Privacy Policy
For the websites of iSauna Design Gyártó, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
iSauna Design Kft. (CRN: 13-09-161868; its registered office at: H-9174 Dunaszeg, Liget u. 11.) hereby informs the users of the (www.saunamanufacture.com, www.outdoorisaunahouse.uk ) webistes managed by it about data handling, in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter: GDPR).
Upon formulating the provisions of this policy, the company considered the provisions of the following regulations: General Data Protection Regulation (EU) 2016/679 (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Privacy Act), Act V of 2013 on the Civil Code of Hungary, Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial, Act CVIII of 2001 on certain issues of electronic commerce services and information society services, Act C of 2000 on Accounting (with regard to accounting evidence and its preservation), Act CXIX of 1995. on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of January 28th, 1981 as proclaimed by the Hungarian Parliament in Act VI of 1988, and the recommendations of ONLINE PRIVACY ALLIANCE.
iSauna Design Kft may at any time amend this privacy policy at its sole discretion. This privacy policy will be published at the www.isaunahome.com website. This privacy policy shall enter into force on the date of its publication.
1.1 Data set: all data handled within one record;
1.2 Data processing: regardless of the applied procedure, it means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.3 Controller: means the person which, alone or jointly with others, determines the purposes and means of the processing of data.
As concerns the services referred to in this policy, the following entity shall be regarded as data controller: • iSauna Design Kft. (CRN: 13-09-161868; its registered office at: H-9174 Dunaszeg, Liget u. 11.) hereinafter: ‘Controller’). The Controller is a company registered in Hungary which owns websites hosted and developed by it, related social media platforms and a webshop.
1.4 Personal data or data: means any information relating to an identified or identifiable natural person (‘data subject’).
1.5 Processor: means a service provider which processes personal data on behalf of the Controller.
1.6 Website(s): websites and related social media platforms hosted by the the Controller.
1.7 Service(s): services provided by the Controller.
1.8. User: such natural persons who provide their data as specified in section 2. while using the services and within their framework.
1.9. Employee: natural persons employed by the Controller or having other employment relationship with the Controller.
1.10. Potential employee: natural persons applying for a vacancy advertised by the Controller.
1.11. Exteral service provider: third party service providers used by the Controller which, in order to provide their services are or might be forwarded personal data, and which may transmit personal data to the Controller. External service providers also include service providers not cooperating with the Controller, however, by having access to the websites of the services, they collect data about the users, which individually or in connection with other data may allow them to the identify users.
1.12. Policy: this privacy policy of the Controller.
1.13. Data destruction: total phyisical destruction of data carriers.
1.14. Transmission of data: means to disclose data to particular third parties; Publication: means to disclose data to anybody;
1.15. Deletion of datas: making data unrecognizable in such way that they may not be restored;
1.16. Automated data set: data series processed by automated means;
1.17. Automatic processing: includes the following operations if they are partly or entirely performed by automated means: data storage, logic and arithmetic shift operations, data alterations, deletion, retrieval and dissemination.
1.18. System: the set of technical solutions operating online available sites and services of the Controller and its partners.
2. Scope of the processed personal data
2.1. In case a user visits any website interfaces, the Controller’s system automatically records the user’s IP address.
2.2 Pursuant to the user’s decision, the Controller may process the following data related to the usage of services available through the webistes: name, address, location, phone number, email address, portrait, user registration number registered by the Controller, contents of telephone conversations with the Controller.
2.3 In case users send any messages (e.g. e-mail, reader’s letter) to any services or contact them via telephone, the Controller will record the user’s address, email address, phone number and time of the call, and will process these within the scope and period as required by providing its services.
2.4 As regards the presenters and participants of events organised by the Controller, the Controller will process the following personal data: name, title (PhD, prof. etc.), email address, function, phone munber, second phone number, the related company, sectorial and activity interest, memberships providing discounts, biographical data of the presenters.
2.5 As regards occassional prize competitions organised by the Controller, the following personal data are processed: name, date of birth, address, email address, telephone number, occupation, pension fund membership and name of the particular pension fund, personal data specified in the advertisements of prize competitions.
2.6 As regards the webshop service, the Controller may process the following personal data: name, address, location, telephone number, email address, personal data provided by the user for invoicing, and personal data related to the selected items for purchase and to the selected payment method.
2.7 As regards the contracts of the Controller, it may process the name, telephone number and email address of the legal or authorised representative of the contracting party or of the contractual contact person .
2.8 Regardless of the aforementioned, it may happen that a service provider technically related to service providing performs data processing on any of the websites, without having the Controller informed about it. Such activity shall not be deemed as data processing by the Controller. Controller will make its best efforts to avoid and eliminate such data processing.
3. Which personal data are processed, how long are they processed and used, and according to what kind of authorisation?
Legal basis for our data processing is as follows:
a) Article 6 (1) a) of GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (hereinafter: Consent);
b) Article 6 (1) b) of GDPR: processing is necessary for the performance of a contract to which the user is party (hereinafter: Performance of a contract)
c) Article 6 (1) c) of GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (such as accounting or bookkeeping obligations (hereinafter: Compliance with a legal obligation)
d) rticle 6 (1) f) of GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter: Legitimate interest)
e) Article 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Act on E-Commerce) , according to which service providers may process personal data (name, maiden name, mother’s maiden name, date and place of birth, address) of the recipient of the service, suitable and sufficient for the identification thereof, for the purpose of drawing up the contract for the information society service, determining and modifying the contents thereof, monitoring the performance thereof, billing the charges arising therefrom as well as enforcing the claims related thereto; for the purpose of billing the charges arising under the contract for the information society service (hereinafter: Act on E-Commerce.)
As regards the lawfulness of data processing, please find them determined according to data categories and data processing pruposes below.
3.1. As regards data processing related to the general use of websites hosted by iSauna Design Kft.
A |
B |
C |
D |
E |
F |
Concerned |
data category |
Data source |
Purpose of data processing |
Legal basis |
Period of data processing |
Registered user |
ID of the performed transaction |
originating from the concerned (person) |
Contract formation, defining its contents, its amendment, its performance Billing of charges arising from the contract Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): Act on E-Commerce , Art. 13/A.
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR
as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
Amount of the performed transaction |
originating from the concerned (person) |
Contract formation, defining its contents, its amendment, its performance Billing of charges arising from the contract Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): Act on E-Commerce , Art. 13/A.
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR
as for purposes included in column D, b): Article 6 (1) c) of GDPR - performing legal obligations as specified - issuing bills
as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
8 years from the deletion of registration, required for the performance of the contract and for billing, by the user (reason: billing data). |
|
Subject of the executed transaction (purchased products. services) |
originating from the concerned (person) |
Contract formation, defining its contents, its amendment, its performance Billing of charges arising from the contract Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): Act on E-Commerce , Art. 13/A.
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR
as for purposes included in column D, b): Article 6 (1) c) of GDPR - performing legal obligations as specified - issuing bills
as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
8 years from the deletion of registration, required for the performance of the contract and for billing, by the user (reason: billing data).
|
|
Shipping address |
originating from the concerned (person) |
Contract formation, defining its contents, its amendment, its performance Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a): Act on E-Commerce , Art. 13/A.
as for purposes included in column D, a): execution of contracts as specified in Article 6 (1) b) of GDPR
as for purposes included in column D, b): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
|
Billing name and address |
originating from the concerned (person) |
Contract formation, defining its contents, its amendment, its performance Billing of charges arising from the contract Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): Act on E-Commerce , Art. 13/A.
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR
as for purposes included in column D, b): Article 6 (1) c) of GDPR - performing legal obligations as specified - issuing bills
as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
8 years from the deletion of registration, required for the performance of the contract and for billing, by the user (reason: billing data).
|
|
GPS coordinates, provided that the user has ageed to them |
Collected from mobile devices |
Profiling - behaviour-based advertising, knowing customer preferences |
consent as specified in Article 6 (1) a) of GDPR |
until its revocation. |
|
data stored and forwarded by iSauna Home application: manufacturing number, IP, port, last sauna data |
Collected from the Sauna application |
Viewing errors |
Data marked with * are obligatory, usage is impossible without it, provision of these data is a prerequisite for concluding a contract.
Users may object to data processing based on the aforementioned legal interest by sending an email to iSauna Design Kft. at: info@saunamanufacture.com
The Controller is iSauna Design Kft.
4. Personal data processed service-specifically within certain services offered by the websites and webshop hosted by iSauna Design Kft.
4.1. Credit card registration within certain services offered by the websites hosted by iSauna Design Kft.
A |
B |
C |
D |
E |
F |
Concerned |
data category |
Data source |
Purpose of data processing |
Legal basis |
Period of data processing |
Registered user |
Name as specified on the credit card |
originating from the concerned (person) |
a) Contract formation, defining its contents, its amendment, its performance b) User identification c) Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
credit card number* |
originating from the concerned (person) |
a) Contract formation, defining its contents, its amendment, its performance b) User identification c) Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
|
expiry date* |
originating from the concerned (person) |
a) Contract formation, defining its contents, its amendment, its performance b) User identification c) Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
|
name of the issuing bank |
originating from the concerned (person) |
a) Contract formation, defining its contents, its amendment, its performance b) User identification c) Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
|
CVV/CVC code* |
originating from the concerned (person) |
a) Contract formation, defining its contents, its amendment, its performance b) User identification c) Enforcing claims and enforcement, preventing frauds, their management |
as for purposes included in column D, a) and b): execution of contracts as specified in Article 6 (1) b) of GDPR as for purposes included in column D, c): Article 6 (1) f) of GDPR - Legal interest |
Until legal obligations and legal inteterst persist. |
|
credit card name |
originating from the concerned (person) |
a) Contract formation, defining its contents, its amendment, its performance |
execution of contracts as specified in Article 6 (1) b) of GDPR |
Until legal obligations and legal inteterst persist. |
Data marked with * are obligatory, without them credit card registration is unavailable.
Users may object to data processing based on the aforementioned legal interest by sending an email to iSauna Design Kft. at: info@saunamanufacture.com
The Controller is iSauna Design Kft.
5. Which of your data are collected automatically, why do we do profiling and how can this affect you?
Which of your data are collected automatically, and by what means?
While using the websites and webshop hosted by iSauna Design Kft. small programmes, cookies and similar technologies are applied on the users’ mobile devices in order to promote identification and to help to identify the users’ data.
When visiting the webistes and using the services, cookies are inserted in the browser of the users and in HTML-based emails, in accordance with this privacy policy.
Generally, a cookie is a small file consisting of alphanumeric characters, sent from our server to the device of the user. Cookies allow us to specify when a user last visited the website; the main objective of using cookies is to provide users with personalized offers and advertising, which cutomize user experience during the usage of the website, and reflect the user’s personal needs and requirements.
5.2. The purpose of cookies used by the service provider
a) Security: supporting and ensuring security, and assisting the service provider in detecting infringements.
b) Preferences, features and services: cookies are able to inform the service provider about language and communication preferences of the user, help the user to fill in forms on the website and make their use easier.
c) Advertising: The service provider may use cookies to show relevant advertisements to the user on the website and outside it. Such cookies may also be used which provide information on whether users who have seen certain advertisements on the website, would visit the advertisers’ website in the future. Similarly, business partners of the service provider may also use cookies to determine whether the service provider published their advertisements on its website and how it performed, and may inform the service provider about the user’s attitude towards the advertisements. The service provider may cooperate with partners who show advertisements to the user on the website and outside it, after the user has visited the partner’s website.
d) Performace, analysis and research: such cookies help the service provider to assess how the website peforms at different places. The service provider may use such cookies that assess, improve and explore the website, the products, the functions and services, including such events when the user accesses the website from other websites, and devices, such as the user’s computer or mobile device.
5.3. Types of cookies used by the service provider
a) analysis, tracking cookies;
b) session cookies which are active only during the particular session (a visit to the website or a browsing session);
c) persistent cookies help to identify the user as a valid user, which enables them to return to the website without logging in. After the user has signed in, persistent cookies remain in the user’s browser, and the website will be able to read it when the user returns to the webiste.
Adobe Flash is another technology with identical functions. Adobe Flash is able to store data on the user’s device. However, not all browsers enable the removal of Adobe Flash cookies. Users may restrict or block Adobe Flash cookies through the Adobe website. In case the user restricts/blocks them, some functions of the website may not be available.
5.4. Cookies used by third parties:
Some reliable partners assist the service provider to display advertisements on the website and outside it, and analytics service providers, such as the Google Analytics, Quantcast, Nielsen, ComScore may place cookies on the user’s device.
Users may block the use of Google cookies on the turn off ads by Google site .
The http://www.networkadvertising.org/choices/ link enables users to disable the cookies of other external service providers.
5.5. Checking and controlling cookies:
Most browsers enable users to control the use of cookies through the settings. Nevertheless, if users restrict the use of cookies on the website, it may spoil the user experience, as it won’t be customized any more. Users may furthermore block the saving of customized settings, such as login information.
In case users do not want the service provider to use cookies, they may disable the use of some cookies in the settings menu. In order to make itself aware of the fact that the user has disabled the use of certain cookies, the service provider places a block cookie on the user’s device, thus it will know that it shall not apply cookies when the user visits the website next time. In case users do not wish to get cookies, they may change the browser’s settings on their computer. In case users use the website without applying any changes in the browser settings, the service provider regards it as the user’s consent to being sent any cookies on the website. The website does not function properly without cookies.
For more information about cookies, including their types, management and deletion, please visit the wikipedi.org page or the www.allaboutcookies.org, or www.aboutcookies.org websites.
Users may control cookies at the following links as well: https:www.aboutads.info/choices and https://www.youronlinechoices.eu.
6. Who processes your personal data and who is granted access to them?
The controller
The Controller of your data other than those specified in this privacy policy is iSauna Design Kft., whose contacts and company data are as follows:
iSauna Design Kft.
Company registration no. 13-09-161868
VAT number: 24386106-2-43
Its registered office at: H-9174 Dunaszeg, Liget u. 11.
Address: HU-9174 Dunaszeg, Liget út 11
its representative: Balázs Csaba general manager
(his contact data are as follows: +36 70 362 5830, balazs.csaba@szaunagyartas.hu)
Email: info@szaunagyartas.hu
Telephone: +36 96 312 230
As for iSauna Design Kft., the company employees may access your data as indispensable for performing their tasks. Access to your personal data is strictly regulated in internal rules.
Dara processors
For the purposes of processing your data, iSauna Design Kft. may contract a data processing agent in accordance with the applicable legislation, and forward your data to such data processors to the extent necessary. All contact data (name, address, email address, telephone number) as well as survey and market research related information provided by you in the future will be managed and processed jointly (not separated or anonymised).
7. Who is the data protection officer of iSauna Design Kft. and what are his contact data?
Pursuant to the relevant legislation, iSauna Design Kft. is not obliged to appoint or employ a data protection officer.
8. What are your rights concerning personal data processing and how are they enforced?
a) Right of access: you may request information on what data are processed by us, for what purposes and how long, who we transmit them and where we collect your data from.
b) Right to rectification: in case your data change or we have recorded them erroneously, you are entitled to request their correction, amendment and clarification.
c) Right to erasure: as specified in the relevant legislation, you are entitled to request the deletion of your data processed by us.
d) Right to restriction of processing: as specified in the relevant legislation, you are entitled to request us to restrict data handling/processing.
e) Right to data portability: you may request to have the personal data transmitted, to request your data to be given to you, or based on such special request, to have them transmitted to another service provider as specified by you.
In case you submit such request, we will proceed as specified in the relevant legislation, and we will inform you within one month about our applied measures.
f) Right to revocation: when your data are processed in accordance with your consent, you have the right to revoke your consent at any time, however it will not affect the lawfulness of our previous data processing.
g) Right to complain: in case you experience any kind of infringement on your rights, you shall be entitled to submit a complaint to the competent supervisory body: Hungarian National Authority for Data Protection and Freedom of Information; website: http://naih.hu; Address: 1530 Budapest, Pf.: 5. E-mail: ugyfelszolgalat@naih.hu; Telephone: +36 (1) 391-1400
Furthermore, if personal data protection is infringed, you may bring an action against iSauna Design Llc. at the Municipal Court.
h) Right to object:
- In case your data are processed based on legitimate interests, you have the right to object agaist such data processing, based on legitimate interests.
- You also have the right to object at any time to processing of personal data which includes profiling.
If you object to processing for such reason, your personal data shall no longer be processed for such purposes.
9. How is the safety of your data granted?
To ensure the security of data and information processed by us, we apply strict security provisions which are binding for all our emloyees and which all of them are familiar with and apply.
Our employees are regularly educated and trained with respect to data and information security requirements.
Personal data are stored on our own central server, and access to it is granted only to a limited group of persons and employees. Our IT systems are tested and checked regularly, from time to time in order to provide for and maintain data and IT security.
Office workstations are protected with passwords, the use of external data carriers is restricted, and allowed only under limited and safe conditions, after due validation.
All systems and system units of the company are regularly and continually protected against harmful software.
Upon designing, developing, testing and operating programs, applications and tools, security functions are given priority and managed separately.
Access codes (such as passwords) are stored and forwarded in encrypted form, and data related to the system’s security (e.g. passwords, authorisation, logs) are duly protected.
10. What measures are taken in case privacy incidents occur?
As specified by the applicable legislation, we report the privacy incident to the supervisory bodies within 72 hours of its detection, and keep records of privacy incidents. We also inform the affected users as required by the applicable legislation.
11. When and how this privacy policy is amended?
In case the range of processed data or any conditions and circumstances of data processing change, this privacy policy will, according to the provisions of GDPR, be amended and the new version pubished within 30 days at www.saunamanufacture.com and www.outdoorisaunahouse.uk Changes will also be reported in the webshop. Please read the amendments of this privacy policy carefully as they include important information about the processing of your personal data.
Dunaszeg, 27th of May 2022