Barion Pixel

Privacy Policy

Date of Acceptance: 2024-08-14

Data Controller

  • Name: Kave Mystique s.r.o
  • Registered Office: 946 57 Svaty Peter, Ulica Zichyho 1274/9
  • Correspondence Address, Complaint Management: 946 57 Svaty Peter, Ulica Zichyho 1274/9
  • Email: info@kavemystique.com
  • Phone: +36707836668
  • Website: https://kavemystique.com/

Hosting Service Provider

  • Name: MikroVps Informatikai és Szolgáltató Kft.
  • Correspondence Address: 1096 Budapest, Sobieski János utca 19-21. A lh. 1. em. 1
  • Email: info@mikrovps.hu
  • Phone:

Description of Data Processing in the Operation of the Webshop

This document contains all relevant information regarding data processing in relation to the webshop’s operation, in compliance with the European Union General Data Protection Regulation (Regulation 2016/679, hereinafter referred to as the GDPR) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Infotv.).

Information on the Use of Cookies

What is a cookie?

The Data Controller uses cookies during your visit to the website. A cookie is a packet of information composed of letters and numbers that our website sends to your browser to store certain settings, make the use of our website easier, and collect relevant statistical information about visitors.

Some cookies do not contain personal information and are not capable of identifying individual users, while others contain an individual identifier— a secret, randomly generated string of numbers—stored on your device, making it possible to identify you. The specific cookie’s duration is indicated in the relevant description.

Legal Background and Basis for Cookies:

There are primarily three types of cookies: essential cookies necessary for the website’s operation, cookies for statistical purposes, and marketing cookies.

The legal basis for data processing is your consent according to Article 6 (1) (a) of the GDPR for statistical and marketing cookies, and the legitimate interest for ensuring the operation of the website under Article 6 (1) (f) of the GDPR for essential cookies.

Key Features of the Cookies Used on the Website:

Essential Cookies:

If you do not accept these cookies, certain functions may not be available to you.

Barion Pixel Cookies:
Barion Payment Zrt. uses cookies to prevent fraud during the Barion payment process (these are the ba_vid, ba_vid.xxx, and ba_sid cookies), which also process personal data (profiles). The Seller can only facilitate payments using these cookies, which cannot be disabled. According to Barion’s Cookie Policy, the purpose of the ba_vid cookie is to filter out credit card fraud based on the digital fingerprint of the device used by the Buyer and browsing habits. It is necessary to recognize fraudsters. The ba_vid.xxx cookie allows Barion Zrt. to track browsing habits across two sessions on the same website. Data collected includes: ba_vid, user-related ID formed from the browser’s properties, timestamps of the first, current, and last visit on the site, current session ID, and third-party cookie permissions. The ba_sid cookie is used to identify the session across multiple Barion sites. The storage period for the ba_vid and ba_vid.xxx cookies is 1.5 years from the last update, and 30 minutes for the ba_sid cookie. The data is stored by Barion Zrt.
Barion Cookie Policy is available here: https://www.barion.com/hu/suti-tajekoztato/

WooCommerce Cookies:

  • woocommerce_cart_hash: Helps WooCommerce determine when cart content/data changes. Duration: until the session expires.
  • woocommerce_items_in_cart: Helps WooCommerce determine when cart content/data changes. Duration: until the session expires.
  • wp_woocommerce_session_: Contains a unique code for each customer to locate cart data in the database. Duration: 2 days.
  • woocommerce_recently_viewed: Controls the Recently Viewed Products widget. Duration: until the session expires.
  • store_notice[notice id]: Allows customers to close the Store Notice message. Duration: until the session expires.
  • woocommerce_snooze_suggestions__[suggestion]: Allows customers to dismiss Marketplace suggestions. Duration: 2 days.
  • woocommerce_dismissed_suggestions__[context]: Keeps track of rejected suggestions. Duration: 1 month.

Statistical Cookies:

Google Analytics Cookie:
Google Analytics is an analytical tool by Google that helps website and app owners gain a better understanding of visitor activities. It may use cookies to collect information and generate reports on website usage without individually identifying visitors to Google. The primary cookie used by Google Analytics is the “__ga” cookie. In addition to reports on website usage, Google Analytics—along with some advertising cookies—may also be used to display more relevant ads on Google products (such as Google Search) and across the internet.

tk_ai: Stores a randomly generated anonymous identifier. This is only used in the dashboard (/wp-admin) area for tracking usage if enabled. Duration: until the session expires.

Marketing cookies:

Google Adwords cookie
When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies – such as the NID and SID cookies – to customize the ads displayed on Google products, including Google Search. These cookies help remember your recent searches, your previous interactions with ads or search results from specific advertisers, and your visits to advertiser websites. The AdWords conversion tracking feature uses cookies. To track sales and other conversions from ads, cookies are stored on the user’s computer when the individual clicks on an ad. Common uses of these cookies include selecting ads that are relevant to the user, improving campaign performance reports, and avoiding showing ads that the user has already seen.

Facebook pixel (Facebook cookie)
The Facebook pixel is a code that generates reports on conversions, helps build target audiences, and provides the site owner with detailed analytical data about visitors’ use of the website. With the Facebook pixel, the website can display personalized offers and ads to its visitors on the Facebook platform. You can review Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation

BarionMarketingConsent.xxx
This cookie stores the user’s consent to the collection of browsing data and the analysis of purchasing habits for the purpose of displaying personalized ads and offers. If consent is given, the data collected by cookies designed to prevent credit card fraud – placed among the essential cookies – will also be used to analyze browsing and purchasing habits for personalized ads and offers. Duration: 1.5 years from the last update.

Barion Media and advertiser partners’ cookie
This cookie serves the synchronization and pairing of the different user IDs between the Barion system and the partner system. As part of their functionality, cookies inform the partner servers to download their own user ID cookie into the visitor’s browser. Thus, the identifiers generated simultaneously in both systems within one browser are paired.

You can find more information on how to delete cookies at the following links:

Google Consent Mode v2

The Data Controller has integrated Google Consent Mode v2 on its website, and through the cookie panel, it ensures the management of consents and rejections based on this new version. Under Google Consent Mode v2, in addition to the two previous flags (analytics_storage, ad_storage), Google now uses two additional flags for the storage and retrieval of statistical and advertising cookies:

  • ad_user_data: Any user data sent to Google for advertising purposes.
  • ad_personalization: The user’s data can be used for personalized advertising, such as remarketing.

These two switches control whether the storage and retrieval of statistical and advertising cookies are allowed.


Data processing for contract conclusion and performance

Several data processing activities may occur for the purpose of contract conclusion and performance. Please note that data processing related to complaint handling and warranty processing will only occur if you exercise one of these rights.

If you do not purchase through the webshop but are only a visitor, the marketing data processing described under marketing purposes may apply to you if you provide us with marketing consent.

Detailed information about data processing for contract conclusion and performance:

Contact
For instance, if you contact us with a question about a product via email, contact form, or phone. Pre-contact is not required, and you can place an order at any time without it.

Data processed:
The data you provide during contact.

Duration of data processing:
We process the data only until the contact is concluded.

Legal basis for data processing:
Your voluntary consent, which you provide to the Data Controller when making contact. [Processing under Article 6(1)(a) of the GDPR]

Registration on the website
By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g., you will not have to re-enter your data during future purchases). Registration is not a condition for contract conclusion.

Data processed:
The Data Controller processes your name, address, phone number, email address, the characteristics of the purchased goods, and the date of purchase.

Duration of data processing:
Until you withdraw your consent.

Legal basis for data processing:
Your voluntary consent provided during registration. [Processing under Article 6(1)(a) of the GDPR]

Order processing
During the processing of orders, data processing activities are necessary for contract performance.

Data processed:
The Data Controller processes your name, address, phone number, email address, the characteristics of the purchased goods, the order number, and the date of purchase. If you place an order through the webshop, providing this data is essential for fulfilling the contract.

Duration of data processing:
Data is processed for 5 years, according to the statute of limitations under civil law.

Legal basis for data processing:
Performance of the contract. [Processing under Article 6(1)(b) of the GDPR]

Issuing invoices
The data processing is carried out to issue invoices in compliance with the law and to fulfill the obligation to retain accounting documents. According to Section 169(1)-(2) of the Accounting Act, companies must keep accounting documents supporting their bookkeeping either directly or indirectly.

Data processed:
Name, address, email address, phone number.

Duration of data processing:
Invoices must be kept for 8 years from the date of issuance, as per Section 169(2) of the Accounting Act.

Legal basis for data processing:
Issuance of the invoice is mandatory under Section 159(1) of Act CXXVII of 2007 on Value Added Tax, and invoices must be retained for 8 years as per Section 169(2) of Act C of 2000 on Accounting. [Processing under Article 6(1)(c) of the GDPR]

Data Processing Related to Goods Delivery

The data processing procedure is conducted to facilitate the delivery of the ordered product.

Data Processed
Name, address, email address, phone number.

Duration of Data Processing
The Data Controller processes the data until the delivery of the ordered goods is completed.

Legal Basis for Data Processing
Performance of a contract [Data processing according to Article 6(1)(b) of the Regulation].

Recipients and Processors of Data Related to Goods Delivery

Recipient Name: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
Recipient Address: 2351 Alsónémedi, GLS Európa u. 2.
Recipient Phone Number: +36-29-88-67-00
Recipient Email Address: info@gls-hungary.com
Recipient Website: https://gls-group.eu/HU/hu/home

The courier service assists in delivering the ordered goods under a contract with the Data Controller. The courier processes the personal data it receives according to its data processing policy available on its website.


Data Processing for Marketing Purposes

Data Processing Related to Newsletter Distribution

This data processing procedure is carried out for sending newsletters.

Data Processed
Name, address, email address, phone number.

Duration of Data Processing
Until the consent is withdrawn by the data subject.

Legal Basis for Data Processing
Your voluntary consent provided when subscribing to the newsletter [Data processing according to Article 6(1)(a) of the Regulation].

Data Processing Related to Sending and Displaying Personalized Ads

This data processing procedure aims to send advertising content tailored to the data subject’s interests.

Data Processed
Name, address, email address, phone number.

Duration of Data Processing
Until the consent is withdrawn.

Legal Basis for Data Processing
Your voluntary, separate consent provided during data collection [Data processing according to Article 6(1)(a) of the Regulation].

Remarketing

Remarketing activities are implemented using cookies.

Data Processed
Data processed by the cookies as specified in the cookie notice.

Duration of Data Processing
The data retention period for the respective cookie. More information is available here:

Legal Basis for Data Processing
Your voluntary consent, provided through the use of the website [Data processing according to Article 6(1)(a) of the Regulation].


Sweepstakes

This data processing procedure is carried out for the purpose of conducting a sweepstake.

Data Processed
Name, email address, phone number.

Duration of Data Processing
Data will be deleted after the conclusion of the sweepstake, except for the winner’s data, which the Data Controller is obligated to retain for 8 years under accounting law.

Legal Basis for Data Processing
Your voluntary consent provided through the use of the website [Data processing according to Article 6(1)(a) of the Regulation].


Additional Data Processing

If the Data Controller intends to conduct additional data processing, it will provide prior notice about the relevant circumstances (legal background and basis, purpose, scope of processed data, and duration of data processing).


Recipients of Personal Data

Data Processing for the Storage of Personal Data

Processor Name: MikroVps Informatikai és Szolgáltató Kft.
Processor Contact Information:
Phone Number:
Email Address: info@mikrovps.hu
Headquarters: 1096 Budapest, Sobieski János utca 19-21. A lh. 1. em. 1
Website: https://www.mikrovps.net/

The Processor stores personal data on behalf of the Data Controller under a contract. The Processor is not authorized to access the personal data.

Newsletter Distribution-Related Data Processing

Newsletter System Operator Name: The Rocket Science Group LLC.
Operator Address: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Operator Email Address: privacy@mailchimp.com
Operator Website: mailchimp.com

The Processor assists in sending newsletters under a contract with the Data Controller. During this process, the Processor handles the name and email address of the data subject to the extent necessary for sending newsletters.

Data Processing Related to Accounting

Processor Name: Balance (accounting) s.r.o
Processor Address: Mederčská 4987/4, 945 01 Komárno
Processor Phone Number: +421 907 792 510
Processor Email Address: info@balance-accounting.sk
Processor Website: https://www.balance-accounting.sk/

The Processor assists with bookkeeping documents under a written contract with the Data Controller. It processes the name and address of the data subject as necessary for accounting purposes and retains the data for the period specified in Section 169(2) of the Accounting Act, after which it is deleted.

Data Processing Related to Invoicing

Processor Name: MUFIS, s.r.o.
Processor Address: 943 01 Štúrovo – Párkány, Hlavná 30, Slovakia
Processor Phone Number: +421 36-3700014
Processor Email Address: asistent@mufis.sk
Processor Website: https://mufis.sk/sk/

The Processor assists with accounting records under a contract with the Data Controller. It processes the name and address of the data subject as necessary for accounting records and retains the data for the period specified in Section 169(2) of the Accounting Act, after which it is deleted.

Data Processing Related to Online Payments

Data Processor Name: Barion Payment Zrt.
Processor Address: H-1117, Budapest, Irinyi József utca 4-20. 2nd Floor
Processor Phone Number: +36 1 464 70 99
Processor Website: https://www.barion.com/hu

The payment service provider assists in executing online payments under a contract with the Data Controller. During the purchasing process, data is transferred to the online payment provider. The provider processes the billing name, address, order number, and time according to its own data processing rules.


Your Rights During Data Processing

During the data processing period, you have the following rights under the Regulation:

  • Right to withdraw consent
  • Right to access personal data and information related to data processing
  • Right to rectification
  • Right to restriction of processing
  • Right to erasure
  • Right to object
  • Right to data portability

Right to Withdraw Consent

You are entitled to withdraw your consent to data processing at any time, after which your data will be deleted from our systems. However, please note that if an order is pending, withdrawal may prevent us from completing the delivery. Additionally, if a purchase has already been made, accounting regulations require us to retain invoicing data, and if you owe us any payments, we may continue to process your data based on legitimate interests related to debt collection.

Right of Access to Personal Data

You have the right to receive feedback from the Data Controller as to whether the processing of your personal data is ongoing, and if it is, you are entitled to:

  • Access the personal data being processed, and
  • Be informed by the Data Controller about the following:
    • The purposes of the data processing;
    • The categories of personal data concerning you;
    • Information about the recipients or categories of recipients to whom the personal data has been or will be disclosed;
    • The intended duration of the personal data storage, or if this is not possible, the criteria for determining that period;
    • Your right to request from the Data Controller the rectification, deletion, or restriction of processing of your personal data, and in the case of processing based on legitimate interests, your right to object to the processing of such data;
    • The right to lodge a complaint with a supervisory authority;
    • If the data was not collected from you, any available information regarding their source;
    • Information regarding automated decision-making (if such procedures are used), including profiling, and at least in such cases, understandable information about the logic involved and the expected consequences of such processing for you.

The purpose of exercising this right may be to determine and verify the lawfulness of data processing, and therefore, in the case of multiple information requests, the Data Controller may charge a reasonable fee to cover the costs of fulfilling the request.

The Data Controller ensures access to personal data by sending the processed personal data and information via email following your identification. If you have a registration, access will be granted by allowing you to log in to your user account to review and verify the personal data processed about you.

Please indicate in your request whether you are seeking access to personal data or information regarding data processing.

Right to Rectification

You have the right to request the Data Controller to correct inaccurate personal data concerning you without undue delay.

Right to Restriction of Processing

You have the right to request the Data Controller to restrict processing if any of the following conditions apply:

  • You dispute the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data. If the correct data can be determined immediately, no restriction will be applied;
  • The data processing is unlawful, but you oppose the deletion of the data for any reason (for instance, because the data is important to you for enforcing legal claims), and instead, you request the restriction of their use;
  • The Data Controller no longer needs the personal data for the intended purpose, but you require them for the presentation, enforcement, or defense of legal claims; or
  • You have objected to the data processing, but the Data Controller may have a legitimate interest in the data processing. In such cases, until it is determined whether the legitimate interests of the Data Controller override yours, data processing must be restricted.

If data processing is restricted, personal data, apart from storage, may only be processed with your consent, or for the presentation, enforcement, or defense of legal claims, or to protect the rights of another natural or legal person, or for important public interest reasons of the Union or a Member State.

The Data Controller will notify you in advance (at least 3 working days before lifting the restriction) if the restriction on processing is to be lifted.

Right to Erasure – “Right to be Forgotten”

You have the right to have your personal data erased by the Data Controller without undue delay if any of the following grounds apply:

  • The personal data is no longer needed for the purpose for which it was collected or otherwise processed;
  • You withdraw your consent, and there is no other legal basis for the processing;
  • You object to data processing based on legitimate interests, and there are no overriding legitimate grounds for the processing;
  • The personal data has been unlawfully processed, and this has been established based on a complaint;
  • The personal data must be erased to comply with a legal obligation in Union or Member State law applicable to the Data Controller.

If the Data Controller has made your personal data public and is required to erase it for any of the above reasons, considering available technology and the cost of implementation, the Data Controller must take reasonable steps—including technical measures—to inform other data controllers processing the personal data that you have requested the deletion of any links to, copies, or replication of those personal data.

Erasure does not apply if the processing is necessary for:

  • The exercise of the right to freedom of expression and information;
  • Compliance with a legal obligation requiring the processing of personal data imposed by Union or Member State law (such as data processing for billing purposes where legal retention of invoices is mandated), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • The establishment, exercise, or defense of legal claims (e.g., if you have an outstanding claim against the Data Controller or a complaint about data processing is still under investigation).

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interests. In such cases, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or that are related to the presentation, enforcement, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling related to direct marketing. If you object to the processing for direct marketing purposes, your personal data may no longer be processed for that purpose.

Right to Data Portability

If the processing is carried out by automated means or based on your voluntary consent, you have the right to request that the Data Controller provide you with the personal data you have provided to them, in XML, JSON, or CSV format. If technically feasible, you can also request that the Data Controller transfer the data in this format to another data controller.

Automated Decision-Making

You have the right not to be subject to a decision based solely on automated data processing (including profiling) that would produce legal effects concerning you or similarly significantly affect you. In such cases, the Data Controller is required to take appropriate measures to protect the rights, freedoms, and legitimate interests of the data subject, including at least the right for the data subject to request human intervention from the Data Controller, to express their point of view, and to contest the decision..

The above provisions shall not apply if the decision:

  • is necessary for the conclusion or performance of a contract between you and the Data Controller;
  • is authorized by Union or Member State law applicable to the Data Controller, which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests; or
  • is based on your explicit consent.

Registration in the Data Protection Register

Pursuant to the provisions of the Infotv. (Information Act), certain data processing activities of the Data Controller had to be registered in the data protection register. This registration obligation ceased on May 25, 2018.

Data Security Measures

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage, and against becoming inaccessible due to changes in the technology used.

The Data Controller shall take all reasonable organizational and technical steps, to the extent possible, to ensure that its Data Processors also take appropriate data security measures when processing your personal data.

Legal Remedies

If you believe that the Data Controller has violated any provision of the law relating to data processing or has not fulfilled any of your requests, you may initiate an investigation by the National Authority for Data Protection and Freedom of Information (mailing address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969, +36 (30) 549-6838; +36 (1) 391 1400) to stop the presumed unlawful data processing.

We also inform you that in the event of a violation of the legal provisions on data processing, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.

Modification of the Privacy Notice

The Data Controller reserves the right to amend this privacy notice in a manner that does not affect the purpose or legal basis of the data processing. By continuing to use the website after the effective date of the modification, you accept the amended privacy notice.

If the Data Controller wishes to perform further data processing concerning the collected data for a purpose other than that for which they were originally collected, you will be informed about the new purpose and the following information before the additional data processing begins:

  • the period for which personal data will be stored or, if this is not possible, the criteria for determining that period;
  • your right to request access to, rectification, erasure, or restriction of processing of your personal data from the Data Controller, and to object to the processing of personal data where the processing is based on legitimate interests, as well as your right to data portability in the case of data processing based on consent or a contractual relationship;
  • in the case of processing based on consent, your right to withdraw consent at any time;
  • the right to lodge a complaint with a supervisory authority;
  • whether the provision of personal data is required by law or contractual obligation or is a prerequisite for the conclusion of a contract, and whether you are obliged to provide the personal data, and the possible consequences of failing to provide such data;
  • the fact of automated decision-making (if such a procedure is applied), including profiling, and at least in such cases, meaningful information about the logic involved and the significance and anticipated consequences of such data processing for you.

Data processing may only begin after you have been informed of the above, and if the legal basis for the processing is consent, your consent is also required for the processing.