Loading... Please wait...

Privacy Policy

PRIVACY POLICY

 What is this about?

By browsing our website, purchasing our products or just subscribing to our newsletter you will eventually get in touch with us by providing some of your personal data. Since we completely respect your privacy and are committed to protect it at all times, we would like to explain to you what data we collect, how we do it and what we do with it.

This is important, so please take time to read this Privacy Policy (“Policy”) very carefully. If you have any questions, please do not hesitate to contact us via info@diotoys.com before moving on.

Table of Contents

1. Definitions
2. Application of the Policy
3. Information on the Controller
4. What rights and remedies you have
5. Scope of data processing
5.1. What kind of personal data we collect & process
5.2. How we collect & process your personal data
5.3. How long we keep your personal data
5.4. Who has access to your personal data (data transferring)
5.5. How we protect your personal data
6. Purposes
7. Cookie-policy
8. Liability
9. Exceptions related to Companies 
10. Governing laws

1. Definitions

The following concepts shall have the meaning throughout the entire Policy as defined below regardless of the use of drop letters. All concepts that are not described hereunder are defined in the Terms & Conditions (“Terms”) which you can find in the Terms menu.

1.1. “Controller” means Eszter Réka Diósi, a legal entity corporation formed under the laws of Hungary (see further information in Section 10). Eszter Réka Diósi determines the purposes and means of the processing of your personal data and is held accountable for the lawful, fair and transparent use of it. Diotoys means also its successors. “Us” and "we" are both synonymous with Diotoys, and references to "our" is construed accordingly.

1.2. “Cookies” are small pieces of text or log files containing information about you and the connection between you and your web server. It also may include the following data: your device’s Internet Protocol (IP) address, the type and version of your browser, the pages of the Website that you visit, the time and date of your visit, the time spent on those pages and other statistics.

Cookies are created on your device and sent by your browser allowing us to recognize you and by analyzing the received data we can make your next visit simpler and easier to you. It also allows us to authenticate Users and prevent fraudulent use of the Accounts and to track your browsing habits while you use the Website so that we can enhance the Website’s performance.

You can erase Cookies from your device and you can also block them, preferably with the Settings/Help (or alike) function of your browser. If you do so, you consent to that the Website’s performance might not be optimal or may not function as intended.

1.3. “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. The GDPR contains all major regulations that the Controller must follow at all times when processing your personal data.

1.4. “Legal basis of processing” means a justified legal ground by which we are entitled to process your personal data. In this Privacy, you can read about four different legal basis as follows:

a) “Consent” means your permission actively given (e.g. by ticking a checkbox) to us by free will that allows us to process your personal data according to this Policy.

b) “Contractual obligation” means an obligation to which we committed ourselves in the Contract (performance of contract). In order to fulfill this contractual obligation (e.g. to provide guarantee and warranty rights), we have to process your data so that we can make sure that you are entitled to enforce such rights.

c) “Legitimate interest” means a sufficiently justified reason why we need to process your personal data without your previously given consent.

d) “Mandatory by law” means a specific regulation of a Hungarian legislation that requires the processing of your data regardless of your consent or the potential withdrawal of your consent.

1.5. “Personal data” or simply “data” means in general any information by which you can be identified directly (e.g. by full name) or indirectly (e.g. by e-mail address). However, we specifically describe hereunder which personal data we collect of you.

1.6. “Personal data breach” means in general any breach of security that might lead to the harm of your personal data, including erasure, loss, alteration, disclosure or access.

1.7. “Processing” means in general any operation which is performed on your personal data, including collection, storage, use, transferring or erasure.

1.8. “Processor” means a specific legal entity which processes personal data on behalf of the Controller. You can read more about the Processors in Section 4.

1.9. “Purpose” means a specific goal of data processing for which goal we process your personal data. You can read more about these purposes in Section 6.

1.10. “Supervisory Authority” means the Hungarian National Authority for Data Protection and Freedom of Information which supervises the data processing of the Controller. Contact:

a) Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c. (Hungary)
b) E-mail: ugyfelszolgalat@naih.hu
c) Website: naih.hu
d) Phone: +36 (1) 391-1400

1.11. “Third party” means any person / legal entity other than you or the Controller / Processor.

2. Application of the Policy

2.1. This Policy describes and governs how we collect and process some of your personal data. Therefore, this Policy will apply in this matter from the first moment of recording your personal data until all your data are erased from our databases.

2.2. Please note that this is not a regular contract, however there are both rights and obligations deriving from it applying for both you and us.

2.3. This Policy must be interpreted jointly with the Terms.

2.4. This Policy is in Hungarian and English but is governed solely by the laws of Hungary and the GDPR, regardless of your shipping address / place of residence or the laws of your nationality or the actual location of Diotoys’s use.

3. Information on the Controller

Full name: Eszter Réka Diósi
(in Hungarian: Diósi Réka Eszter egyéni vállalkozó)
Represented by: Eszter Réka Diósi
Company registration number: 33643298
Court of Registry: Registry Court of Budapest-Capital Regional Court
Tax number: 66304470143
Registered seat: 1118 Budapest, Nedecvár utca 4. (Hungary)
Place of business: 1118 Budapest, Nedecvár utca 4. (Hungary)
Mail address: 1118 Budapest, Nedecvár utca 4. (Hungary)
E-mail address: info@diotoys.com
Website: www.diotoys.com

4. What rights and remedies you have

4.1. Here we inform you about the rights that you can enforce and the remedies that you have if there is a legal dispute between you and the Controller. You can enforce these rights from the moment we record your personal data until the erasure of such data anytime and free of charge or any precondition (unless indicated otherwise).

4.2. We will provide the requested information or action to take without undue delay and in any event within one month of receipt of the request. If you contact us via electronic form, we will reply the same way unless you explicitly request otherwise.

4.3. Right of access to your data: you have the right to obtain information from the Controller about whether we process any of your personal data and if so:
a) what are the purposes of the processing;
b) which data categories are being processed & for how long & from what sources;
c) to whom the personal data have been or will be disclosed or transferred;
d) what rights and remedies you have related to the above.

4.4. Right to correction of your data: you have the right to obtain the correction of your inaccurate personal data from the Controller, including the completion of any incomplete personal data.

4.5. Right to erasure: you have the right to obtain the erasure of your personal data from the Controller. However, you cannot request the erasure of your data if the processing of such data is mandatory by law or if we might need it for the establishment, exercise or defense of our potential legal claims.

4.6. Right to restriction: you have the right to obtain the restriction of processing from the Controller in any of the following cases:
a) you contest the accuracy of your data: the restriction will last until the Controller verifies the accuracy of such data;
b) you feel that our processing is unlawful but you do not want your data to be erased;
c) we inform you that we no longer need to process your data but you require them hereafter for the establishment, exercise or defense of your potential legal claims;
d) you have objected to processing of your data: the restriction will last until the Controller examines if the legitimate grounds of the Controller override those of your objection.

We will inform you in every case before the restriction of processing is lifted.

4.7. Right to data portability: you have the right to receive your personal data that you provided to the Controller, in pdf format and you have the right to transmit those data to another data controller in a structured, commonly used and machine readable format. You have also the right to have your data transmitted directly from the Controller to another, if this is technically feasible. 

You have this right of data portability only if we have processed those data upon consent or contractual obligation.

4.8. Right to object: you have the right to object to processing of your personal data on grounds relating to your particular situation at any time. You have this right to object only if we have processed those data upon our legitimate interest. However, you do not have the right to object if we might need those data for the establishment, exercise or defense of our potential legal claims.

4.9. Right to withdraw consent: you have the right to withdraw your consent at any time via any of the following contact information:
a) by mail: 1118 Budapest, Nedecvár utca 4. (Hungary)
b) by e-mail: info@diotoys.com
c) by phone: +36 (30) 251 77 38 (only between 10 AM and 16 PM CET)

Please note that the withdrawal of your consent will not affect the lawfulness of our processing based on your consent before its withdrawal.

4.10. Right to lodge a complaint: you have the right to lodge a complaint to the Supervisory Authority if you feel that there has been a harm of your personal data while processing or there is a potential risk of that or the regulations of the GDPR have been infringed by the Controller (see contact information in Section 4). You can also lodge your complaint to the supervisory authority of your residence as well.

4.11. Right to judicial remedy: you have the right to judicial remedy if you consider that your rights under this Policy and the GDPR have been infringed as a result of the processing of your data in non-compliance with the GDPR. You also have this right against a legally binding decision of any supervisory authority concerning you.

4.12. Right to compensation / restitution: you have the right to compensation and restitution from the Controller or the Processor if you have suffered material or non-material damage as a result of an infringement of the GDPR for the damage suffered. You only have the right to receive compensation / restitution if you bring your case before court. 

5. Scope of data processing

5.1. What kind of personal data we collect & process

We only collect and process our Users’ and Customers’ personal data who visit our Website, buy our Products or otherwise use our services. We do not knowingly collect children’s personal data under any circumstances. We do not collect sensitive personal data either.

a) There is a category within personal data that we actually process:

1. account data, such as: full name, birth date, phone number, billing information, shipping address, purchase history, online ID (e-mail, password)

b) You can find a complete list of the actually processed personal data at each purpose in Section 6.

5.2. How we collect & process your personal data

a) In the first round, we collect your personal data on our website: when you fill out a form (e.g. to register, to buy a Product or to send us a feedback) and click on the Register/Purchase/Submit button after ticking the checkbox that you have read and understood this Policy, your data is registered in our servers provided by Google, in our mailing system provided by Mdaemon Technologies.

d) It is important to know that if you click on the “Purchase” (or alike) button when finishing shopping, you will reach a subpage, where you can pay the subtotal price of the ordered Product via Paypal. These payment data usually is: your email address.

Please note that we neither process nor store your payment data you provide. We only receive a unique ID of your order from Bigcommerce which does not contain any payment data whatsoever.

Paypal
Corporate Headquarters

2211 North First Street San Jose, California 95131

e) In some cases, we transfer your personal data to a Processor for a specific reasons. You can read more about the possible data transferring in Section 4.

f) Unless you inform us otherwise (opt out) when you sign the Contract or anytime later, we will process account identifiers, consumption data and operational data for profiling purposes. This means that we, based on your account identifiers, consumption data and operational data will evaluate your preferences, and interests in different products provided by us. We use this data to provide you with customized information and news about our products and special offers to analyze how our service can be improved.

If you do not want your personal data to be processed for purposes relating to direct marketing based on your profile you may contact us by email.

5.3. How long we keep your personal data

a) We store and process personal data until it is necessary to reach the specified purpose. We also provide some services on a continuous base (e.g. newsletter) in which case this necessary time period cannot be defined in advance. 

b) Regardless of the necessary time period, we only process your personal data until you withdraw your consent. 

c) We also have to process some of your personal data as long as it is mandatory by law.

5.4. Who has access to your personal data (data transferring)

As a general rule, only the Controller and its employees and co-workers have access to your personal data. However, in some cases we need to grant access to a third party or directly transfer your data to one of our business partners so that we can fulfill the Contract and properly provide our services and meet our commitments.

Here we give you a list about the Processors who might access to your personal data for the purposes specified below. These companies can only process your data according to the Controller’s instructions under any circumstances.

a) Bigcommerce is the online provider of our webstore which helps us maintain our online store and helps you walk through the process of purchasing.

BigCommerce, Inc.
11305 Four Points

Austin, TX 78726

b) MDaemon is an online mailing system .

MDaemon Technologies, Ltd.
4550 State Highway 360, Suite 100
Grapevine, TX 76051
U.S. Toll Free: 866-601-2586
International: 817-601-3222
Fax: 817-601-3223 

c) The following companies help us to store and package your ordered Product(s) for proper shipping.

 DPD

Address: 1158 Budapest, Késmárk utca 14. B. ép. Hungary

E-mail: dpd@dpd.hu

 

Magyar Posta Zrt.
Address: 1138 Budapest, Dunavirág utca 2-6. Hungary
E-mail: customer.service@posta.hu

 

5.5. How we protect your personal data

a) Online security: we only use encrypted data transmission channels and methods between users and our servers, no 3rd parties can access or decode the information.

b) Storing: we primarly store your data in digital form. Our databases are always encrypted and password protected which means that even the co-workers of the Controller handle your data in an anonymous form when the data processing serves only statistical purpose and does not have to be associated with you. All data stored can be accessed only by certain employees of Diotoys, who have signed confidentiality obligations about storing and handling all data. All passwords are stored in encrypted form that cannot be deciphered.

In certain cases, we have to store your data in physical form: these data sheets are always secured inside lockable cabinets to which only a few dedicated personnel have access to.

c) Erasure: our systems are capable of erasing your digital data upon request so that you will no longer be identifiable. We also take care about shredding of the physical data sheets as well.

As a general rule, we continuously erase all personal data with your prior notification that are no longer needed to provide our services or if such personal data have to be erased by law.

Erasure includes the erasure of any links to, or copy or replication of, those personal data in the Controller’s and the Processor’s databases as well.

6. Purposes

Here we inform you about the specific goal of data processing for which goal we process your personal data.

6.1. Registration on Website:
a) Processed data: account data: first name, last name, e-mail, password, birth date.
b) Source of data: User/Customer.
c) Legal basis of processing: consent.
d) Duration of processing: until withdrawal of consent or termination of service.
e) Place of storage: servers provided by MDaemon Technologies and Bigcommerce’s system.
f) Processor(s): MDaemon Technologies.

We process your data detailed above to offer you personalized offers through your Account and make the shopping and the use of our other services easier.

6.2. Shopping at the Diotoys Shop:
a) Processed data: account & consumption data
billing information: first name, last name, address (including street address, country, ZIP code, city, state), phone number, e-mail, coupon code.
shipping address: first name, last name, address (including street address, country, ZIP code, city, state), phone number.
purchase history: Product name, machine version, quantity, Product price, shipping price, subtotal price, time of transaction (date & hour), Paypal ID.
consumption data: comment.
b) Source of data: User/Customer and Paypal.
c) Legal basis of processing: performance of contract and mandatory by law.
d) Duration of processing: 
8 years according to Section (2) of 169. of Act C of 2000 on Accounting;
beyond that 8 years: until termination of services.
e) Place of storage: servers provided by Bigcommerce and MDaemon Technologies’s system.
f) Processor(s):
Bigcommerce
MDaemon Technologies;
Companies that store and package your ordered Product(s) (see Section 4)
Companies that ship and deliver your ordered Product(s) (see Section 4)

We need all your data detailed above so that the Contract can be concluded between you and Eszter Réka Diósi, furthermore to properly deliver your ordered Product(s) to your shipping address, and also to keep in touch with you during procedure.

6.3. Subscribing to Newsletter:
a) Processed data: account & consumption data
account data in all cases: first name, last name, e-mail, country;
b) Source of data: User/Customer.
c) Legal basis of processing: consent.
d) Duration of processing: until unsubscribe or withdrawal of consent or termination of service.
e) Place of storage: servers provided by Bigcommerce’s system.
f) Processor(s): none.
g) ID number issued by the Supervisory Authority: NAIH-116168/2017

We process your data detailed above to send you newsletter about the updates in our services, information about new Products, discounts, special offers, interesting articles and other content on brewery, whatnot.

You can unsubscribe from our newsletter anytime and free of charge by clicking on the ‘Unsubscribe’ link in the newsletter or by sending us an e-mail with this topic to info@diotoys.com.

    1. Customer Support:
      a) Processed data: account & consumption data
      account data in all cases: first name, last name, e-mail; and…
      … in case of a ‘general question’: phone number, country, attachment (if any), interested topic, question.
      … in case of a ‘specific question’: phone number, country, attachment (if any), Product, order ID, message.
      … in case of a ‘feedback’: phone number, country, attachment (if any), message.
      b) Source of data: User/Customer.
      c) Legal basis of processing: performance of contract.
      d) Duration of processing:
      until the Controller’s feedback is approved by the User/Customer in case of ‘general / specific question’ and ‘feedback’;
      until the reported issue is solved and approved by the User/Customer in case of ‘report an issue’.
      e) Place of storage: servers provided by Bigcommerce and MDaemon Technologies’

      ’s system.
      f) Processor(s):
      Companies that service and fix machines (see Section 4)

We process your data detailed above to provide detailed answers to your inquiry whether you are an interested buyer or already a Diotoys-owner.

 

7. Cookie-policy

We use cookies for several purposes. You can find more information of our Cookie Policy in FAQ/Legal.

8. Liability

8.1. The Controller is liable for the damage caused by processing which infringes the GDPR or the relevant laws of Hungary. However, we will not be liable if we prove that we are not in any way responsible for the event giving rise to the damage, especially in the any of the following cases:
a) Vis Maior;
b) infringement of the GDPR by a Processor if the regulation is specifically directed to processors;
c) any negligence of yours while providing your personal data to the Controller.

8.2. You are solely liable:
a) to take all necessary measures in order to keep your passwords safe and secure related to your Account / e-mail address / Social Media Platforms;
b) to use safe and secure internet networks / connections, passwords and electronic devices;
c) to keep your personal data provided to the Controller up-to-date, real, accurate and complete at all times. If any of your personal data provided changes, you must inform us without undue delay and in any event within five days of becoming aware of the change in your data.

8.3. The Controller reserves the right to unilaterally change this Policy in which case the Controller will send a notification e-mail to inform you about the recent updates and the date when the updates will go into effect. 
By the continuous use of the Product or our services after the date when the updates go into effect, you declare that you have read, understood and acknowledged the entire updated Policy as binding.

9. Exceptions related to Companies

9.1. If you provide data on behalf of a company, the following provided information will not be regarded as personal data: company name, TAX/VAT number, company address. All other provided data which are related to you as a representative or contact person will be handled as detailed above in this Policy.

10. Governing laws

10.1. This Privacy shall be governed and interpreted in accordance with the GDPR and the relevant laws of Hungary. To any issues not regulated in this Privacy Policy the provisions of the GDPR and the relevant Hungarian laws will prevail.

10.2. In case of any dispute arising from or in connection with this – if possible by the relevant laws – the dispute will be solved by the courts of Hungary.

Place and date: Budapest (Hungary), June 1st, 2018.

© 2018 All rights reserved!  


 

Newsletter