Data and Privacy

Data Controller

• Name: Erisz'92 Ltd.
• Registered Office: 2040 Budaörs, Liliom u. 2/a
• Mailing Address, Complaints: 2040 Budaörs, Liliom u. 2/a
• Email: info@tenshibag.hu
• Phone Number: +36702024458
• Website: https://tenshibag.com

Hosting Service Provider

• Name: 
• Mailing Address: 
• Email: 
• Phone Number:

Description of Data Processing During the Operation of the Online Shop This document contains all relevant data processing information related to the operation of the online shop in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation, GDPR) and Act No. CXII of 2011 (hereinafter: Info Act).

Information Regarding the Use of Cookies

What is a cookie?

The Data Controller uses so-called cookies during the visit to the website. A cookie is an information package consisting of letters and numbers that our website sends to your browser with the aim of saving certain settings, facilitating the use of our website, and contributing to collecting some relevant statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for the individual identification of users. However, some of them contain an individual identifier—a secret, randomly generated number—stored on your device, thereby ensuring your identifiability. The operational duration of individual cookies is described in the relevant cookie descriptions.

Legal Background and Basis of Cookies:

Fundamentally, three types of cookies are distinguished: essential cookies for operation, which serve the proper functioning of the website, statistical cookies, and marketing cookies.

The legal basis for data processing is the consent of the user for statistical and marketing cookies, according to Article 6(1)(a) of the Regulation, and, for the operationally necessary cookies, the legitimate interest in ensuring the operation of the website, according to Article 6(1)(f) of the Regulation.

Key Features of Cookies Used on the Website:

Essential Cookies for Operation: If you do not accept the use of these cookies, certain functions may not be available to you.

Strictly Necessary Cookies: These cookies are essential for using the website and enable the basic functions of the website. Without them, many functions of the site will not be accessible to you. The lifespan of these cookies is limited to the session duration.

Session Cookies: These cookies store the visitor's location, browser language, and payment currency. Their lifespan is either until the browser is closed or a maximum of 2 hours.

Cookie Acceptance Cookie: Upon arriving on the site, you accept the statement about storing cookies in the warning window. Its lifespan is 365 days.

Barion Pixel Cookies: Barion Payment Ltd. uses cookies (ba_vid, ba_vid.xxx, and ba_sid) to prevent fraud during the use of Barion payment solution, managing personal data (profiles). The purpose of ba_vid is to detect credit card fraud based on the device's digital fingerprint and browsing habits of the user. ba_vid.xxx tracks browsing habits between two sessions on the same website. The purpose of ba_sid is to identify the session on Barion Ltd.'s websites. The storage duration for ba_vid and ba_vid.xxx is 1.5 years from the last update, and for ba_sid, it is 30 minutes. Barion Ltd. stores this data. The Barion Cookie Policy can be found here: https://www.barion.com/en/cookie-information/

Statistical Cookies: Google Analytics Cookie: Google Analytics, a Google analytics tool, helps website and app owners get a more accurate picture of their visitors' activities. The service uses cookies to collect information and generate reports on statistical data about website usage without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reports based on website usage statistics, Google Analytics, along with some of the advertising cookies mentioned earlier, can be used to display more relevant ads in Google products (such as Google Search) and across the internet.

Cookies for Improving User Experience: These cookies collect information about the user's website usage, such as the most frequently visited pages or error messages received from the website. These cookies do not collect identifying information about the visitor; they work with entirely general, anonymous information. The data obtained from these cookies is used to improve the website's performance. The lifespan of these cookies is limited to the session duration.

Cart Cookie: Records products placed in the cart. Its lifespan is 365 days.

Marketing Cookies: Google Adwords Cookie: When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to customize ads in Google products, such as Google Search. These cookies are used, for example, to remember your most recent searches, interactions with ads, or visits to advertiser websites. The AdWords conversion tracking feature uses cookies to store on the user's computer the sales and other conversions resulting from clicking on an ad. The common applications of cookies include selecting ads based on what is relevant to the individual user, improving performance reports for campaigns, and avoiding the display of ads that the user has already seen.

Remarketing Cookies: Ads may appear on other websites in the Google Display Network when browsing or searching for expressions related to previous visits or interactions with products or services.

Facebook Pixel (Facebook Cookie): The Facebook pixel is a code that generates reports on conversions, creates target audiences, and provides detailed analysis data on visitor website usage. With the Facebook pixel, the website can display personalized offers and ads to visitors on the Facebook platform. You can review Facebook's data processing policy here: https://www.facebook.com/privacy/explanation

For more information on deleting cookies, you can visit the following links:

• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Contracting and Performance-Related Data Processing

Multiple data processing activities may take place for the purpose of contracting and performance. Please note that data processing related to complaints and warranty handling only occurs if you exercise one of the mentioned rights.

If you are just a visitor to the webshop without making a purchase, the information provided under marketing-related data processing may apply to you if you give us marketing consent.

Details of data processing for contracting and performance:

Contact

For example, if you contact us via email, a contact form, or phone with questions about a product. Preliminary contact is not mandatory, and you can order from the webshop at any time even without prior contact.

Processed Data

Data provided by you during the contact.

Duration of Data Processing

The data is processed until the contact is concluded.

Legal Basis for Data Processing

Your voluntary consent, given through the contact. [Article 6(1)(a) of the Regulation]

Registration on the Website

Storing the data provided during registration allows the Data Controller to provide more convenient services (e.g., not having to re-enter data for future purchases). Registration is not a prerequisite for contracting.

Processed Data

During registration, the Data Controller processes your email address, characteristics of purchased products, and the time of purchase.

Duration of Data Processing

Until the withdrawal of consent.

Legal Basis for Data Processing

Your voluntary consent given through registration. [Article 6(1)(a) of the Regulation]

Order Processing

Processing orders involves data processing activities necessary for the performance of the contract.

Processed Data

During order processing, the Data Controller processes your name, address, phone number, email address, characteristics of purchased products, order number, and the time of purchase.

If you have placed an order on the webshop, data processing and providing data are essential for the performance of the contract.

Duration of Data Processing

The data is kept for 5 years according to the civil law statute of limitations.

Legal Basis for Data Processing

Performance of the contract. [Article 6(1)(b) of the Regulation]

Issuing Invoices

Data processing for invoicing and fulfilling the obligation of accounting document retention is carried out in accordance with legal requirements. According to Section 169(1)-(2) of the Act on Accounting, economic entities must keep accounting documents that directly or indirectly support the accounting settlement.

Processed Data

Name, address, email address, phone number.

Duration of Data Processing

Issued invoices must be kept for 8 years according to Section 169(2) of the Act on Accounting.

Legal Basis for Data Processing

Issuing invoices is mandatory according to Section 159(1) of Act CXXVII of 2007 on Value Added Tax, and retention is required for 8 years according to Section 169(2) of Act C of 2000 on Accounting. [Article 6(1)(c) of the Regulation]

Data Processing Related to Product Delivery

Data processing related to the delivery of ordered products is carried out for the purpose of fulfilling the contract.

Processed Data

Name, address, email address, phone number.

Duration of Data Processing

The Data Controller processes the data until the ordered goods are delivered.

Legal Basis for Data Processing

Performance of the contract. [Article 6(1)(b) of the Regulation]

Recipients and Data Processors of Data Processing Related to Product Delivery:

• Name of Recipient: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
• Registered Office of Recipient: 2351 Alsónémedi, GLS Európa u. 2. Recipient's
• Phone Number: 06-29-88-67-00
• Recipient's Email Address: info@gls-hungary.com
• Recipient's Website: https://gls-group.eu/HU/hu/home

The courier service collaborates with the Data Controller in delivering the ordered goods based on a contractual agreement. The courier service processes the received personal data according to the information in its accessible data processing information on the website.

Handling Warranty and Guarantee Claims

Warranty and guarantee claims must be processed according to the regulations of Government Decree 19/2014 (IV. 29.) NGM, which also outlines how such claims should be managed.

Processed Data

When handling warranty and guarantee claims, we must follow the regulations of Government Decree 19/2014 (IV. 29.) NGM.

According to the decree, when a warranty or guarantee claim is reported to us, we are obligated to create a report that includes:

• a) Your name, address, and a statement consenting to the processing of your data recorded in the report as specified by the regulation,
• b) The designation of the movable item sold under the contract between you and us, its purchase price,
• c) The date of contract fulfillment,
• d) The date of reporting the defect,
• e) Description of the defect,
• f) The right you wish to exercise based on the warranty or guarantee claim,
• g) The method of settling the warranty or guarantee claim or the reason for rejecting the claim or the right you wish to assert.

If we receive the product purchased by you, we must issue an acceptance acknowledgment, which should include:

• a) Your name and address,
• b) Necessary data for identifying the item,
• c) The date of item acceptance, and
• d) The time when you can receive the corrected item.

Duration of Data Processing

The business is obliged to keep the warranty or guarantee claim report for three years from its creation and present it upon request by the supervisory authority.

Legal Basis for Data Processing

The legal basis for data processing is compliance with legal obligations according to Government Decree 19/2014 (IV. 29.) NGM [Section 4(1) and Section 6(1)] [Article 6(1)(c) of the Regulation].

Handling Other Consumer Protection Complaints

Data processing for managing consumer protection complaints is carried out. If you file a complaint with us, data processing and providing data are essential.

Processed Data

Buyer's name, phone number, email address, complaint content.

Duration of Data Processing

Guarantee complaints are kept for 5 years according to the Consumer Protection Act.

Legal Basis for Data Processing

Whether you file a complaint is your voluntary decision; however, if you do, we are obliged to keep the complaint for 3 years according to Section 17/A(7) of Act CLV of 1997 on Consumer Protection [Article 6(1)(c) of the Regulation].

Data Processed Regarding the Confirmation of Consent

During registration, order placement, or subscribing to newsletters, the information system stores data related to consent for later verification purposes.

Processed Data

Date of consent and the IP address of the data subject.

Duration of Data Processing

Due to legal requirements, consent must be verifiable later; therefore, data storage lasts until the expiration of the limitation period following the termination of data processing.

Legal Basis for Data Processing

This obligation is prescribed by Article 7(1) of the Regulation [Article 6(1)(c) of the Regulation].

Marketing Data Processing

Newsletter Subscription Data Processing

The data processing procedure is carried out for the purpose of sending newsletters.

Processed Data

Full name, email address

Duration of Data Processing

Until the withdrawal of the data subject's consent.

Legal Basis for Data Processing

Your voluntary consent, provided by subscribing to the newsletter [Data Processing according to Article 6(1)(a) of the Regulation]

Remarketing

Data processing as part of remarketing activities is carried out using cookies.

Processed Data

Data managed by cookies as specified in the cookie policy.

Duration of Data Processing

The storage period of the respective cookie. Further information is available here:

Google General Cookie Policy: https://www.google.com/policies/technologies/types/

Google Analytics Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Facebook Information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal Basis for Data Processing

Your voluntary consent, provided by using the website [Data Processing according to Article 6(1)(a) of the Regulation]

Contest

The data processing procedure is carried out for the organization of contests.

Processed Data

Name, email address, phone number.

Duration of Data Processing

The data will be deleted after the conclusion of the contest, except for the winner's data, which the Data Processor is required to retain for 8 years according to the Accounting Act.

Legal Basis for Data Processing

Your voluntary consent, provided by using the website [Data Processing according to Article 6(1)(a) of the Regulation]

Additional Data Processing

If the Data Controller intends to carry out further data processing, prior information will be provided about the essential circumstances of data processing (legal background and basis, purpose of data processing, scope of processed data, duration of data processing).

Recipients of Personal Data

Data Storage-Related Data Processing

• Processor Name: Hydra Solutions Kft.
• Processor Contact Information:
• Phone:
• Email: info@hydrasolutions.hu
• Address: 1036 Budapest, Lajos utca 131, 6th floor 32.
• Website: http://hydrasolutions.hu/

The Processor, based on the contract with the Data Controller, performs the storage of personal data. The Processor is not authorized to access the personal data.

Data Processing Related to Newsletter Distribution

• Company Operating the Newsletter System: The Rocket Science Group LLC.

• Company Headquarters: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
• Company Phone: [Not provided]
• Company Email: privacy@mailchimp.com
• Company Website: mailchimp.com

The Processor collaborates with the Data Controller in sending out newsletters based on the contract between them. In this process, the Processor handles the name and email address of the concerned individual to the extent necessary for newsletter distribution.

Invoicing-Related Data Processing

• Processor: KBOSS.hu Kft.

• Processor Headquarters: [Not provided]
• Processor Phone: [Not provided]
• Processor Email: info@szamlazz.hu
• Processor Website: szamlazz.hu

The Processor collaborates with the Data Controller in maintaining accounting documents based on the contract between them. In this process, the Processor handles the name and address of the concerned individual to the extent necessary for accounting records, following the duration specified in Section 169(2) of the Accounting Act, after which the data is deleted.

Online Payment Data Processing

Data Controller: Barion Payment Zrt.

• Data Controller Headquarters: Budapest, Infopark stny. 1, 1117
• Data Controller Phone: +3614647099
• Data Controller Email: [Not provided]
• Data Controller Website: barion.com

The payment service provider collaborates with the Data Controller in executing online payments based on the contract between them. For this purpose, during the purchase process, data transmission occurs to the online payment service provider. In this process, the online payment service provider handles the name and address for billing, order number, and timestamp of the order according to its own data processing rules.

Purpose of Data Transmission: Providing transaction data necessary for the online payment service provider for the initiated payment transaction.

Legal Basis for Data Transmission: Pursuant to Article 6(1)(b) of the Regulation, the fulfillment of the contract between you and the Data Controller, which includes payment on the buyer's part, and for online payments, the data transmission specified in this section is necessary for the payment.

Rights During Data Processing

During the data processing period, you are entitled to the following rights according to the provisions of the Regulation:

• Right to withdraw consent.
• Right of access to personal data and information about data processing.
• Right to rectification.
• Right to restrict processing.
• Right to erasure.
• Right to object.
• Right to data portability.

If you wish to exercise these rights, your identification is required, and the Data Controller must necessarily communicate with you. Therefore, providing personal data will be necessary for identification (but identification can only be based on data that the Data Controller otherwise processes about you), and your complaints about data processing will be available in the Data Controller's email account within the specified time frame in this information. If you were our customer and would like to identify yourself for complaint handling or warranty processing, please provide your order ID for identification. Using this, we can identify you as a customer.

The Data Controller shall respond to data processing complaints within 30 days at the latest.

Right to Withdraw Consent

You are entitled to withdraw your consent to data processing at any time, and in such cases, the provided data will be deleted from our systems. Please note that in the case of unfulfilled orders, withdrawal may result in our inability to deliver to you. Also, if the purchase has already taken place, according to accounting regulations, we cannot delete billing-related data from our systems. Additionally, if you have an outstanding debt, we may process your data even after consent withdrawal based on the legitimate interest of debt collection.

Right of Access to Personal Data

You are entitled to receive feedback from the Data Controller on whether the processing of your personal data is ongoing, and if so, you have the right to:

• Access the processed personal data.
• Be informed by the Data Controller about the following:
  • The purposes of data processing.
  • The categories of personal data processed about you.
  • Information about recipients or categories of recipients with whom or which the Data Controller has communicated or will communicate personal data.
  • The planned duration of personal data storage, or if this is not possible, the criteria for determining this duration.
  • Your right to request from the Data Controller rectification, erasure, or restriction of processing of your personal data, and to object to such processing.
  • Your right to lodge a complaint with a supervisory authority.
  • If the data was not collected from you, any available information as to their source.
  • The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of data processing; therefore, in the case of repeated information requests, the Data Controller may charge a fair fee for providing the information.

The Data Controller ensures access to personal data by sending you the processed personal data and information by email after your identification. If you have registration, we provide access by allowing you to view and verify the personal data processed about you by logging into your user account.

Please specify in your request whether you request access to personal data or information about data processing.

Right to Rectification

You have the right to request the Data Controller to correct your inaccurate personal data without undue delay upon your request.

Right to Restriction of Processing

You have the right to request the Data Controller to restrict processing if one of the following applies:

• You contest the accuracy of the personal data, in which case the restriction applies for the period allowing the Data Controller to verify the accuracy of the personal data.
• The processing is unlawful, and you oppose the erasure of the personal data and request the restriction

• You contest the accuracy of the personal data, in which case the restriction applies for the period allowing the Data Controller to verify the accuracy of the personal data.
• The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
• The Data Controller no longer needs the personal data for the purposes of processing, but they are required by you for the establishment, exercise, or defense of legal claims.
• You have objected to processing pending the verification whether the legitimate grounds of the Data Controller override yours.

If processing is restricted, personal data, with the exception of storage, may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We inform you in advance if the restriction is lifted.

Right to Erasure

You have the right to request the Data Controller to erase your personal data without undue delay, and the Data Controller is obliged to erase your personal data without undue delay if one of the following grounds applies:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You withdraw consent on which the processing is based, and there is no other legal ground for the processing.
• You object to the processing, and there are no overriding legitimate grounds for the processing.
• The personal data have been unlawfully processed.
• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
• The personal data have been collected in relation to the offer of information society services.

The Data Controller is not obliged to erase personal data if processing is necessary:

• For exercising the right of freedom of expression and information.
• For compliance with a legal obligation that requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• For reasons of public interest in the area of public health.
• For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing.
• For the establishment, exercise, or defense of legal claims.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the Regulation, including profiling based on those provisions.

The Data Controller shall no longer process your personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided.

You have the right to have the personal data transmitted directly from one Data Controller to another where technically feasible.

Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that has legal effects on you or similarly significantly affects you. In these cases, the Data Controller must take appropriate measures to protect your rights, freedoms, and legitimate interests, including the right to request human intervention, express your opinion, and contest the decision.

The above does not apply if the decision:

• Is necessary for the conclusion or performance of a contract between you and the Data Controller.
• Is authorized by Union or Member State law applicable to the Data Controller and that law also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests, or
• Is based on your explicit consent.

Registration in the Data Protection Records

In accordance with the provisions of the Information Act, the Data Controller had to register certain data processing activities in the data protection records. This obligation ceased on May 25, 2018.

Data Security Measures

The Data Controller declares that adequate security measures have been implemented to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as from accidental destruction and damage and becoming inaccessible due to changes in technology.

The Data Controller, to the extent of organizational and technical possibilities, ensures that Data Processors also implement appropriate data security measures when processing your personal data.

Remedies

If you believe that the Data Controller has violated any legal provisions regarding data processing or has not fulfilled your request, you may initiate an investigation by the National Authority for Data Protection and Freedom of Information (address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969, +36 (30) 549-6838; +36 (1) 391 1400).

Furthermore, if there is a breach of legal provisions on data processing or if the Data Controller has not fulfilled your request, you may file a civil lawsuit against the Data Controller.

Modification of the Privacy Notice

The Data Controller reserves the right to modify this privacy notice in a manner that does not affect the purpose and legal basis of data processing. By using the website after the effective date of the modification, you accept the modified privacy notice.

If the Data Controller intends to carry out further data processing for purposes other than the original purpose of collection, you will be informed before such processing about:

• The duration of storage of personal data or, if not possible, the criteria used to determine that duration.
• Your right to request access to, correction, deletion, or restriction of processing of your personal data, and the right to object to the processing based on legitimate interests, consent, or a contractual relationship, and the right to data portability.
• If the processing is based on consent, that you have the right to withdraw your consent at any time.
• Your right to lodge a complaint with the supervisory authority.
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and what the consequences of failure to provide such data might be.
• The fact of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Data processing can only commence after obtaining your additional consent, if the legal basis for processing is consent, and you must also consent beyond the information provided.