The purpose of this information is to inform users of the lavidayarn.com website (hereinafter referred to as the “Website” ) (hereinafter referred to as the “User(s)” or “Data Subject(s)” ) about the facts and information related to the data processing carried out on the Website before the start of data processing.

It is not necessary to provide personal data to visit the Website, however, certain services of the Website can only be used after providing the User's personal data.

We inform you that the personal data provided by you is handled confidentially by LavidaFeeling Kft. (registered office: 1118. Budapest, Őrség utca 20.; company registration number: 01-09-403300; tax number: 32026058-2-43; registration authority: Budapest Metropolitan Court of Commerce; representative: Samu Tímea; hereinafter referred to as: “Data Controller” ) in accordance with the applicable data protection laws and as set out in this information.

Definitions of terms

"personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"processing" means any operation or set of operations which is performed on personal data or data sets, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘controller’ means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

"processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

‘recipient’ means the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by such public authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing;

"consent of the data subject" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

"data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Data processing carried out on the website

Website visitor data – server log files

In the case of data recorded in the log file during the use of the Website, the data is stored and used exclusively for technical purposes (analysis of the secure operation of servers, subsequent monitoring, detection, prevention and investigation of attacks against the Website) and statistical purposes. To this end, the Website's Internet service provider automatically records and saves information in so-called Server Log Files, which your browser automatically transmits to us. This includes your IP address, your browser and language settings, as well as your operating system, your Internet service provider, the date/time settings, and the URLs of the current and last visited websites. The data sets obtained in this way are not linked by the Data Controller with information from other sources that can be used to identify you personally. In the event that we become aware of specific suspicions of illegal use of the Website, we reserve the right to subsequently evaluate this data.

Data processing period: 30 days. Beyond that, data will only be stored if necessary to investigate detected attacks against the Website.

Legal basis for data processing: legitimate interest of the Data Controller (achieving the goals listed above).

Data processing related to the operation of a web store/use of services

The fact of data collection, the scope of data processed and the purpose of data processing :

Personal data	Purpose of data processing	Legal basis
Last name and first name	It is necessary for contact, purchase, issuing a proper invoice, and exercising the right of withdrawal.
Email address	Staying in touch.
Phone number	More efficient coordination of communication, billing, or shipping issues.
Billing name and address	Issuing a proper invoice, as well as creating the contract, defining its content, modifying it, monitoring its performance, invoicing the fees arising from it, and enforcing the claims related to it.	Article 6(1)(c) and Section 169(2) of Act C of 2000 on Accounting
Shipping name and address	Enabling home delivery.	Article 6(1)(b) of the GDPR and Section 13/A. (3) of the Electricity Act.

2. Scope of data subjects: All data subjects who purchase on the webshop website. The e-mail address does not need to contain personal data.
3. Duration of data processing, deadline for data deletion: If one of the conditions set out in Article 17(1) of the GDPR applies, it lasts until the data subject requests deletion. The data controller shall inform the data subject electronically, pursuant to Article 19 of the GDPR, of the deletion of any personal data provided by the data subject. If the data subject's request for deletion also covers the e-mail address provided by him/her, the data controller shall also delete the e-mail address after informing. Except in the case of accounting documents, since these data must be retained for 8 years pursuant to Section 169(2) of Act C of 2000 on Accounting. The data subject's contractual data may be deleted upon expiry of the civil law limitation period based on the data subject's request for deletion.

Accounting documents (including general ledger accounts, analytical and detailed records) that directly and indirectly support accounting records must be kept in a legible form for at least 8 years, and must be retrievable by reference to the accounting records.

4. Potential data controllers authorized to access the data, recipients of personal data : Personal data may be processed by the data controller, as well as its sales and marketing staff, in compliance with the above principles.
5. Description of the rights of data subjects regarding data processing :
6. The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
7. the data subject has the right to data portability and to withdraw consent at any time.
8. The data subject can request access to, deletion, modification or restriction of processing of personal data, as well as data portability in the following ways :
9. by post to 1118. Budapest, Őrség Street 20.
10. by e-mail at info@lavidayarn.com ,
11. by phone at +36 30 937 1275.

7. Legal basis for data processing :
8. Article 6(1)(b) and (c) of the GDPR,
9. Section 13/A. Subsection (3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society (hereinafter: Elker Act):

The service provider may process personal data for the purpose of providing the service that is technically indispensable for the provision of the service. All other conditions being the same, the service provider must select and in all cases operate the means used in the provision of the information society service in such a way that personal data are processed only if this is absolutely necessary for the provision of the service and for the fulfilment of other purposes specified in this Act, but even then only to the extent and for the period necessary.

3. In the case of issuing an invoice in accordance with accounting legislation, Article 6(1)(c).
4. In the case of enforcing claims arising from the contract, according to Section 6:22 of Act V of 2013 on the Civil Code, it is 5 years.

§ 6:22 [Limitation]

(1) Unless otherwise provided by this Act, claims shall expire after five years.

(2) The limitation period begins when the claim becomes due.

(3) An agreement to change the limitation period must be in writing.

(4) An agreement excluding the limitation period is void.

8. We inform you that
9. Data processing is necessary for the performance of the contract and the provision of an offer .
10. You are required to provide personal data so that we can fulfill your order.
11. Failure to provide data will result in us being unable to process your order.

Data processing for marketing communication purposes

Newsletter

Users have the option to subscribe to the Data Controller's newsletter while using the Website. Subscribing to the newsletter is voluntary. By subscribing, the User expressly consents to the transmission of informative and specifically marketing content to the e-mail address provided. The User may unsubscribe from the newsletter at any time.

Scope of data processed: e-mail address

The purpose of data management: to recommend the Data Controller's services, to forward its advertisements, and to provide information about current information, promotions, and new features by sending an email request.

Legal basis for data processing: voluntary consent of the Data Subject

Data processing period: until you unsubscribe from the newsletter, but no later than 10 years from the date of providing the data

Managing cookies on the Website

In order for the Website to function properly, we sometimes need to place data files called "cookies" on your computer, as do other large websites and Internet service providers.

What are cookies?

Cookies are small text files that the Website stores on the computer or mobile device of the User visiting its pages. Cookies help the Website remember your actions and personal settings (e.g. username, language, font size and other unique settings related to the display of the website) for a certain period of time, so that you do not have to re-enter them each time you visit our website or navigate from one page to another.

What types of cookies do we use?

When you visit the Website, the following types of cookies are used:

Temporary cookies

These cookies are necessary for navigation on our website. For example, cookies that allow you to log in to the customer area or add products to your shopping cart. These cookies are reset after 30 minutes or deleted when you leave the site. Cookies required for logging in or making a purchase are deleted after 30 minutes.

Persistent cookies

These cookies are used to recognize your browser the next time you visit our website. These cookies are stored on your computer until you manually delete them.

Performance cookies

These cookies are used to collect anonymous data about your usage patterns on our website. These cookies register the subpages and links you visit. This allows us to better manage your preferences the next time you visit our website. This allows us to provide you with interesting information and offers. We store this data for 30 days.

Functionality – Cookies

These cookies are used to store settings (such as language settings or font size) that you have set on our website. This improves the functionality of our website for your convenience. These cookies are deleted after 30 minutes.

Third-Party Cookies

These cookies are used to collect anonymous data about your usage patterns on our website and other websites. This allows us to better manage your preferences the next time you visit our website. This allows us to provide you with interesting information and offers.

Third-party cookies are also used in the case of Google Analytics, Pingdom, Hotjar, Polyfill, BingAds and GoogleAdwords, about which you can find more detailed information below:

Google Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Inc., 1600 AmphitheatreParkway, Mountain View, CA 94043, USA. Google Analytics uses cookies to help us analyze how you use our website.

The information generated by the cookie about your use of the website (including your IP address and the URL of the pages you visit) is usually transmitted to and stored by Google on servers in the United States. If IP anonymization is activated on this website, your IP address will be shortened before being transmitted within member states of the European Union or in other contracting states of the Agreement on the European Economic Community. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The anonymous IP address transmitted by Google Analytics from your browser will not be merged with other data held by Google. This data will be stored for 6 months.

We do not store the data collected by Google Analytics.

You can prevent the collection of data generated by cookies and relating to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Detailed information on Google's terms of use and privacy policy can be found at the following addresses: http://www.google.com/analytics/terms/de.html and https://www.google.at/intl/at/policies/ .

The legal basis for our use of cookies is your consent and our legitimate interest in achieving the purposes specified for each type of Cookie.

Google AdWords

Google AdWords is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google AdWords uses cookies. If you have reached our website via a Google ad, Google AdWords will place a cookie on your terminal. This is a pseudonymous identification number (ID). This allows us and Google to recognize that you have clicked on the ad and that someone has reached our website. Anonymized statistics may be generated about this. The use of AdWords cookies allows Google and us to place ads more precisely based on an evaluation of your previous visits to our website and other websites.

These cookies are deleted after 30 days.

The information generated by the cookie (including IP addresses) is transmitted by Google to a server in the USA for evaluation and storage. Google complies with the data protection provisions of the “Privacy Shield” agreement and is a registered member of the “Privacy Shield” program of the US Department of Commerce. Google only transfers data to third parties if required by law or in the context of order processing. If the user logs in to the site with a Google account, Google connects the account information with the information processed in AdWords.

You can prevent the storage of Google AdWords cookies not only by setting your browser accordingly, but also by clicking on the following link ( https://myaccount.google.com/intro/privacycheckup/1?hl=de ) if you are logged in with your Google account. If you are not logged in with your Google account, you can change your browser settings.

Detailed information on Google's terms of use and privacy policy can be found at: https://policies.google.com/privacy?hl=de .

Facebook

More information about cookies used by Facebook:

https://hu-hu.facebook.com/policies/cookies/#

These cookies are deleted after 90 days.

Provider: Facebook Inc.

The legal basis for our use of cookies is your consent and our legitimate interest in achieving the purposes specified for each type of Cookie.

Cookie maintenance

You have the option to maintain and/or delete cookies as you wish. Please visit aboutcookies.org for information on this. You can delete all cookies stored on your computer and, in most browsers, you can block their installation, i.e. you can set your browser so that it does not allow the placement of a unique identifier on the User's machine (depending on the browser, usually in the tools menu under settings/internet settings). However, in this case, you may have to manually make certain settings each time you visit a particular page, and you must also take into account that certain services and functions may not work (for example, in the case of customized solutions) and the user may not be able to use certain functions of the service to the fullest extent.

Use of data processors

The Data Controller uses the following data processors for the purposes specified above:

1. Data processor used for hosting services

Name and contact details of the data processor:

• Company name: MAXER Hosting Ltd.
• Headquarters: 9021 Győr, Arany János u. 31.
• Mailing address: 1616 Budapest P.O. Box 373.
• Company registration number: 08-09-013763
• Tax number: 13670452-2-0
• The Service Provider's official website: https://maxer.hu
• Email: info@maxer.hu
• Phone number: (+36) 1 257 9913

Data processing related activity: hosting service

2. Other data processors: billing

Name and contact details of the data processor:

Számlázz.hu (KBOSS.hu Ltd.)

Website: https//szamlazz.hu

Email: info@szamlazz.hu

Headquarters: 1031 Budapest, Záhony Street 7/D.

Data transmission

1. Recipients and data processors of data processing related to the transport of goods

Name of the recipient: GLS General Logistics Systems Hungary Kft.

The address of the recipient: 2351 Alsónémedi GLS Európa u. 2.

Recipient's phone number: +36 29 88 66 70

Recipient's email address: info@gls-hungary.com,

Recipient's website: https://gls-group.com/HU/hu/home

The courier service assists in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the personal data received in accordance with the data processing information available on its website.

Recipients and data processors of data processing related to accounting

Name of the recipient: ContaduriaKft.

The addressee's registered office is: 1139 Budapest, Frangepán Street 9.

2. Data processing related to online payments

Activity performed by the Recipient: Online payment
Name and contact details of the recipient: OTP Mobil Kft.

Headquarters: 1143 Budapest, Hungária krt. 17-19.

Phone: +36 1 5100 374

E-mail: ugyfelszolgalat@simple.hu

The fact of data processing, the scope of data processed: Billing data, name, e-mail address

Scope of data subjects: All data subjects who choose to pay on the website.

Purpose of data processing: Processing online payments, confirming transactions and fraud monitoring to protect users

Duration of data management, deadline for data deletion: Until the online payment is processed.

Legal basis for data processing: Article 6(1)(b) of the GDPR. Data processing is necessary to complete an online payment at the request of the data subject.

Rights of the data subject:

• You can find out about the conditions of data processing,
• You have the right to receive feedback from the data controller as to whether your personal data is being processed, and to access all information related to data processing.
• You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
• You have the right to request that the controller rectify inaccurate personal data about you without undue delay.

By accepting the data processing policy, you consent to the following data transfer statement:

“I acknowledge that the following personal data of mine stored by the data controller LavidaFeeling Kft in the user database of https://lavidayarn.com/ will be transferred to OTP Mobil Kft., as the data processor. The scope of the data transmitted by the data controller is as follows: name, email address, billing data. The nature and purpose of the data processing activity carried out by the data processor can be viewed in the SimplePay Data Processing Information, at the following link: http://simplepay.hu/vasarlo-aff “

Data security

The Data Controller and the data processors shall treat the personal data provided by the Player confidentially and comply with the relevant data protection legislation, in particular Act CXII of 2011 on the right to informational self-determination and freedom of information, Act VI of 1998 on the promulgation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on 28 January 1981, and the provisions of EU Regulation 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC.

The Data Controller shall take and ensure all measures to facilitate IT and other secure data management related to data storage, processing and data transmission in order to ensure secure data management. The Data Controller shall take the necessary measures, as may be expected of it, to protect the personal data it manages against unauthorized access, alteration, disclosure, deletion, damage and destruction, and to guarantee the technical conditions necessary for this.

The circle of persons authorized to view the data: Only those employees and agents of the Data Controller and the data processors who need to view this data in order to perform their duties may access the personal data provided by the Users.

Your rights

You have the right to receive feedback at any time as to whether your personal data is being processed, and if so, you have the right to access the personal data and the following information:

1. a) the purposes of data processing;
2. (b) the categories of personal data concerned;
3. (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
4. (d) where applicable, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
5. e) the right to request from the controller the rectification, erasure or restriction of processing of personal data concerning him or her and to object to the processing of such personal data;
6. (f) the right to lodge a complaint with a supervisory authority;
7. g) if the data were not collected from the data subject, all available information on their source;
8. h) the fact of automated decision-making, including profiling, and at least in these cases, intelligible information on the logic involved and the significance and foreseeable consequences of such processing for the data subject.

The Data Controller will provide you with a copy of the personal data subject to data processing upon request.

You have the right to request the correction or completion of inaccurate personal data at any time, and the Data Controller is obliged to comply with this request without undue delay.

You also have the right to withdraw your consent at any time. You withdraw your consent by unsubscribing from the newsletter via the appropriate link or by sending your request to unsubscribe to the Data Controller as specified in this section. If you unsubscribe from the newsletter, the Data Controller will delete your personal data from its records within 30 days of unsubscribing.

You have the option to withdraw your consent to the storage of cookies as described in the section "Managing Cookies on the Website".

The withdrawal of consent does not affect the lawfulness of data processing based on consent prior to its withdrawal.

At the request of the Data Subject, the Data Controller is obliged to delete personal data concerning the Data Subject without undue delay, if:

– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

– the Data Subject withdraws his/her consent which forms the basis for data processing, and there is no other legal basis for data processing;

– if the processing of personal data is carried out for the purpose of direct marketing and the Data Subject objects to the processing and there is no overriding legitimate reason for the processing;

– the personal data have been processed unlawfully; or

– the personal data must be erased to comply with a legal obligation under EU or Member State law applicable to the Controller.

Where the Controller has made the personal data public and is required to erase them pursuant to this point, the Controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the Controllers processing the data that the data subject has requested erasure by them of links to, or copies or replications of, the personal data concerned.

The above provision regarding erasure does not apply if the processing is necessary:

1. a) for the purpose of exercising the right to freedom of expression and information;
2. b) for the purpose of fulfilling an obligation to process personal data under Union or Member State law applicable to the Controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
3. c) on the basis of public interest in the field of public health;
4. d) for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the right to erasure would likely render impossible or seriously jeopardise such processing; or
5. e) for the establishment, exercise or defense of legal claims.

At the request of the Data Subject, the Data Controller is obliged to restrict data processing if:

– the Data Subject disputes the accuracy of the personal data, in which case the restriction applies for a period of time that allows the Data Controller to verify the accuracy of the personal data;

– the processing is unlawful and the Data Subject opposes the erasure of the data and instead requests the restriction of their use;

– the Data Controller no longer needs the personal data for the purposes of data processing, but the Data Subject requires them for the establishment, exercise or defense of legal claims; or

– if the processing of personal data is carried out for the purpose of direct marketing and the Data Subject objects to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the Data Controller override those of the Data Subject.

If processing is restricted on the basis of the above, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the Union or of a Member State. The Controller shall inform the data subject at whose request the processing has been restricted in advance of the lifting of the restriction on processing.

In addition to the above, the Data Subject may request the Data Controller to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and shall have the right to transmit such data to another Data Controller without hindrance from the Data Controller, and, where technically feasible, may also request the direct transmission of the personal data between Data Controllers.

Applications can be submitted to the following addresses: info@lavidayarn.com.

For identification purposes, it is always necessary to provide accurate personal data.

The Data Controller shall inform the Data Subject of the measures taken following his request to exercise his rights without undue delay, but in any case within 30 days of receipt of the request.

If the Data Subject submitted the request electronically, the information shall be provided electronically, if possible, unless the Data Subject requests otherwise.

The Data Controller shall notify the Data Subject, as well as all those to whom the data was previously forwarded for the purpose of data processing, of the correction, restriction or deletion.

If the Data Controller does not take action following the Data Subject's request, it shall inform the Data Subject without delay, but no later than 30 days from receipt of the request, of the reasons for the failure to take action and of the fact that the Data Subject may file a complaint with a supervisory authority and exercise his/her right to judicial remedy.

The User also has the right to object at any time to the processing of his or her personal data for reasons relating to his or her particular situation, in the case of processing based on legitimate interest. In such a case, the data controller shall not process the personal data any further, unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The data controller shall examine the objection within the shortest possible time from the submission of the application, but no later than 30 days, and shall inform the applicant of the result in writing, while simultaneously suspending the data processing. If the applicant's objection is well-founded, the data controller shall terminate the data processing, including further data collection and transmission, and shall restrict the data, and shall notify all those to whom the personal data subject to the objection was previously transmitted and who are obliged to take measures to enforce the right to object of the objection.

In case of violation of the above rights of the Data Subject, he/she may contact a court or the National Authority for Data Protection and Freedom of Information.

National Data Protection and Freedom of Information Authority

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

www: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

The Data Controller reserves the right to unilaterally amend this data management policy without prior notice to the Users. The User accepts the amended data management policy by using the service after the amendment enters into force.

Budapest, November 1, 2022.