PRIVACY POLICY

INTRODUCTION

YM DESIGN KFT. (1037 Budapest, Nyereg út 23., tax number: 32404214-2-41, company registration number: 01-09-422365) (hereinafter referred to as the Service Provider or Data Controller) is subject to the following policy.

In accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016), which concerns the protection of natural persons regarding the processing of personal data and the free movement of such data, and repeals Directive 95/46/EC, we provide the following information.

This privacy policy regulates the processing of data on the following websites: sparklemonde.com, spark-le-monde.com, spark-le-monde.myshopify.com, sparklemonde.hu

The privacy policy is available at: http://sparklemonde.com/adatvedelem

Any amendments to this policy will come into effect upon publication at the above address.

DATA CONTROLLER AND CONTACT DETAILS:

• Name: YM DESIGN KFT.

• Registered Office: 1037 Budapest, Nyereg út 23.

• E-mail: spark@spark-le-monde.com

DEFINITIONS

1. "Personal data": Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. "Processing": Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

3. "Data Controller": The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

4. "Data Processor": A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.

5. "Recipient": A natural or legal person, public authority, agency, or another body, to which personal data is disclosed, whether a third party or not.

6. "Consent of the Data Subject": Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

7. "Data Breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

PRINCIPLES OF PERSONAL DATA PROCESSING

Personal data must be:

• Processed lawfully, fairly, and in a transparent manner.

• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

• Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

• Accurate and, where necessary, kept up to date.

• Stored in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

• Processed in a manner that ensures appropriate security of the personal data.

The Data Controller is responsible for compliance with these principles and must be able to demonstrate such compliance.

DATA PROCESSING IN CONNECTION WITH OPERATING THE ONLINE STORE

1. Types of personal data collected and purposes:

   • Username: Identification, enabling registration.

   • Password: Ensuring secure login to the user account.

   • Full name: Required for contact, purchasing, and issuing invoices.

   • Email address: Contact purposes.

   • Phone number: Contact for billing or delivery-related queries.

   • Billing name and address: Issuing proper invoices and managing contracts.

   • Shipping name and address: Enabling home delivery.

   • Date and time of purchase/registration: Technical operations.

   • IP address at purchase/registration: Technical operations.

2. Scope of data subjects: All users who register or make a purchase on the online store.

3. Duration of data processing:

   • Data is deleted immediately upon account deletion, except for accounting documents, which must be retained for 8 years under Hungarian accounting law.

4. Authorized data processors and recipients: Sales and marketing employees of the Data Controller, respecting fundamental principles.

5. Data subject rights regarding data processing:

   • Right to access, correct, delete, or restrict data processing.

   • Right to object to data processing.

   • Right to data portability.

   • Right to withdraw consent at any time.

6. Methods for exercising rights:

   • By post: 1024 Budapest, Lövőház utca 20/b 4/2.

   • By email: spark@spark-le-monde.com

7. Legal basis for data processing:

   • Consent of the data subject.

   • Necessary processing for contractual obligations.

   • Compliance with accounting laws.

8. Obligation to provide data:

   • Providing personal data is required to process the order.

   • Failure to provide data results in the inability to process the order.

DATA SECURITY MEASURES

The Data Controller ensures adequate technical and organizational measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction.

DATA BREACH NOTIFICATION

If a data breach is likely to result in a high risk to the rights and freedoms of individuals, the Data Controller shall notify the affected individuals without undue delay, providing information about the nature of the breach, potential consequences, and mitigation measures taken.

FILING COMPLAINTS

If you believe that your personal data is being processed unlawfully, you may file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information:

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

• Postal Address: 1530 Budapest, P.O. Box 5.

• Phone: +36-1-391-1400

• Email: ugyfelszolgalat@naih.hu

FINAL PROVISIONS

This privacy policy has been prepared in accordance with applicable Hungarian and EU laws, including:

• General Data Protection Regulation (EU 2016/679)

• Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information

• Hungarian Act C of 2001 on Electronic Commerce Services

• Hungarian Act XLVIII of 2008 on Advertising Activities

The Data Controller reserves the right to amend this policy at any time.