookies

The role of cookies

  • they collect information about visitors and their devices;
  • they remember visitors' individual settings, which may be used, e.g. when using online transactions, so they do not need to be re-entered;
  • they facilitate the use of the website;
  • they provide a quality user experience.
  • In order to provide personalized service, a small data package, known as a cookie, is placed on the user's computer and read back during subsequent visits. If the browser sends back a previously saved cookie, the service provider managing the cookie has the opportunity to link the user's current visit with previous ones, but exclusively with regard to its own content.

The data storage duration of the given cookie, more information is available here:

Google general cookie information: 

https://www.google.com/policies/technologies/types/

Google Analytics information: 

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

The legal background and basis for cookies:

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the Regulation).

The main characteristics of the cookies used by the website:

Strictly necessary cookies: These cookies are essential for the use of the website and enable the use of the website's basic functions. Without these, many features of the site will not be available to you. The lifetime of these types of cookies is limited exclusively to the duration of the session.

Cookies for improving user experience: These cookies collect information about the user's use of the website, such as which pages they visit most frequently, or what error messages they receive from the website. These cookies do not collect information that identifies the visitor, meaning they work with completely general, anonymous information. The data obtained from these is used to improve the performance of the website. The lifetime of these types of cookies is limited exclusively to the duration of the session.

If you do not accept the use of cookies, certain features will not be available to you. You can find more information about deleting cookies at the following links:

Internet Explorer:

http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox:  https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Safari: 

https://support.apple.com/kb/ph21411?locale=en_US

Chrome: 

https://support.google.com/chrome/answer/95647 )

4. Purpose, method and legal basis of data processing

General data management policies

The data processing activities of the Data Controller are based on voluntary consent or statutory authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of the data processing.

In certain cases, the processing, storage, and transfer of a set of provided data is required by law, of which we will notify our clients separately.

We draw the attention of those providing data to the Data Controller that if they are not providing their own personal data, it is the obligation of the data provider to obtain the consent of the data subject.

Its data management principles are in accordance with the applicable legislation on data protection, in particular the following:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info Act);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR);
  • Act V of 2013 on the Civil Code (Civil Code);
  • Act C of 2000 on Accounting (Accounting Act);
  • – Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing
  • Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises (Credit Institutions Act).

5. Physical storage locations of data

Your personal data (i.e., data that can be associated with your person) may come into our management in the following ways: on the one hand, technical data related to the computer, browser, internet address, and pages visited by you in connection with maintaining the internet connection are automatically generated in our computer system, and on the other hand, you may also provide your name, contact details, or other data if you wish to make personal contact with us during the use of the website.

6. Rights of the data subject and options for enforcement

Within the duration of data processing, you are entitled to the following rights in accordance with the provisions of the Regulation:

  • the right to withdraw consent
  • access to personal data and information related to data processing
  • right to rectification
  • restriction of data processing,
  • right to erasure
  • right to object
  • right to portability.

If you wish to exercise your rights, this will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, for the purpose of identification, you will need to provide personal data (however, identification can only be based on data that the Data Controller already processes about you), and your complaint regarding data processing will be available in the Data Controller's email account within the time period specified in this notice regarding complaints. If you were our customer and wish to identify yourself for the purpose of complaint handling or warranty administration, please also provide your order ID for identification. Using this, we will be able to identify you as a customer.

The Data Controller will respond to complaints related to data processing within a maximum of 30 days.

Right to information

The Data Controller takes appropriate measures to provide all information referred to in Articles 13 and 14 of the GDPR and all notifications pursuant to Articles 15–22 and 34 to data subjects regarding the processing of personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Right of access of the data subject

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed, and if data processing is in progress, you have the right to:

  • obtain access to the personal data being processed and
  • be informed by the Data Controller of the following:
  • the purposes of data processing;
  • the categories of personal data processed about you;
  • information about the recipients or categories of recipients to whom the personal data has been or will be disclosed by the Data Controller;
  • the envisaged period for which the personal data will be stored, or if this is not possible, the criteria used to determine that period;
  • your right to request from the Data Controller the rectification, erasure or restriction of processing of personal data concerning you, and in the case of data processing based on legitimate interest, to object to the processing of such personal data;
  • the right to lodge a complaint with a supervisory authority;
  • if the data was not collected from you, all available information about its source;
  • the fact of automated decision-making (if such a procedure is applied), including profiling, and at least in these cases, intelligible information about the logic applied and the significance of such data processing and the envisaged consequences for you.

The purpose of exercising this right may be to establish and verify the lawfulness of data processing, therefore in the case of multiple requests for information, the Data Controller may charge a reasonable fee in exchange for providing the information.

The Data Controller provides access to personal data by sending you the processed personal data and information by email following your identification. If you have a registration, we provide access by allowing you to view and verify the personal data processed about you by logging into your user account.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request that the Data Controller correct any inaccurate personal data concerning you without undue delay.

Right to erasure

The data subject has the right to request that the Data Controller erase personal data concerning them without undue delay if one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing;
  • the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Data Controller is subject;
  • the personal data have been collected in relation to the offer of information society services.

Erasure of data cannot be initiated if the processing is necessary: for exercising the right to freedom of expression and information; for compliance with a legal obligation which requires processing under Union or Member State law to which the Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health, or for archiving, scientific and historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.

Right to restriction of processing

At the request of the data subject, the Data Controller shall restrict processing if one of the following conditions is met:

  • the data subject contests the accuracy of the personal data, in which case the restriction applies for a period
  • enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override those of the data subject.
  • Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Right to data portability

Where processing is carried out by automated means, or where processing is based on your voluntary consent, you have the right to request that the Data Controller provide you with the data you have provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format, and if technically feasible, you may request that the Data Controller transmit the data in this format to another data controller.

Right to object

The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or processing which is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions. In the event of an objection, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Automated individual decision-making, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Right to withdraw

The data subject is entitled to withdraw their consent at any time.

Right to go to court

In the event of a violation of their rights, the data subject may take legal action against the data controller. The court shall handle the case on a priority basis.

Data protection authority proceedings

A complaint can be filed with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. 

Mailing address: 1530 Budapest, Pf.: 5.

Phone: 0613911400

Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu 

Website: http://www.naih.hu

7. Other provisions

Information about data processing not listed in this notice will be provided at the time the data is collected.

We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may contact the data controller for the purpose of providing information, disclosing, transferring data, or making documents available.

The Data Controller shall only disclose personal data to authorities – provided that the authority has specified the exact purpose and the scope of the data – to the extent that is strictly necessary for the fulfillment of the purpose of the request.