Shopping Cart

No products in the cart.

Data handling and privacy policy

This Data handling and privacy policy covers services and data handling activities of https://chocolatemermaid.eu/ and is applicable until revoked. The Data handling and privacy policy may be subject to change any time. Data handler is responsible for notifying users (through newsletter or pop-up window on the website) upon applying any modification to the Data handling and privacy policy. Notification should be sent to all users prior to taking effect to give each user the opportunity to reject acceptance of the modifications or request deletion of their registration. The Data handling and privacy policy does not cover any services or activities of third party websites referred to from https://chocolatemermaid.eu/.

1. INTRODUCTION
The operator of https://chocolatemermaid.eu/ is Stories Ltd. (1025 Budapest-Hungary, Ruthén út 59/B.), Stories Ltd. as data handler considers the content of this Data handling and privacy policy obligatory for all its provided services and business activities and declares that data is handled in accordance with the Data handling and privacy policy, the Hungarian regulation and the regulation of the European Union.
Stories Ltd. Is committed to protecting the data of its customers and business partners, all personal data is considered confidential and protected by necessary security, technical and organizational safeguards.
The data handling standards of Stories Ltd, are detailed below.

2. DEFINITIONS
2.1. User, customer: person browsing the webpage of the Service provider, completing an order or using the services of the Service provider.
2.2. Personal data: any data in relation to a person representing a direct link of identification to the given person.
2.3. Data handling: any activity carried out in connection with personal data like collecting, recording, capturing, structuring, storing, altering, forwarding, disclosing, deleting or preventing further usage of the data.
2.4. Data handler: the operator of the webpage named in the Terms and conditions of the webpage.
2.5. Forwarding data: granting access to data for any third party entity.
2.6. Publishing data: granting public access to data.
2.7. Deleting data: destroying, depersonalizing or distorting data without the possibility of recovering it.
2.8. Data processing: any task carried out in connection with stored data.
2.9. Data processor: any entity carrying out data processing activities entrusted by the Data handler.

3. PERSONAL DATA
The data handling activities of Stories Ltd, are based on voluntary consent which can be withdrawn anytime by the impacted person. The principles of the handling are in accordance with data handling regulations especially the followings: 2011. year CXII. Information law; 2016/679 regulation of the European Parliament, General Data Protection Regulation of the European Union.

4. DATA HANDLING OF CHOCOLATEMERMAID.EU
4.1. Logging at www.chocolatemermaid.eu
Upon browsing www.chocolatemermaid.eu the Service provider is collecting anonymous data to analyze browsing trends for optimization and IT security purposes.
4.2. Cookie policy of www.chocolatemermaid.eu
Stories Ltd. Uses cookies for personalized services and functions. These data packages are stored automatically on the browsing computer or device and contain technical data like IP address, operational system and browsing software. Cookies help in identifying the browsing device and support optimal displaying of the webpage. For preventing unauthorized access to data cookie information is encrypted. Cookie processors: Google Inc., Hotjar Ltd., Webshop Marketing Kft. (Optimonk), Facebook Inc., Rocket Science Group Llc. (Mailchimp), DHL International GmbH.
Deleting cookies or restricting their usage may impact the experience on the webpage and result in malfunction. Users can delete cookies or restrict usage in the Properties or Settings menu of the browser.
Data handler is not obliged to ask consent for the usage of obligatory cookies that are used for password protected sessions, cart functions, security functions and analytics. Besides obligatory cookies we also use marketing cookies to support functions of the webshop and personalized communication.
4.3. Services
4.3.1. Contact
Users can request contact, send message or ask for callback on the www.chocolatemermaid.eu webpage. Handled data: Name, email address, message, phone number.
4.3.3. Completing orders
Customers provide data necessary for completing the service, delivering orders, fulfilling warranty and customer care activities. Handled data: Name, email address, phone number, company name(optional), shipping and billing address, comment, registration password.
4.3.4. Newsletter signup
Users and customer s can sign up for newsletters on www.chocolatemermaid.eu. By signing up users and customers give consent to Stories Ltd. for sending marketing related emails to the provided email addresses. Such consents can be withdrawn anytime by the user. Handled data: name (optional), email address.
4.4. Other data
Data handling policy for activities not covered in this document are provided upon collecting data.

5. PERIOD OF DATA HANDLING
5.1. Data handler can handle data until the data handling consent is withdrawn by the user or customer. Deadline for deleting such data is 15 days after the date of consent withdrawal.
5.2. Personal data provided by users or customers can be handled until user or customer sends written request for deleting data. Deadline for deleting such data is 15 days after the date of receiving the written request. In certain cases users or customers cannot access functions or services after data deletion that would otherwise require personal data.
5.3. Data collected and used for the functional requirements of the system are stored for a period of time that is necessary for providing the affected functions or services. Data handler guarantees that these data cannot be connected to actual persons and used for identifying actual persons.

6. SECURITY OF PERSONAL DATA
Stories Ltd. usage data storage systems on its own locations and external data storage units. Stories Ltd. selects its infrastructure and data processing partners based on the highest security standards to make sure that all data is safe from unauthorized access and integrity or confidentiality is not compromised.

7. CONTACT DATA OF STORIES LTD. (AS DATA HANDLER)
Name: Stories Ltd.
Headquarter: Ruthén út 59/B, Budapest 1025, Hungary
Contact (regularly checked mailing address): hello@chocolatemermaid.eu
Phone number: +36304880971
VAT number: HU23555855
Company registration number: 01-09-971131
Data protection officer: Melinda Deák

8. RIGHTS
Users and customers have the right to request information about stored personal data, can request deleting or modifying stored personal data using the contact details of the Data handler provided above.
8.1. Right to request notification
Stories Ltd. has taken measures to provide data upon request in easily accessible and understandable manner in accordance with act 13-22. and 34. of GDPR.
8.2. Right to access
Users and customers have the right to request access and information on the following in relation to their personal data stored and handled by the Data handler: purpose of the handling, categories od handled data, data processors involved, data processing activities with their purpose and applied logic, period of handling data, possible impact and consequences of the handling on the person the data relates to.
Stories Ltd. provides the requested information within one month after receiving the request through any of the contact details of the Data handler provided above.
8.3. Right to modify
Users and customers have the right to request modifying the handled data.
8.4. Right to be forgotten
Users and customers have the right to request complete deletion of their personal data in the following cases: personal data is not needed anymore for the original purpose of the data collection; user or customer withdraws the data handling consent; user or customer rejects data handling and there is no other legal claim to continue data handling; data needs to be deleted to comply with regulations of the EU or Hungary.
8.5. Right to restrict access
Users and customers have the right to request the restriction of the access to their data in the following cases: person challenges the validity of the data in which case access to data is restricted until data is validated; user or customer rejected the data handling policy in which case access to data is restricted until it is proven that Data handler must store data based on other legal ground despite the policy was not accepted by the impacted person.
If access to data is restricted data can only be handled (except for storing) with the consent of the impacted person or for protecting rights of other natural or legal entities.
8.6. Right to move data
Users and customers have the right to receive their personal data in structured, readable format available for being forwarded to other data handlers upon the request of the impacted person.
8.7. Right to withdraw consent
Users and customers have the right to withdraw their data handling consent anytime. Withdrawing the consent does not impact the legal ground and purpose of handling data prior to withdrawing the consent.
8.8.1. Procedures
Data handler provides feedback within one month after receiving the request in accordance with act 15–22. of GDPR. This deadline can be lengthened by up to two months based on the complexity and the volume of the requests.
If Data handler does not fulfill the necessary procedures within one month after receiving the request Data handler has to provide the reasoning for not completing the procedure and inform the impacted person that they have the right of filing a complaint at the corresponding authority.
Stories Ltd. provides the requested information and carries out the necessary procedures free of charge. Stories Ltd. can charge fair extra fee or reject the request if it proves unsubstantiated, unreasonable or repetitive.
8.8.2. Complaint at the data protection auditor

Right to turn to the authorities:
Complaints can be filed to the National Data Protection Authority.
Address: Szilágyi Erzsébet fasor 22/C., Budapest 1125, Hungary
Postal address: Pf.: 5., Budapest 1530, Hungary
Phone number: +36 1 391 1400
Fax number: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Webpage: http://www.naih.hu