Skip to content

Privacy policy

Privacy Notice

Date: May 20, 2022 (v1.2)

1. Why is data protection important?

This information sheet contains in detail all information related to the handling of personal data of third parties by TTS HEADQUARTERS. We recommend that you read this information carefully so that you are aware of all the facts and information related to the management of personal data.

The management of your personal data is governed by Regulation 2016/679 of the European Parliament and the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Directive 95/46/EC (general data protection regulation or GDPR – hereinafter: “GDPR”) and in accordance with applicable additional legal provisions.

We would like to draw your attention to the fact that by using the Website, by subscribing to our direct marketing channels, and by buying and selling with us, you accept the processing of your personal data described in detail in these regulations.

We would like to draw your attention to the fact that this data management information sheet covers the use of the Website, the use of our direct marketing channels, and the data management carried out during the performance of sales contracts between us. We also draw your attention to the fact that subscribing to our direct marketing channels is a voluntary consent based on prior information, the basis of which is provided by this information. The provision of personal data is usually voluntary, however, it may happen that we mark certain data as mandatory or necessary (*), since these data are necessary to be able to provide you with the predicted service. If you decide not to provide us with this data, it is possible that we will not be able to provide some of our services, or that we will not be able to enter into a sales contract with you.

2. To which services and persons does this information apply?

The scope of the information covers the handling of the personal data of users who visit the truetosole.hu website and use a service or purchase a product there, those who subscribe to direct marketing channels, those who enter into a sales contract with us as individuals, i.e. your personal data.

3. Who is the data controller?

A The owner and operator of the Website is TTS HEADQUARTERS Zrt. (Cg. 01-10-141915, registered office: 1116 Budapest, Kondorosi út 12/A Bldg. 7th floor, 3rd door, tax number: 32001897-2-43, registry authority: Company Court of the Capital City Court, hereinafter "We" or "Data Controller"). Our contact details are as follows:

Web:        https://www.truetosole.hu

Cím:         1116 Budapest, Kondorosi út 12/A B. ép. 7. em. 3. ajtó

E-mail:    support@truetosole.hu

Phone:   +36 1 700 4022

4. What personal data do we process?

The personal data of natural persons is any information relating to an identified or identifiable natural person - a "data subject" according to the wording of data protection legislation. Personal data, for example, name, telephone number, e-mail address.

If you provide us with your name, company name, telephone number, e-mail address and/or other personal data in the context of a request for an offer, subscription to a newsletter and/or other similar direct marketing channel, registration, fulfillment of an order, or in any other way, we will also process this personal data. If you sell a product to us as an individual, the processing of the personal data required by law is an essential condition for concluding the sales contract. The provision of the data listed in point (i) is of course voluntary, but the provision of the data referred to in point (ii) is an essential condition for the conclusion of the contract. In both cases, it is your responsibility to ensure that the given data corresponds to reality.

5.  For what purposes do we process personal data?

The purpose of the Website is to introduce and promote our products and services to our existing and potential customers, as well as to use the services available on the Website, within the framework of which the contract for the sale of products is concluded and fulfilled. Basically, personal data is processed to achieve the above goals. In addition, personal data may be processed for other purposes, which are listed in detail below.

 

5.1 Website analytics

The purpose of data management is to record and process visitor data, operate and develop the Websites, maintain the Websites, and enhance the user experience.
Categories of affected parties: users who browse the Websites without requesting an offer.
Legal basis for data management: our legitimate interest.
Scope of personal data handled: IP address, approximate geographic location, type of operating system, type of browser, and data on activity on the Websites. These are mostly handled in an aggregated and/or anonymized form, mostly in the so-called using cookies (see point 12 below) or similar technologies. If you do not agree with this, please do not use the Websites.
Duration of data management: visitor data is processed for analytical purposes in a largely aggregated and anonymized form for a period of one to two years. After that, visitor data will be processed exclusively in an anonymized form, i.e. without personal data. You can find detailed information on the Google Analytics website or in the cookie information.
Data processor(s): we use the services of Google Analytics to process website visitor data. You can read about the Google Analytics service and Google's data protection principles here. We use the services of the following service providers for the processing of website visitor data related to advertising activities (you can get more information about the following services and the data protection principles of their service providers by clicking on the service provider's name): Google Ad; Facebook Ads; AdRoll; TikTok Ads. For more details, please read point 8 below.

 

5.2.Backups from the Website

The purpose of data management: the ability to restore business processes.
Categories of data subjects: personal data processed in connection with the Websites, which are listed in this information.
Legal basis for data management: our legitimate interest.
Scope of personal data processed: personal data processed in connection with the Websites, which are listed in this information sheet.
Duration of data management: backups are stored for 90 days.
Data processor(s): Shopify Inc., see point 8 below for details.

 

5.3 Newsletters and other direct marketing

The purpose of the data management: recording and processing of personal data for the purpose of making contact for the request for an offer, as well as for the purpose of delivering and communicating newsletters and/or other direct marketing messages.
Categories of affected persons: persons requesting offers on the Websites or users subscribing to newsletters and/or other similar direct marketing channels.
The legal basis for data management: your consent.
The range of personal data processed: name, address, e-mail address, telephone number, and other information that you provide.
Duration of data management: until withdrawal of consent.
Data processor(s): to send e-mail newsletters, we use the Klaviyo service operated by Klaviyo, Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, United States. Klaviyo is part of the EU-US Privacy Shield, which, based on the decision of the EU Commission, serves to ensure an adequate level of protection for data managed (processed) in the United States, its data sheet is available here.

 

5.4 Website registration

The purpose of data management is to create and maintain registration and facilitate purchases.
Categories of affected parties: users registering on the Websites.
The legal basis for data management: your consent.
The range of personal data processed: name, address, e-mail address, telephone number, and other information that you provide.
Duration of data management: withdrawal of consent.
Data processor(s): Shopify Inc., see point 7 below for details.

5.5.1 Purchase, order fulfillment and follow-up in the case of sales from own stock

The purpose of data management is: order fulfillment and follow-up, defense against possible legal claims.
Categories of affected persons: users who purchase products or use services on the Websites, who may also be registered users.
The legal basis for data management: fulfillment of a contract.
The range of personal data processed: name, address, e-mail address, telephone number, and other information that you provide.
Duration of data management: five (5) years after the purchase, which is Art. general limitation period according to
Data processor(s): Shopify Inc., see point 8 below for details.
Data transmission: OTP Mobil Kft. and our logistics partner GLS General Logistics Systems Hungary Csomag-Logisztikai Kft., see point 7 below for details.

 

5.5.2 Purchase, order fulfillment and follow-up in the case of sales made within the framework of a long-term intermediary contract

The purpose of data management is: order fulfillment and follow-up, defense against possible legal claims.
The purpose of data management is: order fulfillment and follow-up, defense against possible legal claims.
Legal basis for data management: long-term intermediary activity for the creation of a consumer contract between you and our given partner.
The range of personal data processed: name, address, e-mail address, telephone number, and other information that you provide.
Duration of data management: five (5) years after the purchase, which is Art. general limitation period according to
Data processor(s): Shopify Inc., see point 8 below for details.
Data transmission: OTP Mobil Kft. and our logistics partner GLS General Logistics Systems Hungary Csomag-Logisztikai Kft., see point 7 below for details.

5.5.3 Product purchase (If we buy a product from you)

The purpose of data management is to conclude a contract for the sale of the product, to make the necessary preparations for the conclusion and fulfillment of the contract, and to enforce any legal claims.
Categories of affected parties: those who sell products to us, with whom we enter into a sales contract.
Legal basis for data management: data management is necessary to fulfill a contract in which the data subject, i.e. you, is one of the parties, or it is necessary to take steps at your request prior to the conclusion of the contract (GDPR Article 6 /1/ point b)
The range of personal data handled: name, address, e-mail address, phone number, tax number and your identity card number, other data related to the performance of the contract.
Duration of data management: five (5) years after the completion of the contract, which is Art. general limitation period according to
Data processor(s): see point 8 below for details.
Data transfer:-

 

5.6 With purchase and 5.5.3. fulfillment of administrative obligations related to data collection according to point

Purpose of data management: fulfillment of legal obligations.
Categories of affected parties: users who buy products, sell products or use services on the Websites.
The legal basis for data management: fulfillment of a legal obligation (GDPR Article 6 /1/ paragraph c/ point).
Scope of personal data handled: data on invoices and other accounting documents, including especially name, address, tax number in the case of sales.
Duration of data management: eight (8) years after the creation of the invoice (certificate), until which we are obliged to preserve the accounting documents based on § 169 of Act C of 2000 on accounting.
Data processor(s): Shopify Inc., KBOSS Kft. is the service provider of the szmálzz.hu service, Billingo Technologies Zrt. is the provider of the billingo.hu service, and Quinarius Bt, which provides accounting services as a data processor for the benefit of the Data Controller. See point 7 below for details. .

 

5.7 Consumer complaints

Purpose of data management: handling consumer complaints.
Categories of affected parties: users who purchase products or use services on the Websites.
The legal basis for data management: fulfillment of a legal obligation (GDPR Article 6 /1/ paragraph c/ point).
The range of personal data handled: name, address, phone number, other contact information, information related to the complaint, and other information provided by the data subject.
Duration of data management: five (5) years after the closure of the case according to the CLV of 1997 on consumer protection. Act 17/A. Based on paragraph (7) of §.
Data processor(s): Shopify Inc., the provider of the software used to issue the Protocol on Consumer Quality Objections/Complaints, CP Contact Tanácsadó Kft., Cipőkontroll Plusz Kft., which issues the professional inspection and independent expert opinion. See point 7 below for details.

5.8 Enforcement of stakeholder rights related to personal data

Purpose of data management: management of stakeholder rights.
Categories of data subjects: the persons mentioned in this data protection information.
Legal basis for data management: legitimate interest.
The scope of personal data handled: the data listed in this data protection information, as well as the information related to the specific request of the data subject, and the response we provide.
Duration of data management: five (5) years after the conclusion of the specific data subject request.

 

Personal data may be processed even if the consent has been withdrawn, but the processing of personal data is necessary for the fulfillment of a legal obligation concerning us, for the enforcement of our legitimate interest or the legitimate interests of a third party, or for the purpose of fulfilling the concluded contract. Personal data may also be processed for the purposes of law enforcement, national security, national defense and public safety, if the governing legislation so provides. Personal data can be transferred to organizations performing such tasks, if the governing legislation so provides.

 

6. How do we handle personal data?

You can also browse the Website without requesting a quote or entering personal data, detailed information on this can be found in point 4 above.

If you request an offer regarding the product on the Website, we process your personal data in order to fulfill the offer request. This means communicating with you, such as contacting you in the way or ways you specify.

At certain intervals, we will send you newsletters or other direct marketing messages, in each case only in a way that you have authorized. You can unsubscribe from such newsletters or other direct marketing messages at any time. You can request this either by clicking on the unsubscribe link in the newsletter or by sending an e-mail to support@truetosole.hu.

Your personal data provided in connection with your registration and placing your order will be processed solely for the purpose of fulfilling your orders and tracking them. This means the data management necessary for the conclusion and performance of the contract between True to Sole Kft. and Közted based on the General Terms and Conditions.

 

7. Who do we share personal data with?

Our subcontractors also participate in the provision of our services. These subcontractors are generally classified as data processors based on data protection rules. In some cases, it may happen that some of our subcontractors - e.g. due to the compliance with the applicable legal obligations and/or the nature of the service provided - they are considered data controllers. If this is the case, we will indicate this separately below.

The following subcontractors have access to personal data:

7.1 For all users (including users browsing the Website without requesting a quote: data processor is Shopify Inc. (Shopify Inc., Headquarters: 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada, web: www.shopify.com), which maintains Websites. The Websites can only be accessed by employees and subcontractors of this subcontractor who have the appropriate authorization, and participate in the operation and development of Websites. It is unlikely, but it is possible that these persons may have access to certain personal data while performing this activity. The Websites and thus the personal data is processed on Shopify Inc.'s servers in the European Union and the United States.

7.2 Website visitor data is processed largely in an aggregated and anonymized form, for which we use the services of Google Analytics. The provider of Google Analytics is Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), the processing of visitor data takes place on servers in the USA.

7.3 We use the services of Google Ads, Facebook Ads, AdRoll and TikTok Ads for the processing of website visitor data related to advertising activities. Google Adwords is provided by Google LLC (see above); the provider of Facebook Ads is Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), you can find Facebook's data management policy here, you can find more information about the country in which Facebook processes data here. The provider of AdRoll is AdRoll Advertising Limited (1, Burlington Plaza, Burlington Road, Dublin 4, Ireland), you can find more information about the country in which the visitor data is processed here. Google and Facebook are part of the EU-US Privacy Shield, which, based on the decision of the EU Commission, serves to ensure an adequate level of protection for data managed (processed) in the USA. The Privacy Shield data sheet of each service provider is available at the following links: Google, Facebook. Regarding Adroll, the appropriate level of protection is provided by model clauses (Standard Contractual Clauses, SCCs) in accordance with the decision of the EU Commission, see here. If you would like to receive more information about these, let us know. The provider of TikTok Ads in the European Economic Area (EEA) is TikTok Technology Limited (10 Earlsfort Court Dublin 2 DUBLIN, D02 AK70 Ireland), the data management policy can be found here.

7.4 In the case of a request for an offer, registration or subscribing to a newsletter and/or other similar direct marketing channel: we will not forward your personal data to other persons (data controllers), i.e. we will not sell or give them in any other form, unless you have expressly and in advance consented to this.

7.5 In the case of payment by Simple card: the username, surname, first name, country, telephone number and e-mail address will be transferred to OTP Mobil Kft. (1093 Budapest, Közraktár u. 30-32. River park, K30. Épület II., company registration number: 01-09-174466, tax number: 24386106-2-43, phone: +36 1 776 6901, fax: +36 1 776 6902, web: https://www.otpmobil.hu/), as Data Controller. The purpose of data transmission is: customer service assistance for users, confirmation of transactions and fraud monitoring (fraud prevention) for the protection of users.

7.6 For the delivery of your package, your name, address, e-mail address and telephone number will be transferred to our logistics partner, who will handle this for the purpose of delivering the order. Our logistics partner is GLS General Logistics Systems Hungary Csomag-Logisztikai Kft. (2351 Alsónémedi, GLS Európa u. 2., Company registration number: 13-09-111755; Tax number: 12369410-2-44; e-mail: info@gls-hungary. com).

7.8If you have a consumer complaint or a quality complaint, we will record it in accordance with the applicable legislation. The provider of the software used to issue the Protocol on Consumer Quality Objections/Complaints is CP Contact Tanácsadó Kft. (1222 Budapest, Ibrik utca 1/c., tax number: 14629985-2-43 company registration number: 01-09-912650). If we have to involve other actors in the investigation of your complaint (e.g. authority, conciliation board, independent expert), then we will share the personal and purchase-related data necessary for the investigation with them, and they will handle this for the purpose of making a decision or expert opinion. Independent expert opinion by Cipőkontroll Plusz Kft. (1048 Budapest, Külső-Szilágyi út 12., company registration number: 01-09-289884, tax number: 25800993-2-41, phone: +36 1 232 1094, fax: +36 1 230 9072, web: www.cipokontroll.hu), to which we provide the data indicated in this point.

7.9 We use the billingozz.hu and billingo.hu applications for issuing invoices related to purchases. The service provider of szamlazz.hu is KBOSS.hu Kft. (Head office: 1031 Budapest, Záhony utca 7., company registration number: 01-09-303201, tax number: 13421739-2-41, e-mail: info@szamlazz.hu), the The service provider of billingo.hu is Billingo Technologies Zrt. (Headquarters: 1133 Budapest, Árbóc utca 6., company registration number: 01-10-140802, tax number: 27926309-2-41, telephone: +36-1/500-9491, e-mail: hello@billingo.hu). The name and billing address of the invoicing customers will be forwarded to them as a data processor.

In addition, the name and billing address of the customers who sell products to us, and in the case of product sales, the tax number of the selling user, will also be forwarded to our accounting partner (Quinarius Bt., address: 1149 Budapest, Pillangó park 4. B. ép) for data processing purposes.

 

8. How long do we process personal data?

As a general rule, personal data will be processed until you withdraw your consent, request the deletion of the data you provided when requesting a quote, or unsubscribe from the newsletter and/or other electronic direct marketing channels. For the individual data management purposes listed in point 5 above, the governing retention periods have been indicated.

 

9. What rights and claim enforcement options are available to you?

15-21 of the GDPR. based on its articles, you are entitled to request the following regarding your personal data managed by TTS HEADQUARTERS Zrt.:

Access to your personal data: you are entitled to receive feedback on whether your personal data is being processed, and if such data processing is underway, you are entitled to access your personal data and to receive information about the circumstances related to their processing.

Access to your personal data: you are entitled to receive feedback on whether your personal data is being processed, and if such data processing is underway, you are entitled to access your personal data and to receive information about the circumstances related to their processing.

Erasure of your personal data ("the right to be forgotten"): you have the right to have your personal data erased if one of the following reasons exists:

  • your personal data is no longer needed for the purpose for which we collected it or otherwise processed it;
  • if your consent, which is the basis of data management, is withdrawn and there is no other legal basis for our data management;
  • in the case of data processing based on legitimate interests, you object to the data processing and there is no overriding legal reason for our data processing, or we process your data for the purpose of direct business acquisition and you object to the processing of your personal data;
  • if we processed your personal data illegally;
  • if we have to delete your personal data based on the law.

We may refuse to comply with your request for deletion if the applicable law allows it, for example if the data processing is necessary for the submission, enforcement or defense of legal claims.

Limiting the processing of your personal data: in certain cases, we are obliged to limit the use of your personal data at your request. In such cases, the data can only be used for limited purposes defined by law.

Object to the processing of your personal data if the data processing is based on a legitimate interest, including the case where the legal basis for data processing for the purpose of obtaining direct business (direct marketing) is a legitimate interest: you have the right to object at any time for reasons related to your own situation. against interest-based treatment. In this case, we can no longer process your personal data, unless we prove that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the presentation, enforcement or defense of legal claims.

Receiving your personal data and forwarding it to another data controller, if the legal prerequisites for this exist (right to data portability): if it does not infringe the rights and freedoms of others, you are entitled to receive your personal data in a segmented, widely used, machine-readable format, or to transfer these data directly to another data controller if (i) the data processing is based on your consent, or is necessary for the performance of a contract to which you are a party, or it is necessary to take steps at your request prior to the conclusion of the contract; and (ii) data management is done in an automated way, i.e. personal data is handled in an IT system and not on a paper basis.or.

If your personal data was processed based on your consent, you can withdraw your consent at any time.

How can you exercise these rights?

You can send your request to exercise your rights above to the contact details indicated in point 3. TTS HEADQUARTERS Zrt. provides information on the measures taken as a result of the request without undue delay, but at the latest within one (1) month from the date of submission of the request, in an understandable form, which can be extended by another two (2) months if justified. If for some reason we do not fulfill your request, we will inform you of the reason in our information. If you do not agree with our answer or action, you have the legal remedies listed below.

If you do not agree with our action or response, or if you believe that your rights to the protection of personal data have been violated, you are entitled to contact the National Data Protection and Information Freedom Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; telephone: +36-1 -391-1400; e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu) to file a report or - according to your choice - contact the court of our registered office or the court of your place of residence or residence, (the list of courts and their contact information can be found at you can view it via the following link: http://birosag.hu/torvenyszekek). According to the seat of True to Sole Kft., the competent court is the Metropolitan Court.

 

10.How do we ensure the security of personal data?

We ensure the security of the personal data we manage with appropriate technical and organizational measures and procedural rules. We protect personal data with appropriate measures, especially against unauthorized access, change, transmission, disclosure, deletion or accidental destruction.

Please keep your email address and phone number up to date and notify us of any changes. We recommend that you only use an email address to which only you have access and to which you can access at any time.

Please note that you should never enter your card number, expiration date or the three-digit CVC2/CVV2 code on the back of your card outside of the secure bank card payment page (e.g. by e-mail, message, phone)! We never ask for card data in this way, so if anyone were to ask you for the above data on our behalf, it is probably a phishing attempt. Do not enter the data and notify us and your card-issuing bank immediately!

 

11. What are cookies?

Cookies are text files that allow the Website or other computer server to identify your computer and store your personal preferences and technical data, such as click-throughs and other navigation data. The navigation data (click stream) shows which pages the user visited and in which order. Cookies can also be used to determine which advertisements are displayed on the Website and to measure their effectiveness. We use cookies to personalize your visit to our Website (e.g. recognize you when you return to our Website), analyze Website traffic, and track user trends, patterns, and selections related to downloads and technical terms related to use of the Website. This helps us to improve the appearance and content of our website so that it meets the expectations of users as much as possible. Cookies can be permanent (they remain on your computer until you delete them) or temporary (they are only valid until you close your browser).

We may also use web beacons or similar technologies that monitor the use of our Website and show us which pages you visit on our Website. These are also called clear GIF files. Web beacons (web beacons or web bugs) are short lines of code that place an image on a web page to transmit data such as the IP address of the computer that downloaded the page on which the web beacon appears and the URL of the page (address) on which the web beacon appears, the time of viewing the page containing the web beacon, the type of browser that downloaded the web beacon and the identification number of cookies previously placed on the computer by the given server. If we contact you via an HTML-capable email message, the web beacons inform you whether you have received or opened our message.

If you provide us with your personal data (e.g. through a request for a quote), this can be linked to anonymous data stored in cookies and/or web beacons. The information generated in this way can be processed for analytical and marketing purposes, for the purpose of measuring the effectiveness of the service and its further development, as well as providing personalized offers. By using this website, you consent to the use of cookies and web beacons described in this information.

The basic settings of most browsers enable the acceptance of cookies. However, you can also set your browser to block cookies. If you set your email client or browser so that HTML emails are displayed only as text, you can prohibit the use of certain web beacons. For more information, please see the "Help" menu item of your email client or browser. At the same time, certain services of the Website can only be accessed through the use of cookies or similar devices, so you should know that by blocking cookies or similar devices, you prevent you from accessing certain of our content and services, in other words, in the case of blocking, you can only use the Website to a limited extent.

 

12. What else do we consider important?

Community sites

If you bookmark, follow, etc. the Website or us on a social media site in any way, you allow us to access certain data from your profile on the social media site (e.g. name, email address, photo, gender, birthday, location, list of friends, comments or expressions of liking, i.e. "likes") of the people he follows and/or those who follow you. In the course of your connection with our services, we may also collect other data not related to you personally (e.g. viewed content, information about which advertisements appeared next to the content and which you were able to click on, etc.). However, the social media sites operate independently of us, so they also have their own data protection regulations, therefore the activities carried out on them and the personal data and information provided there are not governed by this privacy policy, but by the data protection regulations of the service provider of the given social media site. For more information on how you can customize your privacy settings on social media sites, and how social media sites handle your personal data, please review their privacy guidelines, privacy policies, and terms of use.

Links

The Website may contain links to pages that are not managed by us (e.g. subcontractors, commercial partners' own websites), which by definition are not covered by this Privacy Policy, and on which the level of data protection may differ. These sites are completely independent from us, so we recommend that you study the relevant data protection regulations before you provide any personal data on such a site or use the services of such a site, as we do not assume any responsibility for them, and we do not control the procedures by which personal data are used on these sites collected, used, made available or handled in any other way.

Request for information

If you have any questions regarding the management of your personal data, you can get information on the contact details indicated in point 3 above..

Modification of the Data Protection Information

This Data Protection Information is revised at specified intervals in order to ensure that it meets the expectations of users, as well as the applicable data protection and other legal regulations. If this Privacy Policy is amended, the amended version will be published on the Website. We recommend that you review this Privacy Policy from time to time in order to be up-to-date with all facts and information related to the management of your personal data. In the event of a significant change affecting the handling of personal data, we will provide information about this by email, as appropriate, by means of a newsletter and/or other marketing channels.

_

These regulations are effective from May 20, 2022.