Cart 0
Effective: From December 1, 2024
1. Introduction
It is very important for us to comply with the currently applicable data protection regulations and laws. Therefore, in the following sections, we will discuss in detail our data protection measures and the processes related to data collection.
Data Controller Information:
Name: CHEN XU STORE Kft.
Headquarters: 1138 Budapest, Madarász Viktor utca 37. 3. em. 18. ajtó
Mailing Address: 1138 Budapest, Madarász Viktor utca 37. 3. em. 18. ajtó
Tax ID: 32492914-2-41
Phone Number: +36305366179
Email: info@asiasuperstore.hu
Hosting Provider Information:
Name:
Address:
Contact Information:
2. Types of Personal Data and Their Legal Basis
Personal Data: These are data that clearly allow the identification of an individual. On this website, we process the following personal data, specifying the legal basis for each:
COMMUNICATION DATA
This includes any message sent to us via the website, email, social media message, or any other form of communication. We process and retain these data to fulfill orders and to provide a basis for decision-making in case of potential legal claims.
The legal basis for processing is the user’s verifiable interest in our activities, expressed through messages sent to us.
USER DATA
This includes data generated during the use of the website that enables the technical operation of the site, ensures its security, stores backups of user activities, and allows access to the most relevant content.
The legal basis for processing is the user’s clear interest in our activities, for which the storage of these data is necessary to ensure the operation of the website and to support technical functioning.
TECHNICAL DATA
This includes data generated during the use of the website, such as IP address, login information, browser data, the time spent on specific pages, page views and navigation paths, the number and date of page visits, time zones, and the device data used to access the website. The data source is our analytical software. We process these data to analyze user behavior on the site, maintain the security of our website, and understand the effectiveness of our marketing decisions.
The legal basis for processing is the user’s clear interest in our activities, allowing us to process these data in compliance with security requirements and to use them to improve the business.
MARKETING DATA
This includes visitor preferences, such as what kind of marketing content they are willing to receive from us. We process this data to enable participation in giveaways and to send advertisements related to our products/services that the user has shown interest in.
The legal basis for processing is the user’s clear interest in our activities, which enables us to process these data in compliance with security requirements and to use them for enhancing the business and its effectiveness.
We may occasionally use the collected data for purposes such as providing targeted, relevant advertisements on the Facebook™ platform and other dynamic advertising surfaces, and measuring the effectiveness of advertisements.
The legal basis for processing is the user’s clear interest in our activities, allowing us to process these data in compliance with security requirements and to use them to improve business effectiveness.
In the course of our activities, we DO NOT collect sensitive data such as ethnicity, religious views, sexual life and orientation, political opinions, union membership, or health-related information, as well as genetic or biometric data.
3. Methods of Data Collection
We may collect personal data in the following ways: when the user provides it directly to us (for example, by sending a message). Additionally, certain data is automatically collected during the use of the website, such as through cookies and similar technologies. These will only be activated after the user provides consent. For more information, please refer to our Cookie Declaration.
Certain data may be received from external partners, such as analytical service providers like Google (non-EU partner) or advertising networks like Facebook™ (non-EU partner).
4. Our Practical Steps for Data Protection
The protection of users’ data and compliance with applicable regulations is of utmost importance for the seller and/or the data controller. Therefore:
– After conducting a data protection impact assessment on the website, we have created a list of the collected data, its necessity and legal basis, and its legal compliance. The protection of users’ data and compliance with applicable regulations is extremely important to the data controller and the seller, so we treat data protection as a priority and have made significant efforts to ensure the secure collection of information gathered by the website.
– To protect the data provided on forms and generated on the website, we use SSL certification across the entire website (Let’s Encrypt Authority X3 certification).
– To protect the site from attacks, we use premium security software (Wordfence Security) to guard against so-called “brute force” and virus attacks, ensuring the security of stored data.
– User and purchase data in the website’s databases are stored in encrypted form (pseudonymized) and are not readable by third parties.
– In this privacy notice, we provide users with the opportunity to request information regarding the processing of their personal data, as well as the ability to modify or delete their personal data through forms.
– Occasionally, in the course of our business operations, we may need to provide data to our service provider partners (e.g., hosting provider, courier company, newsletter software). In such cases, we ensure that they meet the GDPR requirements, and for US-based partners, we ensure their participation in the EU-US Privacy Shield data protection initiative, as well as signing a data processing agreement with them to ensure the responsible handling of data.
5. Marketing Communication
Marketing communication is essential for the business operations. The legal basis for processing related data is the user’s interest in our services or their explicit consent. In accordance with the European Union’s Privacy and Electronic Communications Regulations (PECR), we may send marketing messages to our users if they have purchased from us or have explicitly agreed to receive marketing communications.
We make it clearly possible for users to suspend their consent and unsubscribe from marketing messages. Every email contains an unsubscribe link, or users may request removal from our database by contacting us via the email address on our contact page. Even if users unsubscribe from marketing communication, we may still send them messages, but only regarding the fulfillment of their orders.
6. Notes on Personal Data
From time to time, it is necessary to share certain personal data with our partners to maintain normal business operations:
– IT service providers and service providers who perform troubleshooting and maintenance on computing systems
– Expert partners such as lawyers, accountants, bankers, insurers
– Government agencies requesting reports on our activities
International Data Transfers
Users’ data may occasionally need to be shared with service provider partners outside the European Economic Area (EEA) to maintain business operations. Many non-EEA countries do not provide the same level of data protection, and therefore, European laws prohibit data transfers without meeting the necessary conditions. Whenever personal data is transferred outside the EEA, we will take the following steps in addition to those discussed in Section 4 to ensure the secure handling of data:
– We only transfer data to countries deemed adequate for data security by the European Commission.
– We only use US-based services that are part of the EU-US Privacy Shield data protection initiative.
If the above conditions are not met, we will request explicit consent from users before proceeding with the data transfer. Consent can be withdrawn at any time.
Links to External Sites
This website may occasionally contain links to external sites or embedded code snippets that provide external services. Clicking on these links or using the embedded solutions may allow external partners to collect data about users. While we make efforts to thoroughly review our partners, we do not have control over their privacy policies, and we are not responsible for their data handling practices.
7. Duration of Data Processing
We will store users’ data only as long as required by legal, accounting, or data provision obligations or as necessary for the operation of the service. When deciding on the duration of storage, we take into account the volume, nature, and sensitivity of the data, as well as the potential impact of leakage in the event of a data protection incident.
For tax purposes, we are required to retain billing and purchasing data for at least 8 years to comply with legal obligations. In certain circumstances, we may use the data in anonymized form for statistical purposes, in which case we store the data indefinitely without notice.
8. User Rights
As a citizen of the European Union, users of the website are entitled to the following rights under the General Data Protection Regulation (GDPR):
a. Access to Personal Data
Users have the right to request a copy of their personal data stored by our website. Such requests will generally be fulfilled free of charge and within 14 days of the request. If requests are made repeatedly, abusively, or without justification, the seller may charge a moderate fee for providing the data, and additional time may be required to supply the data.
Additionally, the seller and/or the data controller may request proof of identity before releasing the data to prevent abuse. To request personal data, please send us an email to the address provided on our contact page.
b. Modification of Personal Data
If personal data has changed or was provided incorrectly, users have the right to request the modification of their data. To request modifications, please contact us via the email address provided on our contact page.
c. Request for Deletion of Personal Data
Users have the right to request the deletion of all their personal data. The request will be fulfilled free of charge within 14 days. After the deletion of personal data, the user’s account will no longer be accessible, and any purchased materials will also become unavailable, as personal data is essential for accessing the service. The seller and/or the data controller may request proof of identity before deleting personal data to prevent abuse. To request deletion, please contact us via the email address provided on our contact page.
d. Request to Limit the Processing of Personal Data
Users have the right to request a limitation on the sharing of their data with third-party service providers. Specific service providers may be named in the request. It is important to note that certain service providers are essential for the operation of the website (e.g., Paylike as a payment service provider), and restricting their access may render the website’s services unavailable to the user. The seller and/or the data controller may request proof of identity before limiting the sharing of personal data to prevent abuse. To request a limitation on the sharing of personal data, please contact us via the email address provided on our contact page.
In Hungary, the official authority responsible for data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can learn more about their data protection rights on the NAIH website.
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box: 5
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
9. Anonymized Data and Cookies
The website uses cookies and similar technologies in email communications and advertisements, such as tracking codes, re-marketing tags, and pixels, which are activated after the user’s consent. These technologies help us better understand user behavior and interests, enhancing the quality and efficiency of our operations. Our goal is to make the website more user-friendly and personalized.
If the user wishes to disable the recording of non-personal data by these technologies, they can do so in the following ways:
– By using the cookie warnings displayed on the website to disable their loading
– By disabling cookies in the browser
10. Data Processors
The name of the data processor company: OTP Mobil Szolgáltató Kft.
Headquarters of the data controller: 1143 Budapest, Hungária krt. 17-19.
Company registration number: 01-09-174466
Tax number: 2486106-2-42
According to the Service Agreement with OTP Mobil Szolgáltató Kft., the necessary data for issuing invoices to the data subjects is transferred to the processor, where the data is stored in an online system, and invoices are issued on behalf of the data controller, according to the parameters set by the data controller.
The transferred data includes the name, address, and individual items on the invoice. The data processor complies with GDPR and other applicable legal requirements.
I acknowledge that the following personal data stored in the xy user database of the data controller will be transferred to OTP Mobil Kft. as the data processor. The data transferred by the data controller includes: name, email address, phone number, billing address.
The nature and purpose of the data processing carried out by the data processor can be viewed in the SimplePay Data Processing Notice at the following link.