Privacy Policy

Data Controller
Name: Margarita Remeikaite, e.v
Registered Office: 1068 Budapest, Benczur utca 41, doorbell 17.
Tax number: 57582304-1-41
1068 Budapest, Benczur utca 41, doorbell 17.
Email: margarita.remeikaite0902@gmail.com
Website: https://yoginimargarita.com/

Hosting Provider
Name: Hostinger UK Limited
Mailing Address: Nwms Center, 31 Southampton Row, Office 3.11, 3rd Floor, London, England, WC1B 5HJ
Email Address: : gdpr@hostinger.com

Website: www.hostinger.com

Description of Data Processing in the Operation of the Webshop

Information on the Use of Cookies

The Data Controller uses so-called cookies during the visit to the website. A cookie is a package of information consisting of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website, and help collect some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying individual users, while some contain an individual identifier – a secret, randomly generated string – that your device stores, ensuring your identification. The duration of operation of the individual cookies is described in the relevant descriptions of the cookies.

Legal Background and Legal Basis of Cookies:

The legal basis for data processing is your consent under Article 6(1)(a) of the Regulation.

Main Characteristics of Cookies Used by the Website:

Session cookie: These cookies store the visitor’s location, the browser language, and the currency for payment. Their lifetime is the closing of the browser or a maximum of 2 hours.

Age-restricted content cookie: These cookies record the approval of age-restricted content and whether the individual is over 18 years old. Their lifetime lasts until the browser is closed.

Referer cookies: They record the external site from which the visitor arrived at the site. Their lifetime lasts until the browser is closed.

Last viewed product cookie: Records the products last viewed by the visitor. Their lifetime is 60 days.

Last viewed category cookie: Records the last viewed category. Their lifetime is 60 days.

Recommended products cookie: In the “recommend to a friend” function, it records the list of products to be recommended. Their lifetime is 60 days.

Mobile version, design cookie: Detects the device used by the visitor and switches to full view on mobile. Their lifetime is 365 days.

Cookie acceptance cookie: Upon arrival at the site, it stores acceptance of the cookie storage declaration in the warning window. Its lifetime is 365 days.

Cart cookie: Records the products placed in the cart. Their lifetime is 365 days.

Smart offer cookie: Records the conditions for displaying smart offers (e.g., whether the visitor has already been to the site, whether there is an order). Their lifetime is 30 days.

Logout #2 cookie: According to option #2, the system logs out the visitor after 90 days. Its lifetime is 90 days.

Backend identifier cookie: The identifier of the backend server serving the site. Its lifetime lasts until the browser is closed.

Google Adwords cookie: When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies – such as NID and SID cookies – to personalize ads displayed in Google products, such as Google Search. These cookies are used, for example, to remember your recent searches, interactions with specific advertisers’ ads or search results, and visits to advertisers’ websites. The AdWords conversion tracking function uses cookies. It saves cookies on the user’s computer when they click on an ad to track sales and other conversions resulting from the ad. Common uses of cookies include selecting ads based on what is relevant to the user, improving reports on campaign performance, and avoiding displaying ads that the user has already seen.

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and app owners gain a clearer picture of what their visitors are doing. The service may use cookies to collect information and compile reports on website usage statistics without identifying individual visitors to Google. The primary cookie used by Google Analytics is the “__ga” cookie. In addition to reporting on website usage statistics, the data collected by Google Analytics may be used together with some advertising cookies mentioned above to show more relevant ads in Google products (such as Google Search) and across the web.

Remarketing cookies: Ads may appear for previous visitors or users while browsing other websites on the Google Display Network or searching for terms related to your products or services.

Strictly necessary cookies for operation: These cookies are essential for using the website and enable the basic functions of the website. Without them, many features of the site would not be available to you. The lifetime of these types of cookies is limited to the duration of the session.

Cookies to improve user experience: These cookies collect information about how users use the website, such as which pages they visit most often or what error messages they receive from the website. These cookies do not collect personally identifiable information, meaning they work entirely with general, anonymous data. We use the information obtained from them to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

Session cookie: These cookies store the visitor’s location, browser language, and currency for payment. Their lifetime is the closing of the browser or a maximum of 2 hours.

Age-restricted content cookie: These cookies record the approval of age-restricted content and whether the individual is over 18 years old. Their lifetime lasts until the browser is closed.

Referer cookies: They record the external site from which the visitor arrived at the site. Their lifetime lasts until the browser is closed.

Last viewed product cookie: Records the products last viewed by the visitor. Their lifetime is 60 days.

Last viewed category cookie: Records the last viewed category. Their lifetime is 60 days.

Recommended products cookie: In the “recommend to a friend” function, it records the list of products to be recommended. Their lifetime is 60 days.

Mobile version, design cookie: Detects the device used by the visitor and switches to full view on mobile. Their lifetime is 365 days.

Cookie acceptance cookie: Upon arrival at the site, it stores acceptance of the cookie storage declaration in the warning window. Its lifetime is 365 days.

Cart cookie: Records the products placed in the cart. Their lifetime is 365 days.

Smart offer cookie: Records the conditions for displaying smart offers (e.g., whether the visitor has already been to the site, whether there is an order). Their lifetime is 30 days.

Logout #2 cookie: According to option #2, the system logs out the visitor after 90 days. Its lifetime is 90 days.

Backend identifier cookie: The identifier of the backend server serving the site. Its lifetime lasts until the browser is closed.

Facebook pixel (Facebook cookie): The Facebook pixel is a code that allows reporting on conversions, building audiences, and obtaining detailed analytics data on how visitors use the website. With the Facebook pixel, personalized offers and ads can be shown to visitors on Facebook. You can review Facebook’s data management policy here: https://www.facebook.com/privacy/explanation

If you do not accept the use of cookies, certain features will not be available to you. For more information on deleting cookies, please refer to the following links:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Data processed for contract conclusion and fulfillment

Multiple data processing activities may take place for contract conclusion and fulfillment. Please note that data processing related to complaint handling and warranty management will only occur if you exercise one of these rights.

If you do not make a purchase through the webshop but only visit the webshop, the data processing rules related to marketing purposes may apply to you if you give us consent for marketing purposes.

Details of data processing for contract conclusion and fulfillment:

Contact

For example, if you contact us via email, contact form, or phone with a question about a product. Preliminary contact is not mandatory, and you can place an order from the webshop without it.

Processed data:

The data you provide during the contact process: 

– Email address 

– Phone number 

– Facebook Messenger

Duration of data processing:

The data is only processed until the contact is completed.

Legal basis for data processing:

Your voluntary consent provided by initiating the contact. [Data processing according to Article 6(1)(a) of the GDPR]

Registration on the website

By storing the data provided during registration, the Data Controller can provide more convenient services (e.g., the data does not need to be re-entered for future purchases). Registration is not a condition for contract conclusion.

Processed data:

The Data Controller processes your name, address, phone number, email address, the characteristics of the purchased product, and the date of purchase.

Duration of data processing:

Until the withdrawal of your consent.

Legal basis for data processing:

Your voluntary consent given during registration. [Data processing according to Article 6(1)(a) of the GDPR]

Handling of other consumer protection complaints

The data processing activity takes place for handling consumer protection complaints.

If you submit a complaint to us, data processing and providing data is essential.

Processed data:

Customer’s name, phone number, email address, and the content of the complaint.

Duration of data processing:

Consumer complaints are retained for 5 years in accordance with consumer protection law.

Legal basis for data processing:

Whether or not you file a complaint is your voluntary decision; however, if you do, we are required to retain the complaint for 5 years according to Section 17/A(7) of Act CLV of 1997 on Consumer Protection. [Data processing according to Article 6(1)(c) of the GDPR]

Data processed for the proof of consent

During registration, placing an order, or subscribing to the newsletter, the IT system stores the technical data of consent for later proof.

**Processed data:**

The date of consent and the IP address of the affected person.

 

**Duration of data processing:**

Due to legal obligations, consent must be provable later, so the data is stored until the statute of limitations after the termination of data processing.

**Legal basis for data processing:**

Article 7(1) of the GDPR mandates this obligation. [Data processing according to Article 6(1)(c) of the GDPR]

**Further data processing**

If the Data Controller intends to carry out further data processing, it provides prior information about the relevant circumstances of the data processing (the legal basis and purpose of the data processing, the scope of processed data, the duration of data processing).

Please note that the Data Controller is required to fulfill the written data requests of authorities based on legal authorizations. The Data Controller maintains records of data transfers according to Section 15(2)-(3) of the Information Act, specifying which authorities received personal data, under what legal basis, and when. Upon request, the Data Controller will provide information about the content of the records unless prohibited by law.

Recipients of personal data

Data storage processing

**Data processor’s name:** Hostinger UK Limited

**Data processor’s contact details:**

Email address: gdpr@hostinger.com

Address: Nwms Center, 31 Southampton Row, Office 3.11, 3rd Floor, London, England, WC1B 5HJ

Website: www.hostinger.com

The Data Processor performs data storage on behalf of the Data Controller based on the contract. The Data Processor is not entitled to access personal data.

**Invoicing-related data processing**

**Data processor’s name:** KBOSS. hu Kft.

**Data processor’s address:** 1031 Budapest, Záhony utca 7.

**Data processor’s email address:** info@szamlazz.hu

**Data processor’s website:** https://www.szamlazz.hu/

The Data Processor cooperates with the Data Controller for accounting record keeping. During this process, the Data Processor processes the affected person’s name and address as required for accounting purposes, retaining the data for the time required under Section 169(2) of the Accounting Act before deleting it.

**Online payment-related data processing**

**Data processor’s name:** Touch Me Soft doo (Ameila booking system)

**Data processor’s address:** Milutina Milankovica street no. 11B, Belgrade, Serbia

**Data processor’s email address:** support@tms-outsource.com.

The Data Processor cooperates with the Data Controller to execute online payments. The Data Processor processes the billing name, address, order number, and order date of the affected person for the duration of the civil statute of limitations.

**Data processor’s name:** Stripe Inc

**Data processor’s address:** 354 Oyster Point Boulevard, San Francisco, California, 94103

**Data processor’s website:** www.stripe.com

The Data Processor cooperates with the Data Controller to execute online payments. The Data Processor processes the billing name, address, order number, and order date of the affected person for the duration of the civil statute of limitations.

**Your rights regarding data processing**

During the period of data processing, you are entitled to the following rights under the GDPR:

– The right to withdraw consent

– The right to access personal data and information related to data processing

– The right to rectification

– The right to restriction of data processing

– The right to erasure

– The right to object

– The right to data portability

If you wish to exercise your rights, this involves your identification, and the Data Controller must necessarily communicate with you. Therefore, you will be required to provide personal data for identification purposes (but identification can only be based on data that the Data Controller already processes about you), and the Data Controller’s email account will be accessible for handling your data-related complaints within the time period specified in this notice. If you are a customer and wish to identify yourself for complaint management or warranty handling, please also provide your order ID. This will allow us to identify you as a customer.

The Data Controller will respond to data processing complaints within 30 days.

Right to withdraw consent

You are entitled to withdraw your consent to data processing at any time, and we will delete the provided data from our systems. Please note, however, that withdrawal in the case of an unfulfilled order may result in us being unable to deliver the product to you. Additionally, if the purchase has been completed, we cannot delete data related to invoicing due to accounting requirements, and if you have an outstanding debt to us, we may continue to process your data for legitimate interest even after the withdrawal of consent.

Right to access personal data

You are entitled to receive confirmation from the Data Controller as to whether your personal data is being processed, and if so, you have the right to:

– Access the personal data processed about you, and 

– Be informed by the Data Controller about the following:

  – The purposes of data processing;

  – The categories of personal data processed about you;

  – Information about recipients or categories of recipients to whom personal data have been or will be disclosed;

  – The planned duration of personal data storage, or if not possible, the criteria used to determine this duration;

  – Your right to request rectification, erasure, or restriction of the processing of personal data, or to object to such processing based on legitimate interest;

  – The right to lodge a complaint with a supervisory authority;

  – If the data were not collected from you, any available information about their source;

  – The existence of automated decision-making, including profiling, and meaningful information about the logic involved and the significance and expected consequences of such processing.

The purpose of exercising this right is to verify and control the lawfulness of data processing, and therefore the Data Controller may charge a reasonable fee for repeated requests for information.

The Data Controller ensures access to personal data by sending you the processed personal data and information via email after verifying your identity. If you are registered, access is provided by allowing you to view and review the personal data processed about you in your user account.

Please specify in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request the Data Controller to correct inaccurate personal data concerning you without undue delay.

Right to restrict data processing

You have the right to request the Data Controller to restrict data processing if any of the following conditions apply:

– You dispute the accuracy of the personal data, in which case the restriction applies for the period enabling the Data Controller to verify the accuracy of the personal data. If the accurate data can be immediately determined, no restriction will be applied;

– The data processing is unlawful, but you object to the erasure of the data for any reason (for example, because the data is important to you for asserting legal claims), and instead request the restriction of their use;

– The Data Controller no longer needs the personal data for the specified purpose, but you need the data for the establishment, exercise, or defense of legal claims; or

– You objected to the data processing, but the Data Controller’s legitimate interest may also justify the processing. In such cases, until it is determined whose legitimate interests prevail, the data processing must be restricted.

If data processing is restricted, personal data, with the exception of storage, may only be processed with your consent or for the establishment, exercise, or defense of legal claims or the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or a Member State.

The Data Controller will notify you in advance (at least 3 business days prior) before lifting the restriction on data processing.

Right to erasure – right to be forgotten

You have the right to request the Data Controller to delete personal data concerning you without undue delay if one of the following reasons applies:

– The personal data is no longer necessary for the purpose for which it was collected or otherwise processed;

– You withdraw your consent, and there is no other legal basis for the data processing;

– You object to data processing based on legitimate interest, and there are no overriding legitimate grounds for the data processing;

– The personal data has been unlawfully processed, and this is confirmed following a complaint;

– The personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject.

If the Data Controller has made the personal data public for any legitimate reason and is obliged to delete it for any of the reasons above, it must take reasonable steps, including technical measures, considering available technology and the cost of implementation, to inform other data controllers processing the data that you have requested the deletion of any links to, or copies or replicas of, the personal data.

The right to erasure does not apply if the data processing is necessary for:

– The exercise of the right of freedom of expression and information;

– Compliance with a legal obligation that requires processing under Union or Member State law to which the Data Controller is subject (such as the retention of invoices, as required by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

– The establishment, exercise, or defense of legal claims (e.g., if the Data Controller has a claim against you that has not yet been fulfilled, or if there is an ongoing consumer or data protection complaint).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, based on legitimate interest. In such cases, the Data Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling, to the extent that it is related to such direct marketing. If you object to data processing for direct marketing purposes, personal data can no longer be processed for this purpose.

Right to data portability

If data processing is carried out by automated means or if the data processing is based on your voluntary consent, you have the right to request the Data Controller to receive the personal data concerning you, which you have provided to the Data Controller, in xml, JSON, or csv format. If it is technically feasible, you can request that the Data Controller transmit this data directly to another data controller in this format.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. In such cases, the Data Controller must implement appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention, express your point of view, and contest the decision.

The above does not apply if the decision:

– Is necessary for entering into, or performance of, a contract between you and the Data Controller;

– Is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests; or

– Is based on your explicit consent.

Registering with the Data Protection Authority

Data protection registration number:

Security measures for data protection

The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage, and against inaccessibility caused by changes in technology.

The Data Controller makes every effort, within its organizational and technical capabilities, to ensure that its data processors also implement appropriate data security measures when handling your personal data.

Legal remedies

If you believe that the Data Controller has violated any legal provisions regarding data processing or has failed to comply with any of your requests, you may initiate an investigation by the National Authority for Data Protection and Freedom of Information to stop the alleged unlawful data processing (mailing address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu).

You are also informed that if the legal provisions related to data processing are violated or if the Data Controller fails to comply with any of your requests, you may file a civil lawsuit against the Data Controller.

Modification of the Data Processing Policy

The Data Controller reserves the right to modify this Data Processing Policy in a way that does not affect the purpose and legal basis of the data processing. By continuing to use the website after the modification takes effect, you accept the modified Data Processing Policy.

If the Data Controller intends to process the collected data for a purpose other than the original purpose,

 it will inform you in advance about the purpose of the further data processing and the following information:

– The duration of personal data storage, or if this is not possible, the criteria used to determine this period;

– Your right to request access to, rectification, or erasure of personal data, or to restrict data processing, and your right to object to data processing based on legitimate interest, as well as your right to data portability in the case of data processing based on consent or contractual relations;

– If data processing is based on consent, the right to withdraw consent at any time;

– The right to lodge a complaint with a supervisory authority;

– Whether the provision of personal data is a legal or contractual requirement or a requirement necessary to enter into a contract, and whether you are obliged to provide the personal data, as well as the possible consequences of failure to provide such data;

– The existence of automated decision-making (if applicable), including profiling, and at least in such cases, meaningful information about the logic involved and the significance and expected consequences of such processing.

Data processing may only begin after providing this information, and if the legal basis for the data processing is consent, you must also provide your consent in addition to the information.

This document contains all relevant data processing information regarding the webshop’s operation in accordance with Regulation (EU) 2016/679 of the European Union (GDPR) and Act CXII of 2011 on Information Self-Determination and Freedom of Information.