puzzlegarden.hu (hereinafter: Service Provider) is committed to fully respecting the rights of its customers related to data management. In the course of its operation, the Service Provider carries out the data management activities contained in this information sheet, in view of which it considers it important to present the processing of personal data that has come to the attention of the data subjects, its most important characteristics and circumstances.

The terms used in this information are in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation (EC) 95/46 (the hereinafter: GDPR) and CXII of 2011 on the right to information self-determination and freedom of information. are to be interpreted according to the terms defined in the law (hereinafter: Info tv.).

I. The rights of the data subjects and the conditions for their enforcement

1. Who manages your personal data?
Your personal data (hereinafter referred to as: Service Provider) is managed by the data processors used by you as a data controller or on your behalf and in accordance with your instructions.
Name of the data controller: Semsey Nóra Gabriella ev (tax number: 53136664-1-41, registered office: 1024 Budapest, Szilágyi Erzsébet fasor 5.)
Your contact details for contact:
represented by: Nóra Semsey
Email: puzzlegardenshop@gmail.com

2. What principles does the Service Provider consider important when handling your personal data?
During its data management activities, the Service Provider respects the personal rights of the data subjects, during which it handles their personal data taking into account the applicable legal regulations. In view of this, it guarantees the implementation of the provisions of the general data protection regulation, as well as of Info TV, as well as of the sectoral legislation concerning specific data management.
In order to ensure the service, only personal data appropriate and relevant from the point of view of the purposes of data management, specified in the scope of individual data management, will be processed for the time necessary to achieve the goals of personal data management and the security of the provided personal data will be ensured by the possible and necessary technical and organizational measures
in protection, in particular to ensure the confidentiality, integrity and availability of personal data. After providing the personal data, the Service Provider is responsible for the accurate data management of the personal data provided by you with the same content.

3. Categories of stakeholders
In the course of this data management activity, the persons using the services defined below are affected.

4. To whom are the personal data transmitted?
The Service Provider may be contacted by an authority (in particular, an infringement authority, investigative authority, prosecutor, court, other public administrative authority, the National Data Protection and Freedom of Information Authority) or other data controller based on the authorization of the law for the purpose of communicating the personal data it manages, viewing them, and forwarding them. If the requesting body clearly indicates the scope of the requested data, the purpose of the request and
legal basis and the fulfillment of the request does not conflict with the law, the personal data absolutely necessary to fulfill the purpose of the request will be made available.
This website runs through Shopify's online sales platform service, in view of which some personal data is automatically transmitted to the Company through the use of the website. For more information on the scope of personal data managed by Shopify, please visit the following page: https://www.shopify.com/legal/privacy/customers

Puzzle Garden delivers the orders via a courier service, in view of which the personal data relating to the delivery will be transferred to the courier service (name, delivery address, e-mail address, telephone number). For more information, you can find out about the range of personal data managed by the courier service on the following page:
https://www.dpd.com/hu/hu/adatvedelem/
https://gls-group.eu/HU/hu/adatvedelmi-szabalyzat
https://foxpost.hu/uploads/documents/hu/adatkezelesi_szabalyzat.pdf
https://files.packeta.com/web/files/HU_Egyseges-adatkezelesi-tajekozzatato-GDPR-HU-PACKETA.pdf
Apart from the above cases and without your consent, personal data will not be forwarded to another data controller.
Legal bases of data management
Personal data can be processed if
a) the data subject has given his consent to the processing of his personal data for one or more specific purposes;
b) data management is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract;
c) data management is necessary to fulfill the legal obligation of the data controller;
d) data management is vital for the data subject or another natural person
necessary to protect your interests;
e) data processing is in the public interest or the data controller is authorized by a public authority
necessary for the execution of a task performed in the context of its exercise;
f) data management is necessary to enforce the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject take precedence over these interests, which require the protection of personal data, especially if the data subject is a child.
The data subject has the right to withdraw his consent at any time. The consent
its withdrawal does not affect the legality of data processing based on consent, prior to its withdrawal. Before giving consent, the data subject must be informed of this. Withdrawal of consent should be possible in the same simple way as giving it.
If the personal data was recorded based on the consent of the data subject, the Service Provider shall - unless otherwise provided by law -
a) for the purpose of fulfilling the relevant legal obligation, or
b) for the purpose of asserting the legitimate interest of oneself or a third party, if the assertion of this interest is proportionate to the restriction of the right to the protection of personal data, it may be processed without further separate consent, or even after the consent of the person concerned has been revoked.

5. What rights do you have in relation to your personal data managed by the Service Provider?
According to the GDPR regulation, the data subject has the following rights in relation to data management; the open deadline for this is a maximum of one month after receipt of the request:

• the right to information and access, during which the data subject is entitled to receive feedback from the data controller as to whether his personal data is being processed and, if such data processing is in progress, he is entitled to receive access to the personal data, and the data subject's personal categories of data, the purposes of data management, the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, where applicable, the planned period of storage of personal data, or if this is not possible, the criteria for determining this period, and the rights of the data subject , that he can request from the data controller the correction, deletion or restriction of the processing of his personal data and can object to the processing of such personal data, as well as the right to submit a complaint to a supervisory authority.
• right to rectification, according to which the data subject is entitled to request that the data controller correct inaccurate personal data concerning him/her without undue delay, furthermore, taking into account the purpose of the data management, the data subject is entitled to request that the incomplete personal data - among other things by means of a supplementary statement - addition.
• right to erasure, based on which the data subject is entitled to have the personal data processed on the basis of consent deleted without undue delay at the request of the data controller.
• the right to limit data processing, on the basis of which the data subject is entitled to have the data controller limit data processing at his request, if the data subject disputes the accuracy of the personal data, or the data processing is unlawful and the data subject opposes the deletion of the data, and instead requests the restriction of their use, and if the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, assert or defend legal claims, or if the data subject has objected to the data management, in this case the restriction applies to the period until it is established that whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
• the right to protest, based on which the data subject is entitled to object to the processing of his personal data at any time for reasons related to his own situation, if the data processing is necessary to assert the legitimate interests of the data controller or a third party. The Service Provider shall not terminate the data processing based on the protest, if the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are related to the submission, enforcement or defense of legal claims.

6. What legal remedies do you have in connection with your personal data managed by the Service Provider?
I. The right to complain to the supervisory authority
Without prejudice to other administrative or judicial remedies, all data subjects have the right to file a complaint with the National Data Protection and Freedom of Information Authority (the hereinafter: Supervisory Authority).
Contact details of the National Data Protection and Freedom of Information Authority:
1530 Budapest, Pf.:5.
1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: 06 1/391-1400
Fax: 06 1/391-1410
II. The right to an effective judicial remedy against the controller or processor.
Without prejudice to the available administrative or non-judicial legal remedies, including the right to file a complaint with the supervisory authority, all data subjects are entitled to an effective judicial remedy if, in their opinion, their rights related to the processing of their personal data have been violated. The adjudication of the lawsuit falls within the jurisdiction of the court. You can choose to bring the lawsuit before the court of your place of residence or residence.
You can access the list of courts at http://birosag.hu/torvenyszekek.

1. Information related to purchases on the website
Purpose of data management
The processing of the data of the data subjects via the website is necessary in order to record and identify the data subject's intention to purchase, to deliver the order to the data subject, and to inform the data subject of the current status of his order.
Duration of data management
The data provided during registration will be stored for an indefinite period until the personal profile exists, or until the consent of the data subject is withdrawn (deletion request).
Legal basis for data management
The consent of the concerned volunteer is Info tv. Based on § 5 (1) point b) and Article 6 (1) point a) of the GDPR.
Scope of processed data
The service provider manages the following personal data: name, billing and delivery address, e-mail address, telephone number of the persons concerned.
During the registration on the website, the username and password of the person concerned is recorded.

2. Information related to inquiries for marketing purposes
Purpose of data management
Information related to Puzzle Garden's services and inquiries for marketing purposes, such as information about marketing campaigns and participation in them.
Duration of data management
Until the existence of the newsletter service, or until the consent of the data subject is withdrawn (deletion request).
Legal basis for data management
The consent of the concerned volunteer Info tv. § 5 (1) point b) and on the basis of Article 6 (1) point a) of the GDPR.
Scope of processed data
The e-mail address of the persons concerned.

The website http://www.puzzlegarden.hu/ uses so-called cookies in connection with the use of the site. A cookie is an information package consisting of letters and numbers that the website sends to your browser with the aim of saving certain settings, facilitating the use of the website and helping to collect some relevant statistical information.
1. Types of cookies:
Cookies can be "permanent" or "temporary" cookies. The permanent cookie is stored by the browser until a specific time (or until it is deleted), but the temporary cookie is not stored by the browser, it is automatically deleted when the browser is closed.
Cookies that are strictly necessary for operation are essential for the use of the website and enable the use of the basic functions of the website. Without them, many functions of the website will not be available to you.
Cookies aimed at improving the user experience collect information about the use of the website by users, for example, which interfaces are visited most often or what error message they receive from the website. The information obtained from these is used to improve the performance of the website.
If you do not wish to allow the use of cookies, you can disable them in your browser settings. Please note, however, that if cookies are disabled, some elements of certain services can only be used partially or not at all.
2. Disable cookies:
If you do not consent to the placement of the cookie, you can block it through the settings in your browser.
3. The legal background of cookies and the legal basis for their use:
The background of data management is Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC ( In accordance with point a) of paragraph 1 of
4. The range of cookies used:
The cookies used on this website are operated by Puzzle Garden's online sales platform provider, Shopify. For an overview of the range of cookies used when using the website, please visit the following website: https://www.shopify.com/legal/cookies .