Privacy policy

  • General information - Tattini Riding webshop

    Tattini Riding Ltd. undertakes, that the handling of the webshop’s customers data will at all times be in accordance with the current Data Protection Laws. We send newsletters only after consent, but we can send an automated (system) message without this consent.

    The customer agrees with the fact that Tattini Riding Ltd. will handle his or her personal details (name, address, phone number and e-mail address) to manage and fulfill orders and transfer them to cooperating individuals, organizations (courier service, the staff of Tattini Riding Ltd. and it’s parent company KLP Lovasfelszerelés Kft., accounting firm, bank). We undertake to store the data as safely as possible.

    For statistical purposes, Google (Analytics) records the data of each visitor's browser and the device used to view the page, which will automatically be deleted within a specified time.

    In addition to the above, we need to temporarily store the IP address of our site visitors and their browser's basic properties, but these data are automatically deleted after closing the browser.

    The customer declares that the personal information he or she provided is correct and agree to reimburse any damages, lost profits and costs that is incurred to avoid any harm, if the data provided is not accurate.

    Tattini Riding Ltd. will only use the data of the customer for issuing invoices, accounting purposes and (in case of a newsletter subscription) sending news/promotional information and won't provide it to third parties under any circumstances (without consent).

    Tattini Riding Ltd. agrees to modify or delete all the saved data of the customer from all of it's databases if he or she requests it in e-mail or in writing (with the exception of the data necessary for invoicing, because that must be preserved by the company).

    Checking, modifying or deleting this data is available for You as well, by using our webshop's Stored data page.

    To top
  • Introduction

    Tattini Riding Ltd. (202 Wallasey Road, CH44 2AG, Wallasey (Wirral) – United Kingdom, Tax nr.: GB 205 3853 25, UK Company registration number: 8020458) (hereinafter referred to as "Service Provider, Data Controller") will submit the following information.

    General Data Privacy of the European Union 679/2016. s. ("GDPR") imposes specific obligations on the data controller, which we are fulfilling these with this document.

    Data subject (here in the case of the webshop user, hereinafter "the user") must be informed prior to the processing of the data that the data management is based on a consent or binding.

    Before the data is processed, the affected person must be clearly and thoroughly informed of all the facts related to his or her data management, in particular the purpose and legal basis of data management, the Data Controller and the person entitled to process it, and the duration of the data handling.

    The affected person must be informed about personal data may be processed even if the consent acquisition of the person concerned is impossible or disproportionate, and the processing of personal data is

    • necessary for the fulfillment of a legal obligation for the Data Controller, or
    • necessary for the legitimate interests of the Data Controller or third party and the enforcement of this interest is proportionate to limiting the right to the protection of personal data.

    The information should also include the rights and remedies available to the data subject in question.

    If the information of the data subjects in person would be impossible or disproportionate (like in this case in a webshop), information may also be disclosed by disclosing the following information:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing, and
    • g) if there is a place for data protection, the registration number of the Data Controller.

    This Privacy Policy describes the Data Controller of the following website: https://www.tattiniriding.com and is based on the content specification above. It is available on the following page: Privacy Policy

    Amendments to the policy will be published at the above address.

    To top
  • Interpretative concepts

    Affected subject/User: any identified or identifiable person - directly or indirectly - by personal data;

    Personal data: data related to the data subject - such as the name, identifier, and the knowledge of one or more physical, physiological, mental, economic, cultural or social identities -, as well as the conclusion that may be deduced from the data;

    Special data:

    • a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs of the world, membership of an interest representation organization, personal data relating to sexual life,
    • b) personal data relating to the state of health, harmful passion and criminal personal data;

    Consent: a voluntary and decisive statement of the will of the person concerned, based on appropriate information and with which he or she gives his/her unambiguous consent to the handling of his/her personal data - covering all or part of operations;

    Protest: the statement of the person concerned with which he or she objected to the handling of his/her personal data and requests the termination of data processing and the cancellation of the data processed;

    Data Controller: a natural or legal person or an organization without legal personality, who either independently or with others determines the purpose of the processing of data, makes and executes decisions on data handling (including the equipment used), or performs it with the data processor entrusted to it;

    Data handling: regardless of the method used, any automated or non-automated operation or all of the operations, such as collecting, capturing, recording, systematizing, storing, modifying, using, retrieving, transmitting, disclosing, aligning, linking, blocking, deleting and destroying data, to prevent further use, to take photographs, sound or images, and to record physical features (such as finger or palm print, DNA pattern, iris image) for identifying the person;

    Data transmission: making the data available to a specific third party;

    Registry system: personalized data collection (in any way: centralized, decentralized or functional or geographic), which is accessible on the basis of defined criteria;

    Disclosure: making data available to anyone;

    Data deletion: making the data unrecognizable in such a way that their restoration is no longer possible;

    "Pseudonymization": means the processing of personal data in a manner that, without the use of additional information, can no longer be established to which specific natural person the personal data belongs to. Provided that such additional information is stored separately and that technical and organizational measures are taken to ensure that this personal data can not be linked to identified or identifiable natural persons;

    Data marking: providing an identifier to the data in order to distinguishing it;

    Data locking: providing an identification mark to the data in order to limit the handling for a definite or fixed period of time;

    Data destruction: complete physical destruction of data-containing media;

    Data processing: performing technical tasks related to Data Controller operations, irrespective of the method and device used to perform the operations and the place of application, provided that the technical task is carried out on the data;

    Data processor: means a natural or legal person or an organization without legal personality who, by virtue of a contract concluded with the Data Controller - including the conclusion of a contract by law - processes data;

    Responsible for the data: the public service body which has generated the public interest information for obliged publication, or whose operation generated this data;

    Data publisher: the public service body which - if the body responsible for the data does not publish the data itself - publishes the data submitted by the body responsible for the data on the website;

    Data file: the totality of data processed in one register;

    Third party: means any natural or legal person or entity with no legal personality, which is not the same as the data subject, the Data Controller or the data processor;

    Addressee: a natural or legal person, a public authority, agency or any other body with which or with whom personal information is communicated, whether or not it is a third party. Public authorities which have access to personal data in an individual investigation in accordance with European Union or national law shall not be considered recipients; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

    Privacy incident: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;
    Supervisory authority: an independent public authority set up by a Member State in accordance with Article 51, in Hungary this body is: the National Data Protection and Information Authority;

    Supervisory authority concerned: a supervisory authority that is responsible for handling personal data on any of the following grounds:

    • the data controller or the data processor has a place of business in the territory of a Member State of that supervisory authority;
    • data processing has a significant impact on, or likely to have a significant impact on, data subjects resident in the Member State of the supervisory authority; or
    • a complaint has been lodged with that supervisory authority;
    To top
  • Principles

    Tattini Riding Ltd. as a data controller is responsible for:

    • "lawfulness, fairness, transparency" means the personal data being legally and fairly handled and transparent to the data subject
    • "purpose limitation": collects personal data only for a specific, clear and legitimate purpose and does not treat them incompatible with these purposes
    • "data sparing": the personal data handled are appropriate and relevant to the purposes of data management and are limited to the necessity
    • "accuracy": ensures that personal information is updated as necessary and takes all reasonable steps to clear or correct inaccurate personal data for purposes of data management
    • "limited storage": storing personal information in a form that allows the identification of the data subjects only for the time needed to manage the personal data
    • "integrity and confidentiality": handling personal data in such a way as to ensure adequate security of personal data, including the protection against the unauthorized, unlawful, accidental loss, destruction or damage of data by appropriate technical or organizational measures.
    To top
  • Data management connected to operation the webshop

    The following should be set out in relation to the management of data related to the operation of a web store:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    The fact of collecting data, the affected subjects:

    GDPR requires compulsory compliance with other principles.

    These principles: Personal data can only be treated fairly and legally. The data must be up-to-date and accurate, and the data controller must ensure that the You can modify any data in your user profile. Particular attention is paid to data security measures, proper organizational and technical measures make the webshop work safe.

    Personal data may only be handled for a specific purpose, for the exercise of the right and for the fulfillment of the obligation. At all stages of data management, the purpose of data management must be met, data entry and management must be fair and legitimate.

    Only personal data that is essential for achieving the purpose of data management can be handled to achieve this goal. Personal data can only be handled to the extent and for the duration required to achieve the goal.

    Your data will be transmitted via computer data processing in order to manage your User Account. Your data is provided for quality assurance purposes and for producing statistical studies or sending commercial offers with prior consent.

    (Personal information: the purpose of data collection)

    Password (for registered users only): For secure access to the user account.

    First and last name (for registered users and one-time customers): It is necessary to communicate, for recording the purchase and for issuing an invoice.

    Company name (for registered users and one-time customers): It is necessary to communicate, for recording the purchase and for issuing an invoice.

    E-mail address (for registered users, one-time customers and newsletter subscribers): Communication (it doesn't necessarily contain personal information).

    Phone number (for registered users and one-time customers): Communication, more efficient way to contact the customer about invoicing or delivery.

    Billing address (for registered users and one-time customers): For issuing a proper invoice, the creation of the contract, the definition, modification, fulfillment of the fulfillment of the contract, the billing of the charges arising therefrom and the enforcement of the related claims.

    Delivery address (for registered users and one-time customers): For making home delivery possible.

    The date of ordering/-registration and (in case of registered users) -last login: Perform a technical operation.

    The purpose of the data management is: for the Service provider is managing the personal data of the Users for the purpose of providing full use of the website, eg. the provision of a service contract, modifying, monitoring the contents of the service, billing the related fees and enforcing the related claims, and sending newsletters (with prior consent).

    The affected subjects: All registered users, all one-time customers and all subscribers of the newsletter on the website are affected.

    The duration of the data handling, the time of data deletion:

    • For registered users: Immediately after deleting their registration.
    • For one-time customers: 14 days after the order has been fulfilled.
    • For users subscribed to the newsletter: Immediately after unsubscription.

    Excluding the accounting documents, which are mandatory to keep for 8 years.

    The person(s) getting access to this data: Personal data can be handled by the marketing, sales, accounting, delivering and contact staff of the controller, respecting these principles.

    A description of the rights and remedies of data subjects involved in data processing: The following information can be modified on the web pages: Password, first and last name, e-mail address, phone number, delivery address, billing address, company name. You can initiate the deletion or modification of your personal data in the following ways:

    • on the website on the Stored data page,
    • by mail on the 202 Wallasey Road, CH44 2AG, Wallasey (Wirral) – United Kingdom address,
    • by sending an e-mail to info@tattiniriding.co.uk.

    The details of the data processor (hosting provider) used for data handling:
    Company name: E.N.S. Informatikai és Rendszerintegrációs Zrt.
    Address: 1106 Budapest, Fehér út 10. II. em - Hungary (White Office)
    E-mail: info@ens.hu
    Phone: +36 30 555 1100

    Legal basis for data handling: the consent of User.

    To top
  • Information about the used cookies

    What are cookies?

    Cookies are files created by websites you visit to store browsing information, such as page settings or selected languages, etc.

    Our webstore uses cookies to help users browse and increase their user experience.
    Their content can be verified, in order to make browsing more effective. These cookies do not contain any information from what you could be identified. It is important to point out that making the computer accessible to others can also change cookie functionality.

    There are two types of cookies: the cookies created by the website you are currently browsing and third party cookies such as ads or embedded images on that page.

    To ensure proper functionality, the cookies generated by our own website must be used at all times.

    The other type makes it possible to record which products, services you’ve selected, pages you've visited – by disabling them, your browsing content will not be personalized, and any ads that may appear may be irrelevant to you. If you decline to use these, you can disable them by clicking the "I refuse" link in the "Cookie Policy" tab at the bottom of the page.

    All browser programs allow you to manage, delete, or disable cookies in the settings.

    Cookie handling

    The following has to be defined about cookie data management of the webshop:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    Websites feature cookies include so-called "cookies that are mandatory for the session," "functional cookies for shopping carts," and "security cookies", which require no prior consent from the affected users. Additionally, "cookies provided by a third party (such as a social networking site) may also appear on our pages.

    The fact of collecting data, the affected data: unique identification number, dates and times.

    The affected subjects: All webshop visitors are affected.

    The purpose of data collection: to identify users, save user comfort settings, create statistics, and track visitor clicks on our site.

    The duration of the data handling, the time of data deletion:

    • automatic login (for registered users only): identification at login (encrypted user ID), deleted after 60 days,
    • chosen currency: deleted after 1 year,
    • chosen language: deleted after 1 year,
    • selected size chart: deleted after 1 year,
    • visible products per page: deleted after 1 year,
    • php session id: deleted after closing the browser.

    The person(s) getting access to this data: Personal data can be handled by the Data Controller staff, respecting these principles.

    A description of the rights and remedies of data subjects involved in data processing: An affected person has the option to delete cookies in the Tools/Preferences menu of browsers, usually under the Privacy menu item.

    Legal basis for data handling: No consent is required if the sole purpose of the use of cookies are the communication service provided through the electronic communications network or expressly requested by the subscriber or user of the provision of information society services.

    To top
  • Google Adwords

    Use of Google Adwords Conversion Tracking

    Data Controller uses the online ad program "Google AdWords" and uses Google's conversion tracking feature within its framework. Google conversion tracking is Google Inc.'s analytics service (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").

    When a user reaches a web site through a Google ad, a conversion tracking cookie will be placed on his/her computer. These cookies have limited validity and do not contain any personal information, so the User can not be identified by them.

    When the user browses on certain pages of the website and the cookie has not expired, Google and the data administrator can see that the user clicked on the ad.

    Each Google AdWords customer receives a different cookie so they can not be tracked through the AdWords clients' websites.
    The information, obtained through conversion tracking cookies, is intended to make conversion statistics for AdWords conversion tracking customers. Customers will then be informed about the number of users who have been submitted to, and click on their ad with a conversion tracking tag. However, they do not have access to information that could identify any user.

    If you do not want to participate in conversion tracking, you can reject this by blocking the ability to install cookies in your browser. Then you will not be included in conversion tracking statistics.

    For more information and Google Privacy Statement, please visit: www.google.com/policies/privacy

    Data processing to provide Google Adwords service

    Details of the data processor:
    Criteo SA
    32 Rue Blanche
    PARIS 75009
    FRANCE
    E-mail: cil@criteo.com

    The fact of collecting data, the affected data: E-mail addresses that are encrypted during the service are pseudo-personalized so personal data is lost. More information: https://support.google.com/adwords/answer/6334160

    The affected subjects: All webshop visitors are affected.

    The purpose of data collection: Publish Google ads to users.

    The duration of the data handling, the time of data deletion: Data processing takes place until the consent statement is withdrawn.

    The person(s) getting access to this data: Data that no longer qualifies for personal data can be handled by the data processing staff, while respecting these principles.

    Subject can initiate to prevent the transfer of personal data to the data processor:

    • on the website on the Stored data page,
    • by mail on the 202 Wallasey Road, CH44 2AG, Wallasey (Wirral) – United Kingdom address,
    • by sending an e-mail to info@tattiniriding.co.uk.

    Legal basis for data handling: the voluntary contribution of the concerned.

    To top
  • Use of Google Analytics

    This site uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are saved to your computer to help analyze a user-visited web page.

    Information generated by cookies associated with a web site used by the User is usually stored on a US Google server. By activating IP anonymization on a web site, Google has previously abbreviated the IP address of the User within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

    Sending to Google's US servers and abbreviating entire IP addresses take place in only exceptional cases. On behalf of the operator of this site, Google will use this information to evaluate how the User has used the Website and to report to the website operator about reports related to the activity of the website and to perform additional services related to website and Internet usage.

    Google does not associate an IP address from Google Analytics that is transmitted by the user's browser with other data. The storage of cookies can be prevented in the Browser's settings, but please note that in this case, you may not be able to fully use all of the feature on this site. You can also prevent Google from collecting and processing cookie information about User's website usage (including your IP address) by downloading and installing the browser plug-in available on the link below: https://tools.google.com/dlpage/gaoptout?hl=en

    By using this Website, you expressly agree that Google will handle your personal information in accordance with the terms and conditions set forth herein. To learn about Google's Privacy Policy, please visit the following website: https://policies.google.com/privacy?hl=en

    To top
  • Newsletter, Direct Marketing Activity

    User at the time of registration may expressly consent to the Service Provider's promotional and any other offers.

    In addition, the Customer may, in keeping with the provisions of this document, consent to the Service Provider's handling of personal data necessary for the transmission of promotional offers.

    The Service Provider will not send unsolicited advertising messages and, without limitation or justification, Customer can unsubscribe free of charge from sending offers. In this case, the Service Provider removes all personal data from the registry - required for sending the advertisement messages - and stops sending promotional offers to User. You can unsubscribe from ads by clicking on the link in these messages.

    The following has to be defined about data management of the newsletter sending:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    The fact of collecting data, the affected data: name, e-mail address, date and time.

    The affected subjects: Every subscriber of the newsletter.

    The purpose of data collection: sending electronic messages containing advertisement to the person concerned, providing information about current offers, products, promotions, new features, etc.

    The duration of the data handling, the time of data deletion: until the consent statement is withdrawn, that is until the date of the unsubscription.

    The person(s) getting access to this data: personal data can be handled by the Data Controller staff, respecting these principles.

    A description of the rights and remedies of data subjects involved in data processing: User can opt-out of the newsletter at any time, free of charge.

    Legal basis for data handling: the voluntary contribution of the concerned.

    To top
  • Social networking sites

    The following has to be defined about data management of social networks:

    • a) the fact of collecting data,
    • b) the affected subjects,
    • c) the purpose of data collection,
    • d) the duration of the data handling,
    • e) the person(s) getting access to this data,
    • f) a description of the rights and remedies of data subjects involved in data processing.

    The fact of collecting data, the affected data: the name, and public profile picture of registered users on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social networks.

    The affected subjects: every registered user of Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. who has “liked or followed” the website.

    The purpose of data collection: sharing or "liking" on social networking sites, web site content, products, promotions, or the website itself.

    The duration of the data handling, the time of data deletion, the person(s) getting access to this data and a description of the rights and remedies of data subjects involved in data processing: the source of the data, how it is handled, how it is delivered and how it is based, can be found on the given social networking site. Data management takes place on the social networking sites, so the duration of the data handling, the ways of deleting and modifying the data are governed by the rules of the respective community site.

    Legal basis for data handling: subject's voluntary consent to managing his/her personal information on social networking sites.

    To top
  • Data processors

    In some cases, the Data Handler employs External Service Providers in order to offer some services. Data Handler cooperates with these External Service providers.

    For Personal Data handled by External Service Providers, the terms and conditions of the External Service Providers' own privacy policy are governed. The Data Controller shall do its utmost to ensure that the External Provider manages the Personal Data transmitted to them in accordance with the law and uses it solely for the purposes specified by the User or in this document and for the purposes set out below. After the 25th of May, 2018, External Service providers record, treat and process personal data transmitted by the Data Controller in accordance with the provisions of the GDPR and they make a statement about to the Data Manager.

    The Data Handler informs Users about the data transfer to External Service Providers in this document.

    Transporting

    Activity performed by data processor: delivery of goods, transportation

    Data processor's name and contact information:

    1. GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
      2351 Alsónémedi, Európa u. 2. - Hungary
      Phone: +36 1 802 0265
      E-mail: info@gls-hungary.com
      Web: https://gls-group.eu/HU/hu/adatvedelmi-szabalyzat
    2. Magyar Posta Zrt.
      3512 Miskolc (Magyar Posta Zrt. Ügyfélszolgálati Igazgatóság) – Hungary
      Phone: +36 1 767 8282
      E-mail: ugyfelszolgalat@posta.hu
      Web: https://www.posta.hu/adatkezelesi_tajekoztato

    The fact of collecting data, the affected data: delivery name, delivery address, telephone number.

    The affected subjects: every customer requesting home delivery is involved.

    The purpose of data collection: delivery of the ordered product(s) to your home.

    The duration of the data handling, the time of data deletion: until the completion of home delivery.

    Legal basis for data handling: the voluntary contribution of the concerned.

    Online payment

    Activity performed by data processor: online payment

    Data processor's name and contact information:

    1. PayPal Inc.
      2211 North First Street., San Jose, CA 95131. - USA
      Phone: 00 1 402-935-2050
      https://www.paypal.com/webapps/mpp/ua/privacy-full
    2. Wirecard Central Eastern Europe GmbH
      Primoschgasse 3, 9020 Klagenfurt - Austria
      Phone: +43 (0)316 / 81 36 81 -1300
      E-Mail: buchhaltung.at@wirecard.com
      Web: https://www.wirecard.com/privacy-protection/

    The fact of collecting data, the affected data: billing name, billing address, e-mail address.

    The affected subjects: every customer requesting online payment is involved.

    The purpose of data collection: performing online shopping, verifying transactions and fraud-monitoring in order to protect users.

    The duration of the data handling, the time of data deletion: until the completion of online payment.

    Legal basis for data handling: the voluntary contribution of the concerned.

    Other data processors

    1. KLP Lovasfelszerelés Kft.
      1118 Budapest, Rétköz utca 51/e
      +36 1 309 5112
      E-mail: info@tattiniriding.com
      Privacy statement: https://www.tattiniriding.com/privacy-policy
    2. HSBC
      Phone from the UK: 03456 040 626
      Phone from outside the UK: +44 1226 261 010
      Contact: https://www.hsbc.co.uk/1/2/contact-and-support
      Privacy statement: http://www.about.hsbc.co.uk/privacy-statement
    3. MXOffice Ltd.
      Unit 42, Price Street Business Centre, Birkenhead, CH41 4JQ - United Kingdom
      Phone: +44-151-808-0264
      E-mail: info@mxoffice.co.uk
      Web: http://www.angolcegalapitas.hu
    4. Safety Layne Accounting Ltd.
      35 Rodney Street, Liverpool, Merseyside, England, L1 9EN – United Kingdom
      E-mail: alison@fwbx.co.uk
    To top
  • Customer relations and other data collection

    In case user while using Data Controller's services has a question or problem, he/she may get in touch with Data Controller on the contact options available (phone, e-mail, social networking sites, etc.) on the website.

    The purpose of the data management is to contact our company, to enforce the rights of the buyer and the data controller, to manage consumer demand, and ex post verification.

    Legal Basis for Data Processing: Your contribution.

    Personal Data Handled: the personal Information You provide.

    Data collector will delete the information provided in received e-mails, messages, over the phone, on Facebook, etc. with the name and e-mail address of the interested party as well as with any other voluntarily entered personal data, not later than five years from the date of disclosure.

    If the contact is a consumer complaint, our company takes a record of the complaint and keeps a copy of the complaint for 5 years.

    Data collection forms not listed in this document is provided when data is collected.

    On the event of special occasions of authority request or with the authorization of the law to request of other bodies the Service Provider is obliged to provide information, communicate, transfer or make available documents.

    In these cases, the Service Provider shall - to the extent that it indicates the exact purpose and exact scope of the data - hand over personal information only to the extent that is indispensable to achieve the purpose of the request.

    To top
  • Data security

    The Data Controller plans and executes the data management operations to ensure that the privacy of the individuals concerned is protected.

    The Data Controller ensures the security of the data (password, antispyware), takes technical and organizational measures and establishes the procedural rules.

    Data are protected by appropriate measures by the Data Controller in particular

    • unauthorized access,
    • alteration,
    • transmission,
    • disclosure,
    • deletion or destruction,
    • accidental destruction and damage,
    • against unavailability because of the change of technology used.

    The Data Controller shall ensure by means of an appropriate technical solution that the data stored in the records can not be directly linked and assigned to the data subject.

    To prevent unauthorized access to personal data, to alter the data and to prevent unauthorized disclosure or use of the data, the Data Controller shall ensure:

    • the development and operation of the appropriate IT and technical environment,
    • the supervised selection and supervision of the staff involved in providing the service,
    • detailed operating, risk management and service procedures.

    Based on the above, the Service provider ensures that the data he manages

    • is available to the holder,
    • is credible and authentic,
    • is verifiable unaltered.

    The IT system of the Data Controller and its hosting provider protects against (among others)

    • computer fraud,
    • espionage,
    • computer viruses,
    • spam,
    • hacking,
    • and other attacks.
    To top
  • Rights of affected persons

    Your rights

    Based on Article 13-22 of the GDPR, regarding your personal data handled by the data controller you are entitled to

    • access your personal data;
    • ask for personal data to be corrected;
    • request the deletion of personal data;
    • request a restriction on the processing of personal data;
    • object to the handling of your personal data and you are to object for this data to be excluded from automated data management, including profiling;
    • transfer personal data and forward it to another data controller, as long as it has legal preconditions (right to data transfer);
    • if personal data are processed in accordance with your consent, you may withdraw your consent at any time;

    The data controller shall provide information on the measures taken on the request without undue delay, but generally within 30 days of the receipt of the request. If the data controller fails to take action, he or she shall notify the reasons for the action without delay, but no later than 30 days after the receipt of the request. If you disagree with the response or action of the data controller, you will have legal remedies available. The data controller informs all addressees of any rectification, deletion or data limitation with whom or with which personal information has been communicated, unless this proves impossible or requires disproportionate effort.

    You can exercise these rights by contacting us on the info@tattiniriding.co.uk e-mail address referring to the data handling in question. You may request the deletion of your data at any time, which will be effected in the case of consent-based data management. You can also request deletion of your purchase history older than 8 years. If you are one of our registered users, by deletion your registration will be removed, and you will not be able to sign in to your account.

    If our website is performing profiling or remarketing, we acknowledge your consent to this policy by accepting the terms in this document. If you do not want to use this option, you can report it to the following email address: info@tattiniriding.co.uk

    If you have previously consented to commercial data management, the Data Controller ensures that you can always change this consent at any time. Based on your electronic consent and/or contract you have the right to transfer your data, and we will prepare the data in a suitable form upon request.

    1. Right to Access
      You are entitled to receive information from the data controller about whether your personal data is being processed and, if such processing is in progress, you are entitled to receive personal information on the circumstances surrounding this data management. The requested information may include, inter alia, the following data: the purposes of data management; the categories of personal data; the categories of recipient or recipients with whom the personal data are communicated by the data controller; the intended duration of the storage of personal data; and if the data is not collected directly from you, all available information about their source.
    2. Correction
      You are entitled to request the data controller to rectify inaccurate personal information without undue delay and to request the completion of incomplete personal data.
    3. The right to deletion ("the right of being forgotten")
      You are entitled to have your personal information deleted at your request without undue delay by the data controller if one of the following reasons exists:
      • personal data is no longer required;
      • if the consent forming the basis of data processing is withdrawn and the data handling has no other legal basis;
      • you object to data handling and have no prior legitimate reason for data handling;
      • the personal data have been unlawfully handled by the data controller;
      • the personal data should be removed by law.
      The data controller shall not delete this data if the processing of data is necessary for one of the following reasons: (i) for the purpose of exercising the right to freedom of expression and access to information; (ii) to fulfill a legal obligation to handle personal data; (iii) necessary for the submission, validation or protection of legal claims.
    4. Right to limitation of data processing
      You are entitled to request that the data controller restricts your data handling upon request if one of the following is true:
      • you dispute the accuracy of personal data; in this case, the restriction refers to the period of time that the data controller can check the accuracy of the personal data;
      • data handling is illegal and you are opposed to the deletion of data and instead asks for their use restriction;
      • the data controller no longer needs personal data for data processing but you require them to submit, enforce, or protect legal claims; or
      • you have objected to the data management; in this case, the restriction applies to the duration of determining whether the data controller's legitimate reasons prevail over the legitimate grounds of the party concerned.
      In the case of limitation of data processing, personal data affected by the restriction may be handled only with your consent or with the submission, validation or protection of legal claims or with the protection of the rights of a natural or legal person, or in the public interest of the European Union or of a Member State, except for storage. You will be informed in advance by the data controller about the release the restriction.
    5. Right to Protest
      You are entitled, at any time, to object to the handling of your personal data to the legitimate interest of data controller for reasons of your own privacy. In this case, the data controller may not process the personal data unless the data controller proves that the data processing is justified by legitimate reasons of enforceability that prevail over your interests, rights and freedoms or which may be used to present, enforce or protect legal claims related.
    6. Right to transfer the data
      If you it does not violate the rights and freedoms of others you are entitled to receive your personal information in a articulate, widely used, machine-readable format. You also have the right to transfer this data directly to another data handler if
      • the handling of data is needed based on Your consent, or on a contract where You are one of the parties, or required at Your request prior the conclusion of a contract; and
      • data management is done automated, ie personal data is handled by an IT system and not on a paper basis.
    To top
  • Legal remedy

    User may object to personal data being handled if

    • the handling or transmission of personal data is only necessary to comply with the legal obligation of the Service Provider or to enforce the legitimate interests of the Service Provider, Data Provider or third party, unless data management is prescribed by law;
    • the use or transmission of personal data is done for direct business acquisition, polling or scientific research;
    • in other cases, specified by law.

    The Service Provider shall examine the protest within the shortest time but not later than 15 days from the submission of the request, and decide on the matter of its validity and shall inform the applicant in writing. If the Service Provider determines the validity of the protest of the person concerned, data management - including further data collection and data transfer - will terminate, the data will be locked, and Service Provider informs those to who the personal data affected by the protest have previously been forwarded, and who are obliged to take action to enforce the right to protest.

    If the User disagrees with the decision of Service provider, he or she may appeal to the court - within 30 days from the date of its communication.

    To top
  • Judicial law enforcement

    The Data Controller must demonstrate that data management is in compliance with the law. The data receiver has to prove the legality of the transfer of data.

    The trial is governed by the jurisdiction of the court. The case may be initiated before the tribunal of the domicile or place of residence of the person concerned - according to his/her choice.

    Those who have no legal capacity may also be party to lawsuits. The Authority may intervene for the sake of the merits of the matter concerned.

    If the court upholds the request, the Data Controller is required to provide information, correction, locking, deleting, destruction of the automated data processing, taking into account the right of protest of the person concerned and the data receiver may be requested to hand over the data requested.

    If the court rejects the request of the data receiver, the Data Controller shall cancel the personal data of the data subject within 3 days of the delivery of the judgment. The Data Controller is also required to delete the data even if the data receiver does not appear before the court within the specified deadline.

    The court may order the disclosure of its judgment by publishing the identity of the Data Controller if it is required by data protection interests and by a larger number of protected rights of the data subject.

    To top
  • Compensation and grievance fees

    If the Data Controller causes harm to someone else's data by unlawful handling or violation of the data security requirements, he or she has to pay for the damages.

    If the Data Controller violates the personal rights of the data subject by unlawful handling of the data concerned or breaches the requirements of data security, the data subject may demand a charge for damages.

    The Data Controller is liable for the damage caused by the data processor to the data subject and the Data Controller is obliged to pay to the data subject the personal injury violation caused by the data processor. The Data Controller is exempt from liability for damages and grievance fees if it proves that the damage or harm to the personal rights of the person concerned is caused by an unavoidable cause beyond the scope of the data processing.

    No compensation is required and no damages can be claimed if the damage or the infringement of the right to privacy was caused by the deliberate or gross negligent conduct of the person concerned.

    To top
  • Related Legislation

    During the preparation of this document we used the following legislation:

    • Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EK (General Data Protection Regulation)
    • 2013. V. act (Hungary) - Civil Code (Civil Code);
    • 2011. CXII. act (Hungary) – about information self-determination and freedom of information (hereinafter: Info act.)
    • Nr. 16/2011. opinion about best practices in behavioral online advertising from EASA/IAB
    • 2008. XLVII. act (Hungary) – about the prohibition of unfair commercial practices against consumers
    • 2008. XLVIII. act (Hungary) – about economic conditions of advertising and some of its limitations (mainly 6.§)
    • 2005. XC. act (Hungary) - about the freedom of electronic information
    • 2003. C. act (Hungary) - about electronic communications (mainly 155.§)
    • 2001. CVIII. act (Hungary) – about electronic commerce services and certain aspects of information society services (mainly 13/A. §)
    • 2000. C. act (Hungary) – about accounting;
    • 1997. CLV. act (Hungary) – about consumer protection;
    • 1995. CXIX. act (Hungary) – about management of name and address information for the purpose of research and direct business acquisition (KA act.);
    To top