IMPRINT

Business: Szabó Ákos (Primary Producer)

Headquarters: Soltvadkert, Ifjúság útja, 6230

FELIR Identification: FELIR: AB2540507

Tax Identification Number: 60148179-1-23

Registering Authority: National Chamber of Agriculture (NAK)

Chamber: National Chamber of Agriculture (NAK)

Data Protection Officer: Szabó Ákos

Telephone: No customer service via telephone is provided.

Primary Communication Method: Email

Email: puppyguru@gmail.com

Website: puppyguru@gmail.com

Hosting Service Provider: DotRoll Kft.

Address: 1148 Budapest, Fogarasi út 3-5, Hungary

DATA PROTECTION NOTICE

1. Introduction

1.1. Purpose of the Data Protection Notice

This Data Protection Notice (hereinafter: „Notice”) aims to transparently and in detail inform about how Szabó Ákos (hereinafter: „Data Controller”) processes personal data during its activities, and provides information about the rights of data subjects and how to exercise those rights.

1.2. Legal Compliance (GDPR, Act CXII of 2011)

• The European Parliament and Council Regulation (EU) 2016/679 (GDPR): establishes uniform EU rules for the protection of personal data.
• Act CXII of 2011 (Infotv.): forms the basis of Hungarian data protection regulations, concerning the right to informational self-determination and freedom of information.

This Notice is intended to comply with the requirements set forth in the aforementioned laws.

2. Data Controller Information

2.1. Data Controller Name and Contact Information

• Name: Szabó Ákos (Primary Producer)
• Headquarters: Soltvadkert, Ifjúság útja 7, 6230
• FELIR Identification: FELIR: AB2540507
• Tax Identification Number: 60148179-1-23
• Representative: Szabó Ákos
• Email: puppyguru@gmail.com
• Telephone: +36703683235

2.2. Availability of the Data Protection Notice

This Notice is available electronically at www.stellardoodle.com, and in printed form upon request at our customer service office.

3. Definitions

3.1. GDPR Key Definitions

• Personal Data: Any information relating to an identified or identifiable natural person („data subject”).
• Data Controller: A natural or legal person that determines the purposes and means of processing personal data.
• Data Processor: A natural or legal person processing personal data on behalf of the Data Controller.
• Consent: The voluntary, explicit expression of the data subject’s will by which they agree to the processing of their personal data.
• Data Subject: A natural person who is identified or identifiable through personal data.

3.2. Data Protection Incident Definition

A data protection incident is any event that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data.

4. Data Processing Principles

4.1. Legal Grounds and Principles

• Legality, Fairness, and Transparency: Personal data is processed for specified, lawful purposes and handled transparently.
• Purpose Limitation: Data is processed only for predefined purposes, and the data collection is limited to what is necessary to achieve those purposes.
• Data Minimization: Only personal data necessary for the purpose is collected and processed.
• Accuracy: Measures are taken to ensure that personal data is accurate and, when necessary, up to date.
• Storage Limitation: Personal data is stored only for as long as necessary to fulfill the intended purpose.
• Integrity and Confidentiality: Appropriate technical and organizational measures are implemented to protect personal data.

4.2. Accuracy and Security of Data

Both the Data Controller and the data subject are responsible for ensuring the accuracy of the personal data. The Data Controller takes all reasonable measures to ensure that the data is accurate and protected against unauthorized access.

5. Data Processing Purposes and Legal Grounds

5.1. Website Registration

• Purpose: To create a user account and provide related services.
• Legal Grounds:
  
  • Consent (Article 6(1)(a) GDPR), where registration is voluntary and the data subject requests it.
  • Contract performance (Article 6(1)(b) GDPR), if registration is a prerequisite for providing services.
• Data Collected: Name, email address, password (encrypted), registration date, IP address.

5.2. Order Processing

• Purpose: To process orders, fulfill contracts, issue invoices, and handle delivery.
• Legal Grounds: Contract performance (Article 6(1)(b) GDPR).
• Data Collected: Name, shipping and billing address, contact details (telephone, email), order information.

5.3. Invoicing

• Purpose: Compliance with applicable accounting regulations (e.g., Act C of 2000 on accounting).
• Legal Grounds: Legal obligation (Article 6(1)(c) GDPR).
• Data Collected: Name/company name, address, tax number (for legal entities), and other invoicing information.

5.4. Newsletter Distribution

• Purpose: Marketing communication, informing about new products, promotions.
• Legal Grounds: Consent (Article 6(1)(a) GDPR).
• Data Collected: Name, email address.
• Note: Users can unsubscribe at any time by clicking the unsubscribe link at the bottom of the newsletter or by notifying the Data Controller directly.

5.5. Use of Cookies

• Purpose: To ensure proper functioning of the website, improve user experience, analyze traffic data, and support marketing activities.
• Legal Grounds:
  
  • Consent (Article 6(1)(a) GDPR) for non-essential cookies (e.g., marketing cookies).
  • Legitimate interest or contract performance (Article 6(1)(f) or (b) GDPR) for strictly necessary technical cookies.
• Further Description: See the „Use of Cookies” section (Section 11) of this Notice.

5.6. Social Media Data Processing

• Purpose: Communication, sharing of information (e.g., Facebook, Instagram).
• Legal Grounds: Voluntary decision, consent (Article 6(1)(a) GDPR).
• Note: Social media platforms have their own data processing practices, which should be reviewed in their respective privacy policies.

6. Data Categories

6.1. Types of Personal Data

• Identifying Data: Name, username, password (encrypted).
• Contact Data: Email address, phone number, address.
• Technical Data: IP address, browser type, cookies, login time.
• Billing Data: Billing name, address, tax number (for legal entities).

6.2. Data Storage and Retention

• Storage: Data is stored electronically on secure servers, with passwords and other protective measures in place.
• Paper Documents: If applicable, stored at the headquarters or site in a locked location.
• Retention Period: Data is stored for as long as necessary to fulfill the purpose of processing, as required by law, or until consent is withdrawn. Data will be deleted or anonymized thereafter.

7. Rights of Data Subjects

7.1. Right to Information

Data subjects have the right to request information about the purpose, legal grounds, source, duration of the processing, and entities that can access their personal data.

7.2. Right to Rectification

Data subjects may request the correction or supplementation of inaccurate or incomplete personal data.

7.3. Right to Erasure („Right to be Forgotten”)

Data subjects may request the deletion of their personal data if it is no longer necessary for the purposes for which it was collected or if consent is withdrawn, and no other legal basis for processing exists.

7.4. Right to Data Portability

Data subjects have the right to receive their personal data in a widely used, machine-readable format and request its transfer to another data controller.

7.5. Right to Object

Data subjects may object to the processing of their personal data if the processing is based on legitimate interest, and specifically to processing for direct marketing purposes.

8. Data Security

8.1. Protection of Electronic Data

• Multi-level authorization system.
• Regular backups.
• Antivirus and firewall protection.

8.2. Technical and Organizational Measures

• Closed office network and secure Wi-Fi.
• Paper-based documents stored in locked cabinets.
• Regular data protection training for employees and data processors.

9. Data Protection Incidents

9.1. Reporting Incidents to Authorities (72-Hour Rule)

In the case of a data protection incident, the Data Controller will notify the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay and, if possible, within 72 hours, unless the incident is unlikely to result in a risk to the rights and freedoms of data subjects.

9.2. Notification to Data Subjects in Case of High Risk

If the incident poses a high risk to the rights and freedoms of data subjects, the Data Controller will promptly inform the data subjects, explaining the nature of the incident and the actions taken.

10. Data Processors and Third Parties

10.1. Hosting Service Provider

• Name: Dotroll KFT.
• Address: 1148 Budapest, Fogarasi út 3-5.
• Email: support@dotroll.com
• Data Processing Activity: Web server operation, technical maintenance. Personal data is processed only upon the Data Controller’s instructions.