Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data are in particular: name, address, date and place of birth, mother’s name.
Filing system: any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymization: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor: means a natural or legal person, public authority, agency or other body which processes the personal data on behalf of the controller.
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Third party: natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Supervisory Authority: an independent public authority established in accordance with Article 51 of the GDPR, the Hungarian National Authority for Data Protection and Freedom of Information in Hungary.
The Data Controller observes the following principles while processing data, therefore, the personal data shall be:
The Data Controller processes the personal data in a way that at least one of the following conditions applies:
Personal data processed
Name, phone number, e-mail address of the contact person of the contractual partner
Purpose of data processing
Keeping contact with a contractual partner
Legal basis of data processing: Article 6(1) point b) of GDPR: performance of contract
Duration of data processing: 8 years under Subsection (1) of Section 169 of the Accounting Act
Personal data processed
Name, email address
Purpose of data processing
Contacting the interested party data subject
Legal basis of data processing: Article 6(1) point a) of GDPR: consent of the data subject
Duration of data processing: until withdrawal of consent
Personal data processed
Name, email address
Purpose of data processing
Sending newsletters
Legal basis of data processing: Article 6(1) point a) of GDPR: consent of the data subject
Duration of data processing: until withdrawal of consent
Personal data processed
Name, email address, phone number
Purpose of data processing
Registration in webshop
Legal basis of data processing: Article 6(1) point b) of GDPR: performance of contract
Duration of data processing: 5 years under Section 6:22 of the Civil Code
Personal data processed
Name, email address, phone number
Purpose of data processing
Attending trainings
Legal basis of data processing: Article 6(1) point b) of GDPR: performance of contract
Duration of data processing: 5 years under Section 6:22 of the Civil Code
Personal data processed
Name, telephone number, email address, delivery address
Purpose of data processing
Delivery of product, performing contract
Legal basis of data processing: Article 6(1) point b) of GDPR: performance of contract
Duration of data processing: 5 years under Section 6:22 of the Civil Code
Personal data processed
Name, address, tax number (in case of legal entity customers)
Purpose of data processing
Issuing invoices
Legal basis of data processing: Article 6(1) point c) of GDPR: fulfilment of legal obligations: Subsection (1) of Section 159 of the VAT Act
Duration of data processing: 8 years under Subsection (1) of Section 169 of the Accounting Act
The personal data may be accessed by the employees of the Data Controller in order to carry out their duties.
The Data Controller uses a Data Processor during the processing of data. The Data Processors do not make independent decisions, they only have the right to act in compliance with their contract concluded with the Data Controller upon the instructions received. The Data Controller only uses Data Processors that implement appropriate technical and organizational measures to ensure a level of data security appropriate to the level of risk. The actual duties and liabilities of the Data Processor are set out in a contract between the Data Controller and the Data Processor.
The Data Controller uses the following Data Processors during the processing of data:
The Data Controller provides any of the data processed to any authority, court or other public body only in a way and for the purpose set out in law. The Data Controller is required by law to transfer data to the following public authorities:
The Data Controller stores the personal data on the servers of the server provider. The Data Controller takes appropriate IT, technical and personnel measures to ensure that the processed personal data are secured against, inter alia, unauthorized access or unauthorized alteration. For example, the access to data stored in the information technology system is logged, therefore it can always be checked who and when accessed and to what personal data.
The data subject may request information from the Data Controller through the contact details set out in Clause 1, in writing, relating to
The Data Controller shall fulfil the request of the data subject within one month, by letter sent to the contact details provided by the data subject.
The data subject may request the Data Controller through the contact details set out in Clause 1, in writing, to rectify any of his/her personal data (for example, he/she may change his/her email address or other contact details at any time). The Data Controller shall fulfil the request of the data subject within one month, by letter sent to the contact details provided by the data subject.
The data subject may request the Data Controller through the contact details set out in Clause 1, in writing, to erase his/her personal data. The Data Controller may reject a request for erasure if the Data Controller is legally obliged to further store the personal data. However, if there is no such a legal obligation, the Data Controller processes the request of the data subject within one months, the latest, and send to the contact details provided by the data subject.
The data subject may request the Data Controller through the contact details set out in Clause 1, in writing, to restrict the processing of his/her personal data (by clearly indicating the restricted nature of data processing and ensuring processing separated from other data). Restriction shall last as long as it is justified by the reason indicated by the data subject. Restriction may be requested if, for example, the data subject believes that any of his/her application has been unlawfully handled by the Data Controller, however, it is necessary for the initiated official or court proceedings that the Data Controller does not delete the application. In this case, the Data Controller shall further store the personal data (e.g., the application concerned) until the request of the authority or court and then it erases the data.
The data subject may request the Data Controller through the contact details set out in Clause 1, in writing, to object against the processing of his/her personal data, if the Data Controller would transfer or use any personal data for the purposes of public opinion poll or scientific research. Accordingly, the data subject may object, for example, against the use of the personal data by the Data Controller for the purposes of scientific research without consent.
National Authority for Data Protection and the Freedom of Information (NAIH)
address: Budapest, Szilágyi Erzsébet fasor 22c, H-1125
postal address: H-1530 Budapest, P.O. box: 5.
phone: +36 (1) 391-1400
website: www.naih.hu
e-mail: ugyfelszolgalat@naih.hu
The Controller maintains the right to unilaterally modify this Privacy Notice at any time. This Privacy Notice may be subject to modification in particular if so required by any modification to legislation, privacy authority practice, business needs or newly discovered security risk. Upon the request of the data subject, the Data Controller will send one copy of the current version of the privacy notice, in a form agreed with the data subject.
Newsletters, DM activities Name: Klaviyo Website: https://www.klaviyo.com/ e-mail: sales@klaviyo.com telephone: +44 800 358 4918
Personal data |
Purpose of data processing |
Name, email address |
Identification, allowing subscription to newsletters. |
Date of subscription |
Performing a technical operation. |
IP address at the time of subscription |
Performing a technical operation. |
Using Google Adwords conversion tracking
The Data Controller uses the online advertising program named “Google AdWords”, and also uses Google conversion tracking program within the framework of the above. Google conversion tracking is the analyzing service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If a User reaches a website by a Google advertisement, a cookie required for conversion tracking is downloaded on the his/her computer. The validity of these cookies is restricted, and they do not contain any personal data, thus the User may not be identified thereby. If the User browses certain pages of a website and the cookie has not yet expired, then both Google and the data controller if the User clicked on the advertisement. Each Google AdWords customer gets a different cookie, therefore they cannot be tracked through the websites of AdWords’ customers. The information obtained by the conversion tracking cookies serve the purpose to prepare conversion statistics to AdWords’ customers choosing conversion tracking. The customers can obtain information in this way of the number of users clicking on their advertisement and redirected to a page with a conversion tracking tag. However, they have no access to information whereby any of the users may be identified. If you do not want to be involved in conversion tracking, you can refuse it by blocking the possibility to download cookies in your browser. After that you will not be involved in conversion tracking statistics. For further information and the privacy notice of Google, please visit the following website: www.google.de/policies/privacy/
Using Google Analytics application
This website uses Google Analytics application which is the web analytics service of Google Inc. (“Google”). Google Analytics uses so called “cookies”, text files, which are saved on your computer whereby supporting the analyses of the use of a website visited by the User. The information created by the cookies relating to the website used by the User are usually provided to and stored on one of Google’s servers in the US. By activating IP anonymization on the website, Google first shortens the User’s IP address within the Member States of the European Union or in other party to the Agreement on the European Economic Area. The full IP address is transferred to and shortened on Google’s server in the US only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website and internet usage. Within Google Analytics, the IP address transferred by the User’s browser will not be merged with Google’s other data. Users can prevent the storage of cookies by appropriate setting of their browser, however, please note that in this case, not all features of this website may be fully functional. Users can also prevent the collection and processing of their data relating to the use of the website by the cookies (including IP address), by downloading and installing the browser plugin via the following link. https://tools.google.com/dlpage/gaoptout?hl=hu
Using Facebook conversion tracking
Cookie type |
Legal basis of data processing |
Duration of data processing |
Scope of data processed |
Session cookies |
Subsection (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce and information society services |
Period until the end of the relevant visitor session |
connect.sid |
Cookie provider |
Name of cookie |
Purpose of cookie |
|
_fbp |
This cookie allows you to see ads on Facebook that may be of more interest to you. |
|
_fbc |
This cookie is generated when you land on a website by clicking on a Facebook ad. |
|
_ga |
We use this cookie to distinguish between individual users by a generated numeric code. |
|
–gid |
The cookie allows counting the visits and traffic sources of the website in order to measure and develop the performance of the website with the help of Google Analytics services. |