Data processing information

Table of contents

Data controller
Hosting service provider
Description of data processing carried out during the operation of the webshop
- Information on the use of cookies
- Data processed for the purpose of concluding and fulfilling contracts
- Data processing for marketing purposes
- Additional data processing
External service providers
Your rights during data processing
Legal remedies
Modification of data processing information

Hosting service provider

Name: Webnode AG.

Mailing address: Badenerstrasse 47, CH-8004 Zurich

E-mail address: premium@webnode.hu

Phone number: +447 830 300 789

Description of data processing carried out during the operation of the webshop

Information on the use of cookies

What is a cookie?

The Data Controller uses so-called cookies when visiting the website. A cookie is a package of letters and numbers that our website sends to your browser in order to save certain settings, make our website easier to use and help us collect some relevant statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier - a secret, randomly generated string of numbers - that is stored by your device, thus ensuring your identification. The operating period of each cookie is included in the relevant description of each cookie.

Legal background and legal basis for cookies:

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation.

Main characteristics of the cookies used by the website:

Google Adwords cookie: When someone visits our site, the visitor's cookie identifier is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to personalize the ads you see on Google products, such as Google Search. For example, Google uses these cookies to remember your recent searches, your previous interactions with ads or search results from individual advertisers, and your visits to advertisers' websites. AdWords conversion tracking uses cookies. Cookies are placed on a user's computer when a person clicks on an ad to track sales and other conversions resulting from an ad. Some common uses of cookies include: selecting ads based on what is relevant to the user, improving campaign performance reporting, and avoiding showing ads to a user that they have already seen.

Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and app owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and report on statistical data about the use of the website without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reporting on statistical data about the use of the website, Google Analytics - together with some of the advertising cookies described above - may also be used to show more relevant ads in Google products (such as Google Search) and across the web.

Remarketing cookies: They may be displayed to previous visitors or users when they browse other websites in the Google Display Network or search for terms related to your products or services

Referer cookies: They record the external website from which the visitor came to the site. They last until the browser is closed.

Last viewed product cookie: Records the products that the visitor last viewed. They last for 60 days.

Last viewed category cookie: Records the last viewed category. Lifespan is 60 days.

Cookie acceptance cookie: When you arrive at the site, you accept the cookie statement in the warning window. Lifespan is 365 days.

Facebook pixel (Facebook cookie) The Facebook pixel is a code that is used to report on conversions on the website, create target audiences, and provide the site owner with detailed analysis data on the use of the website by visitors. With the help of the Facebook pixel, you can display personalized offers and advertisements to website visitors on the Facebook interface. You can read Facebook's data management policy here: https://www.facebook.com/privacy/explanation

If you do not accept the use of cookies, certain functions will not be available to you. For more information on how to delete cookies, please visit the following links:

Internet Explorer: https://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito

Safari: https://support.apple.com/kb/ph21411?locale=en_US

Chrome: https://support.google.com/chrome/answer/95647

Data processed for the purpose of concluding and fulfilling a contract

There are several cases of data processing that can be carried out for the purpose of concluding and fulfilling a contract. We would like to inform you that data processing related to complaint handling and warranty administration will only take place if you exercise one of the rights mentioned above.

Data processing carried out for the purpose of concluding and fulfilling a contract in more detail:

Order processing

During the processing of orders, data processing activities are necessary for the purpose of fulfilling the contract.

Data processed: name, address, telephone number, e-mail address, characteristics of the purchased product, order number and date of purchase.

If you have placed an order, data processing and the provision of data are essential for the fulfillment of the contract.

Duration of data processing: the data will be processed for 5 years according to the civil law limitation period.

Legal basis for data processing: fulfillment of the contract. [Data processing pursuant to Article 6(1)(b) of the Regulation]

Issuance of an invoice

The data processing process is carried out in order to issue the invoice in accordance with the legal requirements and to fulfil the obligation to retain accounting documents. Pursuant to Section 169(1)-(2) of the VAT Act, businesses must retain accounting documents directly and indirectly supporting the accounting settlement.

Data processed: name, address, e-mail address, telephone number.

Duration of data processing: invoices issued must be retained for 8 years from the date of issue of the invoice pursuant to Section 169(2) of the VAT Act.

Legal basis for data processing: Act CXXVII of 2007 on Value Added Tax. According to Section 159(1), the issuance of an invoice is mandatory and it must be kept for 8 years pursuant to Section 169(2) of Act C of 2000 on Accounting [Data processing pursuant to Article 6(1)(c) of the Regulation].

Handling of other consumer complaints

The data processing process is carried out in order to handle consumer complaints. If you have contacted us with a complaint, data processing and provision of data are essential.

Data processed

Customer name, telephone number, e-mail address, content of the complaint.

Duration of data processing: warranty complaints are stored for 5 years pursuant to the Consumer Protection Act.

Legal basis for data processing: your voluntary decision to contact us with a complaint, however, if you contact us, Act CLV of 1997 on Consumer Protection, Section 17/A. § (7) we are obliged to keep the complaint for 5 years [Data processing pursuant to Article 6(1)(c) of the Regulation].

Data processed in connection with the verifiability of consent

During registration, ordering and subscribing to the newsletter, the IT system stores IT data related to consent for the purpose of later proof.

Processed data: time of consent and IP address of the data subject.

Duration of data processing: due to legal requirements, consent must be verified later, therefore the data storage period is stored until the limitation period after the termination of data processing.

Legal basis for data processing: Article 7(1) of the Regulation provides for this obligation. [Data processing pursuant to Article 6(1)(c) of the Regulation]

Data processing for marketing purposes

Data processing related to sending newsletters

Data processed: name, address, e-mail address, telephone number.

Duration of data processing: until the data subject withdraws their consent.

Legal basis for data processing: your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [Data processing pursuant to Article 6(1)(a) of the Regulation]

Data processing related to sending and displaying personalized advertisements

Data processed: name, address, e-mail address, telephone number.

Duration of data processing: until your consent is withdrawn.

Legal basis for data processing: your voluntary, separate consent, which you provide to the Data Controller during data collection [Data processing pursuant to Article 6(1)(a) of the Regulation]

Remarketing

Data processing as a remarketing activity is implemented using cookies.

Data processed: data processed by cookies specified in the cookie policy.

Duration of data processing: the data storage period of the given cookie, more information is available here:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data processing: your voluntary consent, which you provide to the Data Controller by using the website [Data processing pursuant to Article 6(1)(a) of the Regulation].

Further data processing

If the Data Controller intends to carry out further data processing, it will provide prior information on the essential circumstances of the data processing (legal background and legal basis for data processing, purpose of data processing, scope of data processed, duration of data processing).

We inform you that the Data Controller must comply with written requests for data from authorities based on statutory authority. The Data Controller keeps a record of data transfers in accordance with Section 15 (2)-(3) of the Infotv. (to which authority, what personal data, on what legal basis, when the Data Controller transferred it), the Data Controller provides information on the content of which upon request, unless the provision of information is excluded by law.

On the use of a data processor and their activities related to data processing

The Data Controller is entitled to use a data processor to perform its activities. Data processors do not make independent decisions, they are entitled to act solely in accordance with the contract concluded with the Data Controller and the instructions received. The Data Controller monitors the work of the data processors.

Data processors are entitled to use additional data processors only with the consent of the Data Controller.

The Data Controller may only use data processors who, or which provide appropriate guarantees to implement appropriate technical and organizational measures to ensure the compliance of data processing and the protection of the rights of data subjects.

The Data Processor may not use additional data processors without the prior written or individual authorization of the Data Controller. In the event of a general written authorization, the Data Processor shall inform the Data Controller of any planned changes that affect the use of additional data processors or their replacement, thereby providing the Data Controller with the opportunity to object to these changes.

The Data Controller shall indicate the data processors used in the Notice.

Data processors used by the Data Controller:

- Webnode AG. (Badenerstrasse 47, CH-8004 Zurich) - hosting services

- Billingo Technologies Zrt. (1133 Budapest, Árbóc utca 6) - .) - online invoice-related data processing

- KBOSS.hu Kft. (1031 Budapest, Záhony u. 7) - online invoice-related data processing (szamlazz.hu)

- Busbach Péter Bence (7130 Tolna, Határ utca 2) - reservation system service

External service providers

The Data Controller uses External service providers, with which the Data Controller cooperates.

The Personal Data managed in the systems of the External service providers are governed by the provisions of the External service providers' own data protection regulations. The Data Controller will do its utmost to ensure that the Third Party Provider processes the Personal Data transmitted to it in accordance with the law and uses them exclusively for the purpose specified by the Data Subject or set out below in the Notice.

The Data Controller will inform the Data Subjects about the transfer of data to Third Party Providers in the Notice.

Third Party Providers:

- Facebook (Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

- Instagram (Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

- Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America)

Data security measures

The Data Controller ensures the security of the data, takes the technical and organizational measures and develops the procedural rules that are necessary to enforce the applicable laws, data protection and confidentiality rules. The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.

The Data Controller and the data processor, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of the data processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, shall implement appropriate technical and organizational measures in order to guarantee a level of data security appropriate to the degree of the risk.

Within the framework of the above, the Data Controller:

- ensures measures to protect against unauthorized access, including the protection of software and hardware devices, and physical protection (access protection, network protection);

- takes measures to ensure the possibility of restoring data files, regular backups;

- takes measures to protect against viruses.

Your rights during data processing

Within the period of data processing, you are entitled to the following rights according to the provisions of the Regulation:

the right to withdraw consent

access to personal data and information related to data processing

right to rectification

restriction of data processing,

right to erasure

right to object

right to portability.

If you wish to exercise your rights, this will involve your identification, and the Data Controller must necessarily communicate with you. Therefore, for the purpose of identification, it will be necessary to provide personal data (but the identification may only be based on data that the Data Controller already processes about you), and your complaint regarding data processing will be available in the Data Controller's email account within the period specified in this information regarding complaints. If you were our customer and would like to identify yourself for the purpose of complaint management or warranty management, please provide your order ID for identification. We can also use this to identify you as a customer.

The Data Controller will respond to complaints regarding data processing within 30 days at the latest.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case we will delete the data provided from our systems. Please note, however, that in the case of an order that has not yet been fulfilled, the withdrawal may result in us not being able to deliver to you. In addition, if the purchase has already been made, we cannot delete billing-related data from our systems based on accounting regulations, and if you owe us a debt, we may process your data based on the legitimate interest in collecting the claim even if you withdraw your consent.

Access to personal data

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed, and if data processing is in progress, you have the right to:

receive access to the personal data processed and to be informed by the Data Controller of the following information:

the purposes of the data processing;

the categories of personal data processed about you;

information about the recipients or categories of recipients to whom or with whom the Data Controller has disclosed or will disclose the personal data;

the planned period for which the personal data will be stored, or, if this is not possible, the criteria for determining this period;

your right to request from the Data Controller rectification, erasure or restriction of processing of personal data concerning you and, in the case of processing based on legitimate interests, to object to the processing of such personal data;

the right to lodge a complaint with a supervisory authority;

if the data were not collected from you, all available information on their source;

the fact of automated decision-making (if such a process is used), including profiling, and at least in these cases, intelligible information on the logic involved and the significance and foreseeable consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of the data processing, therefore, in the event of repeated requests for information, the Data Controller may charge a reasonable fee in exchange for providing the information.

The Data Controller provides access to personal data by sending you the processed personal data and information by email after you have been identified. If you have registered, we provide access so that you can view and check the personal data processed about you by logging into your user account.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

Right to rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without delay.

Right to restriction of data processing

You have the right to request that the Data Controller restrict data processing if one of the following applies:

You contest the accuracy of the personal data, in which case the restriction applies for a period that allows the Data Controller to verify the accuracy of the personal data; if the accuracy of the data can be established immediately, the restriction will not be applied; the processing is unlawful but you oppose the erasure of the data for any reason (for example because the data are important to you for the exercise of legal claims) and therefore do not request the erasure of the data but instead request the restriction of their use;

the Controller no longer needs the personal data for the purposes of the indicated processing, but you require them for the establishment, exercise or defence of legal claims; or

you have objected to the processing but the Controller's legitimate interests may also justify the processing, in which case the processing must be restricted until it is determined whether the Controller's legitimate interests override your legitimate interests.

If processing is subject to restriction, such personal data may only be processed with the consent of the data subject, with the exception of storage, for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for important public interests of the Union or of a Member State.

The Data Controller shall inform you in advance (at least 3 working days before the lifting of the restriction) of the data processing.

Right to erasure - to be forgotten

You have the right to have the Data Controller erase personal data concerning you without undue delay if one of the following reasons applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;

You withdraw your consent and there is no other legal basis for the data processing;

You object to the data processing based on legitimate interest and there is no overriding legitimate reason (i.e. legitimate interest) for the data processing, the personal data have been processed unlawfully by the Data Controller and this has been established on the basis of a complaint, the personal data must be erased for compliance with a legal obligation imposed on the Data Controller by Union or Member State law.

Where the Controller has made personal data concerning you public for any legitimate reason and is required to erase them for any of the reasons set out above, the Controller shall take reasonable steps, including technical measures, taking into account available technology and the cost of implementation, to inform other controllers processing the data that you have requested the erasure of links to or copies or replications of such personal data.

Erasure shall not apply where processing is necessary:

for the exercise of the right to freedom of expression and information; for compliance with an obligation to process personal data under Union or Member State law to which the Controller is subject (such as processing in the context of invoicing, as the retention of the invoice is required by law); or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; to submit, enforce or defend legal claims (e.g. if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data processing complaint is in progress).

Right to object

You have the right to object at any time to the processing of your personal data based on legitimate interests for reasons relating to your particular situation. In this case, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the processing of personal data is carried out for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for this purpose, including profiling, if it is necessary for the direct marketing.

If the processing of personal data is carried out for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling, if it is related to direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data will no longer be processed for such purposes.

Right to portability

Where the processing is carried out by automated means or where the processing is based on your voluntary consent, you have the right to request the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller shall make available to you in xml, JSON or csv format, and, where technically feasible, to request that the Data Controller transmit the data in this form to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. In such cases, the controller shall implement suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to object to the decision.

The above shall not apply where the decision:

is necessary for entering into, or the performance of, a contract between you and the controller;

is permitted by Union or Member State law applicable to the controller and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or is based on your explicit consent.

Legal remedies

If you believe that the Data Controller has violated a legal provision relating to data processing or has not complied with a request, you may initiate an investigation procedure with the National Data Protection and Freedom of Information Authority in order to terminate the presumed unlawful data processing (correspondence address: 1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu).

We also inform you that in the event of a violation of the legal provisions relating to data processing or if the Data Controller has not complied with a request, you may initiate a civil lawsuit against the Data Controller in court.

Modification of the Data Processing Information

The Data Controller reserves the right to modify this data processing information in a way that does not affect the purpose and legal basis of data processing. By using the website after the modification comes into force, you accept the modified data processing information.

If the Data Controller intends to further process the collected data for purposes other than those for which they were collected, it shall inform you of the purpose of the processing and of the following information prior to further processing:

the duration of the storage of the personal data or, if this is not possible, the criteria for determining the duration;

your right to request access to, rectification, erasure or restriction of processing of your personal data from the Data Controller and, in the case of processing based on legitimate interest, to object to the processing of your personal data and, in the case of processing based on consent or a contractual relationship, to request the right to data portability;

in the case of processing based on consent, that you may withdraw your consent at any time and to lodge a complaint with a supervisory authority;

whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for concluding a contract, and whether you are obliged to provide the personal data, as well as the possible consequences of not providing the data;

the fact of automated decision-making (if such a procedure is used), including profiling, and at least in these cases, understandable information about the logic used and the significance of such data processing and the expected consequences for you.

Data processing can only begin after this, if the legal basis for data processing is consent, you must also consent to the data processing in addition to the information.

This document contains all relevant data processing information regarding the operation of the webshop based on the General Data Protection Regulation of the European Union 2016/679 (hereinafter: Regulation. GDPR) and Act CXII. of 2011 (hereinafter: Infotv.).

Budapest, 2025.12.15.