VALBONA LEATHER

personal data processing on the website www.valbonaleather.com operated by

EFFECTIVE: FROM 1 JANUARY TO REVOCATION

Data of the data controller:
Company name: Valbona Leather Bt

Head office: 1048 Budapest, Csíksomlyó utca 4 / A

VAT number:

Registration number:

Phone number: + 36-209-852-226

Email address: hello@valbonaleather.com

The purpose of the Privacy Notice:
The controller acknowledges that the content of this legal notice is binding on them. The purpose of this Data Management Information is to inform your customers and partners regarding the handling of their personal data. The data controller shall process personal data only in accordance with the provisions of the applicable legislation, in strict compliance with the provisions of data management and data protection provisions, taking into account the principles of legality, fairness and transparency, purpose, data saving, accuracy and limited storage.

The controller shall take all technical and organizational measures to ensure that the personal data of its partners are secure in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. as required by this Regulation.

In accordance with the above, the data controller transformed its ordinary activities, developed its regulations, records, sample documents and information.

The data protection policies arising from the data controller’s data management are available at all times at the data controller’s registered office and on its website. The data controller reserves the right to change this information at any time. Of course, you will notify your audience of any changes in a timely manner.

In order to protect the personal data of its committed partners, the data controller considers it extremely important to respect the right of its customers to self-determination of information. The data controller shall treat the personal data confidentially and shall take all security, technical and organizational measures that guarantee the security of the data. The data controller describes his data management practices below.

Personal, material and temporal scope of the Data Management Information:
The personal scope of this Data Protection Prospectus extends to the data controller, as well as to natural persons whose data are contained in the data processing covered by this Prospectus, as well as to persons whose rights or legitimate interests are affected by the data processing.

The material scope of the Prospectus covers all data management arising during the activities of the data controller on the website www.csaladiproblemak.hu. The full Data Management Information of the Data Controller is available at its headquarters, during consultations, lectures and for its clients.

This Prospectus shall enter into force on the date of approval and shall remain in force indefinitely until further notice.

Key concept definitions:
Personal data: any information relating to an identified or identifiable natural person. A natural person may be identified who, directly or indirectly, in particular by means of an identifier, such as a name, number, location, online identifier, or one or more identifiable by a factor.

Specific data: all data belonging to special categories of personal data, ie personal data referring to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and personal data relating to the sexual life or sexual orientation of natural persons.

Health data: personal data relating to the physical or mental health of a natural person, including data relating to health services provided to a natural person which contain information on the natural health of the natural person.

Data management: any operation or set of operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, sorting, storing, transforming or altering, retrieving, viewing, using, transmitting, distributing or otherwise harmonization, interconnection, restriction or destruction.

Data controller: any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Data processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.

Joint controllers: if the purposes and means of data management are jointly defined by two or more controllers, they are considered as joint controllers.

Third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor .

Data subject’s consent: a voluntary, specific and well-informed and clear statement of the data subject’s intention to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or unequivocal statement of confirmation.

Privacy Incident: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal information that is transmitted, stored, or otherwise handled.

Legal data management at the data controller:
Personal data is processed by the data controller only in the following cases:

if the data subject has consented to the processing of his or her personal data for one or more specific purposes,
the processing is necessary for the performance of a contract to which one of the parties is a party,
the data processing is necessary to fulfill the legal obligation of the data controller,
the processing is necessary in order to protect the vital interests of the data subject or of another natural person,
the processing is necessary to safeguard the legitimate interests of the controller or of a third party.
The data controller examines the lawfulness of data management in all phases of its activity, it only handles data and until then, the purpose and legal basis of which it can prove. In the event of the cessation of a condition of a legal basis, the data processing may be continued only if the data controller can prove a suitable other legal basis.

As a general rule, the method of substantiating legal bases must also be examined in the case of a written plea, a legal basis created by implied conduct, whether it can be clearly substantiated afterwards. In case of doubt, for reasons of reasonableness and economy, efforts should be made to confirm in writing the data processing created by the implied conduct.

In the case of consent-based data processing, the data subject gives his or her written consent to the processing of his or her personal data. Consent is not formally binding, but subsequent proof requires written or electronic written consent.

Fulfillment of a legal obligation Data-based data management is independent of the data subject’s consent, as data processing is defined by law.

Irrespective of the mandatory nature of the data processing, the data subject must be informed before the data processing starts and that the data processing is unavoidable, and the data subject must be clearly and in detail informed of all relevant facts concerning the data processing before starting the data processing.

According to the GDPR (General Data Protection Regulation), it is also possible to process personal data if the data processing is necessary for the performance of a contract in which the data subject is a party or the data processing or data collection is necessary . The data controller may process personal data for the purpose of concluding, fulfilling or terminating the contract on the legal basis of the performance of the contract.

Data processors and joint data controllers related to the data controller:
If the processing is carried out by someone else on behalf of the controller, the controller may only use processors who provide adequate guarantees of compliance with the requirements of the General Data Protection Regulation or implement appropriate technical and organizational measures to protect the rights of data subjects.

The controller hereby declares that in the course of his work he will only contact data processors who have an adequate guarantee of compliance with the GDPR Regulation and the implementation of appropriate technical and organizational measures to ensure the protection of the rights of data subjects. Relevant statements from data processors are available.

By reading and acknowledging this Privacy Notice, data subjects agree that the data controller will transfer their personal data to the data processors and joint data controllers listed below.

In connection with the issuance of invoices, the data controller’s partner:

The company providing the hosting of the data controller’s website is also considered a data processor:
MikroVPS Kft.
9985 Felsőszölnök, Hármashatár út 33.

The server of the data controller’s mail system is also a data processor:
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland

and

The server of the data manager’s appointment system is also a data processor:

Additional data processor in connection with sending the newsletter:
The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA

UAB MailerLite,
J. Basanavičiaus 15,
LT-03108 Vilnius, Lithuania

Due to the use of Facebook and Instagram, the data processing and joint data management partner:
Facebook Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland

Due to the use of Google Analytics by the data controller’s website, the data processor:
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland

When storing data in a cloud-based online database, the service provider qualifies as a data processor:
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland
Microsoft Corporation
One Microsoft Way, Redmond, WA 98052-6399.

The data controller’s partner for marketing activities and social network management:
Name: Zsuzsanna Vajda
Headquarters: 5451 Öcsöd, Hunyadi Mátyás út 38.

The contracted data processing and data processing partners handle the personal data of the partners only on the basis of the instructions given by the data controller (except for the application of a legal regulation), assuming the obligation of confidentiality.

Management of children’s data:
The data subject declares on the data controller’s website that he / she has reached the age of 16 regarding the purchase, newsletter subscription, contact form and use of cookies. A person under the age of 16 may not make such purchases, sign up for a newsletter, use the contact form or declare that he or she accepts or rejects cookies used by the website, given that the validity of his legal declaration containing his consent permission is required. The data controller is not in a position to verify the age and entitlement of the consenting party, so the data subject guarantees that the data provided is true.
Procedure used for storing e-mail addresses and telephone numbers:
In the course of its activities, the data controller also learns the e-mail addresses and telephone numbers of its partners and customers. It processes personal data entered in this way, in particular for the purpose of fulfilling its contractual obligations (Article 6 (1) (b) of the General Data Protection Regulation). If the contractual relationship with the partner is terminated and the legal obligation to keep the data does not apply to the storage of data and documents, the telephone numbers and e-mail addresses will be deleted. In some cases, the controller still has a legitimate interest in the retention of the data, in which case he / she requests the explicit and written consent of the data subject to the retention of his / her personal data (Article 6 (1) (a) of the General Data Protection Regulation).

Data controller’s website:

The data controller primarily presents its activities and services on its own website (www.valbonaleather.com). The website also provides visitors with information about the contact details and services of the data controller.

The data controller’s website uses cookies. The legal basis for the processing of personal data obtained by them is the consent of the visitor (Article 6 (1) (a) of the General Data Protection Regulation).
Cookies:

The purpose of cookies:

collect information about visitors and their devices;
memorize visitor custom settings that may be used;
facilitate the use of the website;
provide a quality user experience.
In order to provide customized service, a small data packet, the so-called places a cookie and reads it back at a later visit. If the browser returns a previously saved cookie, the cookie provider has the option to link the user’s current visit to the previous ones, but only for their own content.

Absolutely necessary session Cookies:

The purpose of these cookies is to allow visitors to fully and smoothly browse the website, use its features and the services available there. These types of cookies last until the end of the session (browsing), and when you close the browser, these types of cookies are automatically deleted from your computer or other device used for browsing.

The data subject’s choice regarding the Cookie:
Web Browser Cookies:

In the browser settings, the person concerned can accept or reject the new cookies and delete the existing cookies. You can also set your browser to notify you each time new cookies are placed on your computer or other device. You can find more information about handling cookies in the “help” function of the browser.

If a visitor chooses to turn off some or all cookies, they will not be able to use all the features of the website.

Third Party Cookies (Analytics):

Facebook pixel (Facebook cookie):
A Facebook pixel is a code that is used to report conversions on a website, compile target audiences, and provide the site owner with detailed analytics data about visitors ’use of the website. With the help of the Facebook pixel, personalized offers and advertisements can appear on the Facebook interface for the visitors of the website. The data manager’s website uses the Facebook pixel. The legal basis for data processing is the consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation), which is made by accepting information about the collection of data about cookies, by consenting to the collection of data.

Google Analytics:
The data manager’s website also uses Google Analytics as a third-party cookie. Using Google Analytics, a web analytics service for statistical purposes, the data manager collects information about how visitors use your website. Use the data to improve the website and improve the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in its browser, or until the visitor deletes them until they expire.

If websites or applications use Google Analytics with other Google advertising products, such as Google Ads, they may collect other ad IDs. Users can turn off this feature in their Ads Preferences or change their cookie settings.

Google Analytics collects users’ IP addresses to help protect the security of the service and to allow website owners to get an idea of which country, state, or city their visitors are coming from (also known as “IP geolocation.”). Google Analytics offers the ability to mask collected IP addresses, however, site owners can see users’ IP addresses even when they are not using Google Analytics.

Google Analytics does not match the IP address transmitted by the visitor’s browser with other Google data. You can prevent the storage of cookies by setting the browser software properly, however, in this case the visitor may not be able to use all the functions of the website to the full.
In addition, the visitor may prevent Google from collecting cookies (including its IP address) from the use of cookies and the processing of this data by Google by downloading and installing the browser plugin below the link below.

The current link is http://www.google.com/policies/privacy/ads/.

Google acts as the data processor for Google Analytics and thus the data controller.

According to the provisions of the General Data Protection Regulation (GDPR), Google Analytics is the data processor because Google Analytics collects and processes data on behalf of its customers (such as the data controller) according to the instructions of those customers. Google may only use the data in accordance with the terms of our contracts with Google Analytics customers and the settings you specify in the user interface of your products.

Google Analytics collects internal cookies, device / browser data, IP addresses, and website / application activity. We collect this data because it can be used to measure and report on user activity on websites and / or applications that use Google Analytics. Customers can customize cookies as well as the range of data collected with features such as cookie settings, User-ID, Data Import, and Measurement Protocol.

For customers using the SDK for Google Analytics applications, Google collects an application instance ID. This is a number that is randomly generated by the system when the user first installs an application.
Google Analytics uses IP addresses to infer the geographic location of visitors and to protect the service and its customers. Customers can turn on a feature called IP masquerading, in which Google Analytics uses only a portion of the IP address instead of the entire IP address collected. In addition, customers can override IP addresses on demand with the IP Override feature.

Google uses the data processed in Google Analytics to provide Google Analytics measurement services to its customers. IDs, such as cookies and application instance IDs, measure how users interact with customers’ websites and / or applications. It uses IP addresses to keep the service secure and to give website owners an overview of where their users are from around the world.

The data subject declares that he or she has reached the age of 16 in connection with the use of cookies on the data controller’s website. A person under the age of 16 may not make a statement regarding the use of cookies, given that the validity of his or her legal declaration of consent to data processing under Article 8 (1) of the GDPR requires the permission of his or her legal representative. The data controller is not in a position to verify the age and entitlement of the consenting party, so the data subject guarantees that the data provided is true.

Contact form used on the website:
On the website, the visitor of the site has the opportunity to contact the data controller using a contact form. The name, e-mail address and telephone number of the interested party must be provided on the form. The purpose of the processing of personal data is to contact the visitor of the site and the person interested in the services of the data controller. If the service is not ordered after the contact (reservation of a date), the personal data of the interested party will be deleted immediately, but no later than within 3 working days. The controller processes personal data for the purpose of concluding the contract on this legal basis (Article 6 (1) (b) of the General Data Protection Regulation). By filling in the form, the data subject declares that he / she has read the Data Controller’s Data Management Information and has taken note of its contents.

The data subject declares that he / she has reached the age of 16 regarding the use of the customer contact form on the data controller’s website. A person under the age of 16 may not contact the data controller on the customer contact form, given that the validity of his or her legal declaration of consent to data processing under Article 8 (1) of the GDPR requires the permission of his legal representative. The data controller is not in a position to verify the age and entitlement of the consenting party, so the data subject guarantees that the data provided is true.

Personal data management related to the “Opinions” listed on the website:
The opinions of some previous clients have been displayed on the data controller’s website. Reviews are displayed on the website with a full name and image. The full name, image (possibly other personal data) and opinion of the reviewer will only be displayed on the website if you have given your written, informed and informed consent. The legal basis for the processing of personal data is the explicit and written informed consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation). The data controller shall provide the possibility to withdraw the consent. It handles personal data only until consent is withdrawn.

Newsletter subscription:
It is also possible to subscribe to a newsletter at the data controller. By subscribing to the newsletter, the data subject declares that he / she has read the contents of the Data Controller’s Data Management Information, as well as whether he / she consents to the processing of his / her personal data for marketing purposes (for sending a newsletter). The data subject has the rights written in the Data Management Information and has the opportunity to exercise these rights in the manner and places written there. Accordingly, the legal basis for the processing of personal data during the sending of the newsletter is the explicit and written consent of the subscriber (Article 6 (1) (a) of the General Data Protection Regulation).

The purpose of the data management related to the sending of the newsletter is to provide the recipient with full general or personalized information about the novelties and latest news appearing on the website, in accordance with the relevant and applicable legislation. Subscribing to the newsletter and / or sending mail for DM purposes is based on voluntary consent, the data controller will of course give the data subject the possibility to withdraw his or her consent and unsubscribe from the newsletter at any time.
The data subject declares on the data controller’s website that he or she has reached the age of 16 in connection with the subscription to the newsletter. A person under the age of 16 may not subscribe to the newsletter, given that the validity of his legal declaration of consent to data processing under Article 8 (1) of the GDPR requires the permission of his legal representative. The data controller is not in a position to verify the age and entitlement of the consenting party, so the data subject guarantees that the data provided is true.

Data controller social networking sites:
The data controller also operates a Facebook page, where personal data is also processed. The data controller also promotes its activities and the services it provides on the social site. This page is used by the data controller for marketing purposes, with the additional aim of getting to know its services.

https://www.facebook.com/VALBONAleather

The data controller also provides comprehensive personal support via Facebook. If you ask a question to him via Facebook, he will try to answer it as soon as possible. Use the information you find out on the Facebook page only to answer your question, not for further advertising purposes.

The purpose of using the Facebook page: advertising on social media, communicating information. Facebook may also use the data for its own purposes, including profiling the subject and targeting it with ads.

You must be logged in to contact the data controller via Facebook. For this purpose, Facebook may also request, store and process personal data. The data controller has no influence on the type, scope and processing of this data and does not receive personal data from the Facebook operator. You can find more information on this on the Facebook page.
The personal data of followers on the Facebook page are processed by the data controller in accordance with their consent (Article 6 (1) (a) of the General Data Protection Regulation), the consent is given by the person’s liking, following, posting or commenting on his / her page.

The data controller is also present on the Instagram community page with the following profile:

https://www.instagram.com/valbonaleather/

The personal data of the followers is handled on the Instagram page. The processing is carried out on a legal basis for consent (Article 6 (1) (a) of the General Data Protection Regulation).

Personal data management during the use of cloud-based applications:
The data controller primarily uses cloud-based services for saving, storing and sharing documents. A common feature of such services is that they are not provided by the user’s computer, but by a remote server, a server center located anywhere in the world. Online hosting also provides such a service. The big advantage of cloud applications is that they provide essentially independent, highly secure, flexibly scalable IT storage and processing capacity.

In these cases, the cloud provider can be considered a data processor who processes personal data on behalf of the data controller. Cloud providers are obliged to keep personal data confidential and may only process data on the instructions of the data controller.

The data controller selects its partners providing cloud services with the utmost care, takes all generally expected measures to conclude a contract with them that also takes into account the data security interests of its clients and customers, is transparent to their data management principles and regularly monitors data security.

Cloud-based repositories are password-protected, and only the data controller can access the data stored there.

The data controller’s partners expressly consent to the transfer of data required for the use of cloud-based applications by accepting this Data Management Information. The legal basis for data processing is the consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation).
Complaints handling related to the activities of the data controller:
During the handling of complaints related to the activities of the data controller, the purpose of data management is to enable the communication of the complaint, to identify the data subject and his / her complaint,

In the event of a complaint, the administration and thus the processing of personal data – CLV Act 1997 on Consumer Protection. by law – mandatory. Accordingly, the legal basis for the processing of personal data is the fulfillment of a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation).

The data controller shall keep the record of the complaint and a copy of the response for 5 years, on the basis of which he / she shall also process the personal data during this period.

Security of data management:
The controller undertakes to ensure the security of the data, to take technical and organizational measures and to maintain procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorized use and unauthorized use. unauthorized alteration. It also undertakes to call upon any third party to whom the data is transmitted or transferred to comply with the data security requirement.

The data controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. The processed data may only be disclosed to the data controller and the data processor (s) used by him / her, and shall not be passed on to third parties who are not entitled to access the data.

The data controller pays close attention to the security of the personal data of its customers and partners. It acts in full compliance with the legal provisions and requires all its partners to do the same. The protection of personal data also includes physical data protection (storage of documents in a lockable room protected by a remote monitoring alarm) as well as IT protection (use of anti-virus, password protection).
The data controller stores the personal data provided by the data subject primarily on the servers of the data processor (s) specified in this Data Management Information with standard protection systems, partly on its own IT devices, in case of paper data carrier at its registered office, properly locked.

Data subjects acknowledge and agree that the protection of data on the Internet and in the computer system cannot be fully guaranteed when their personal data is provided. In the event of unauthorized access or disclosure, despite the efforts of the data controller, it is necessary to proceed as described in this prospectus.

Rights of data subjects:
Transparent information:
This Data Management Prospectus also serves the purpose of providing clear, concise, transparent, comprehensible information about the data management activities applied at the data controller.

Access right:
The data subject shall have the right to receive feedback from the controller as to whether the processing of his or her personal data is in progress and, if such processing is in progress, to obtain access to the personal data and the following information:

the purpose of data management,
the categories of personal data concerned,
the recipients to whom the personal data have been communicated,
the intended period for which the personal data will be stored.
You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com
The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to rectification:
The data subject has the right to have inaccurate personal data concerning him or her rectified at his or her request.

You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com

The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right of cancellation:
The data subject has the right to have his or her personal data deleted at the request of the controller. The controller is obliged to delete personal data on the basis of this request if one of the following reasons exists:
personal data are no longer required for the purpose for which they were collected,
the data subject withdraws his or her previous consent and there is no other legal basis for the processing,
the data subject objects to the processing and there is no overriding legitimate reason for the processing,
personal data has been processed unlawfully,
it is necessary to delete the data in order to fulfill a legal obligation under Union or Member State law.
You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com

The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to restrict data management:
The data subject has the right to request that the data controller restrict the data processing, in particular if:

disputes the accuracy of the data,
considers the data processing to be illegal, but for some reason does not request the deletion of the data.
You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com
The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to data portability:
The data subject has the right to receive his or her personal data in a structured, widely used machine-readable format and to transfer this data to another data controller.

You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com

The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

Right to protest:
The data subject has the right to object to the processing of his or her personal data at any time for reasons related to his or her situation, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. as set out in Article 21 of that Regulation.

You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com
The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

The right of the data subject in the case of automated decision-making:
The data subject shall have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effects or would significantly affect him. Automated decision-making is any procedure or methodology in which technical automation assesses the personal characteristics of the data subject and which has a legal effect on him or her or a significant effect on him or her. The data controller does not use IT automations suitable for profiling, which have a significant impact on the data subject’s rights.

You can request information about the above data from the data controller at the following address, e-mail address:

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com
The data controller hereby informs you that he will respond to your request within 30 days. Requests for information sent by post will be answered by post, requests sent by e-mail will be answered by e-mail.

The controller undertakes to inform all recipients to whom he has communicated personal data in connection with the above rights, unless this proves impossible. It also undertakes to notify the person concerned (applicant) of the decision to deal with the above requests within 30 days at the latest.

Privacy incident:
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

In the event of a data protection incident, the level of data security breach must be of a serious risk, so the degree of breach must be such that the personal data:

destruction,
with the loss of
by changing
by unauthorized disclosure or
unauthorized access.
It is considered an incident if any of the above occurs, but this does not preclude several points from occurring at the same time. This includes not only intentional, malicious behavior, but also injuries caused by negligence. An incident therefore occurs when it is caused by an accidental or illegal act.
Examples of privacy incidents include:

illegal transfer of personal data on a document, portable device, data carrier or IT system (eg by correspondence),
unauthorized access to an IT system or application that handles personal data,
damage to or loss of all or part of a database containing personal data,
rendering part or all of the IT system unusable by a virus or other malicious software, etc.
In the absence of appropriate and timely action, a data protection incident may cause physical, pecuniary or non-pecuniary damage to natural persons, including loss of control over their personal data or restriction of their rights, discrimination, identity theft or misuse of identity. , financial loss, unauthorized resolution of pseudonyms, damage to good repute, breach of the confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural persons concerned.

In the event of a potential data protection incident (unless the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons), the controller shall immediately notify the National Data Protection and Freedom of Information Authority. As soon as the data controller becomes aware of the incident, it shall notify it without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident. If the notification cannot be made within 72 hours, the reason for the delay shall be stated and the required information shall be provided in detail, without further undue delay.
To report a data protection incident, the National Data Protection and Freedom of Information Authority operates a system set up for this purpose on its website, through which reports can be made electronically.

The data controller shall keep a record of the data protection incidents, indicating the facts relating to the data protection incident, its effects and the measures taken to remedy it. The controller must keep a record of incidents, including their causes, incidents and the range of personal data involved. It should also include in the register the effects and consequences of the incidents, as well as the measures taken to remedy them and the data controller’s conclusions (for example: why you think the incident is not notifiable or, if it is late, what was the reason for the delay).

It is not necessary to notify the supervisory authority of an incident that is not likely to pose a risk to the rights and freedoms of natural persons.

If the data protection incident is likely to pose a high risk to the rights and freedoms of the controller’s partners and customers, we will immediately inform the affected partner. The information provided to the data subject shall clearly and intelligibly describe the nature of the data protection incident and provide key information and measures.

The data subject need not be informed as above if any of the following conditions are met:
the controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular measures that make the data incomprehensible to persons not authorized to access the personal data;
the controller has taken further measures following the data protection incident to ensure that the high risk to the data subject’s rights and freedoms is no longer likely to materialize;
information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly available information or a similar measure shall be taken to ensure that they are informed in a similarly effective manner.
Information on the relevant legislation:
évi CXII. Act on the Right to Information Self-Determination and Freedom of Information (Info. Act);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 ( General Data Protection Regulation, GDPR);
Act V of 2006 – on the Civil Code (Civil Code);
évi CXLVII. Act on the itemized tax on small tax enterprises and the small business tax.
Right to go to court:
In the event of a breach of his rights, the data subject may take legal action against the data controller. The court is acting out of turn in the case.
Data protection authority procedure:
Complaints can be lodged with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1125 Budapest, Szilágyi Erzsébet avenue 22 / C.

Mailing address: 1530 Budapest, Pf .: 5.

Phone: 003613911400

Fax: 003613911410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

Other provisions:
The data controller shall provide information on data processing not listed in this prospectus when recording the data. In such cases, the provisions of the applicable law shall prevail.

The data controller hereby informs its clients that the court, the prosecutor, the investigating authority, the infringement authority, the administrative authority, the National Data Protection and Freedom of Information Authority, the Magyar Nemzeti Bank or other bodies are authorized to provide information, communicate and transfer data , or contact the data controller to make documents available. The controller shall provide personal data to the authorities, provided that the authority has indicated the precise purpose and scope of the data, only to the extent and to the extent strictly necessary for the purpose of the request.

The Data Protection Authority’s website contains further information on the data protection rights referred to in this Privacy Policy.
Budapest, 1 OCTOBER 2020

Valbona Leather Bt, 1048 Budapest, Csíksomlyó utca 4 / A
Email: hello@valbonaleather.com

ANNEX I
Ssz. Name of the processing of personal data Purpose of the data processing Legal basis of the data processing Deadline for deleting personal data
1. In case of purchasing an online product, the personal data of the buyer (name, address, telephone number, e-mail address). Performance of the contract. Fulfillment of the contractual obligation (Article 6 (1) (b) of the General Data Protection Regulation) followed by fulfillment of the statutory retention obligation (Article 6 (1) (c) of the General Data Protection Regulation). Within 30 days after the expiry of the statutory retention obligation (5 years).
2. Personal data on the invoice issued to customers (in the case of a natural person, sole proprietor). Fulfillment of legal obligation, issuance of the invoice. Fulfillment of a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation). Within 30 days after the expiry of the statutory retention obligation (5 years).
3. Data management related to incoming e-mails (senders’ e-mail addresses), telephone numbers. In order to fulfill a contractual obligation or on the basis of consent. Fulfillment of a contractual obligation (Article 6 (1) (b) of the General Data Protection Regulation) or consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation). In the event of withdrawal of consent, immediately. Within 10 working days after the termination of the contract, unless legislation provides for a retention obligation in connection with the contract (within 30 days after the expiry of the obligation).4. Personal data obtained by the data controller during the use of the Facebook and Instagram pages. To promote the services of the data controller in order to share information. Consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation). Immediately after withdrawal of consent.
5. Personal data recorded during the collection of data by cookies managed by the website. Increasing the user experience, website development, statistical goal. With the consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation). Immediately after withdrawal of consent, but no later than 3 working days.
6. Personal data (eg name, image) that may be provided during the publication of the opinions indicated on the website. Reference, to promote the service. Consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation). Immediately after withdrawal of consent.
7. Personal data (name, e-mail address, telephone number) provided when using the contact form on the website. For contact purposes. To establish a contract (Article 6 (1) (b) of the General Data Protection Regulation). Immediately after the contact, but no later than within 3 working days, unless the contractual relationship is established.
8. Personal data provided during the subscription to the newsletter (name, e-mail address). To send a newsletter. With the consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation). Immediately after withdrawal of consent.
9. Personal data obtained during the complaint handling. To identify and handle the complaint. Fulfillment of a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation). Within 30 days after the expiry of the statutory retention obligation (5 years).

premium quality

local production

zero waste

secure payment

Phone

+36 20 985 2226

+49 174 4433 223

Email

hello@valbonaleather.com

Stores

GERMANY:

LILO CONCEPT STORE

Untere Hainstrasse 21A, Oberursel, D-61440

————————

HUNGARY:

Esmé Hungarian Desinger Store

Győr 

ZOE -50%
No prize
Next time
Almost!
WALLET -25%
CARDHOLDER -35%
No Prize
No luck today
Almost!
CROSSBODY -40%
No prize
Unlucky
SPIN IT - WIN IT - LOVE IT SUMMER EDITION !

Here's a game, wanna play? Spin the wheel between the 25.7.2021- 10.08.2021 and try your luck to win exclusive VALBONA Leather prizes. Simply add your e-mail address here below and get lucky with us. Winners will be notified and receive their winning coupon via e-mail, it is therefore important to add a valid e-mail address. 

Our in-house rules:
  • One game per user
  • Cheaters will be disqualified.