1. General Guidelines
- We collect and process personal data only in accordance with the applicable laws.
- We transfer personal data to third parties only with consent.
- We do not sell the personal data we process to third parties under any circumstances.
- We store data as securely as possible.
- We send newsletters only to those who have given their prior and explicit consent.
- Data subjects may request access to, modification of, or deletion of their stored data at any time.
2. Our Company’s (data controller, Service Provider] details and contact information
Name of the data controller: Ágnes Orsolya Lupták Sole Proprietor
Contact details of the data controller: 1039 Budapest, Jendrassik György utca 4. 10th floor, door 30
Phone: 06/30 985-7123
E-mail: @email
Web: https://www.szamszikra.hu
Tax number: 59374897-1-41
The Service Provider reserves the right to amend this Privacy Notice, of which the data subjects will be informed appropriately. Information related to data processing is published on the LINK GOES HERE website.
3. Definitions according to the GDPR (Regulation]
3.1. data subject/User: any identified or identifiable natural person based on personal data, either directly or indirectly;
3.2. personal data: any data relating to the data subject – in particular the data subject’s name, identification mark, as well as one or more pieces of knowledge characteristic of their physical, physiological, mental, economic, cultural or social identity – and any conclusion drawn from such data concerning the data subject;
3.3. consent: a voluntary and explicit indication of the wishes of the data subject, based on adequate information, by which they give their unambiguous agreement to the processing of personal data relating to them - either in full or for specific operations;
3.4. data controller: the natural or legal person, or organization without legal personality, who alone or jointly with others determines the purposes of the processing of data, makes and implements decisions concerning data processing (including the means used], or has them implemented by a data processor;
3.5. data processing: any operation or set of operations performed on data, regardless of the procedure applied, including in particular collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, restriction, erasure and destruction, as well as preventing further use of the data, making photographic, audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g. fingerprint or palm print, DNA sample, iris image];
3.6. data transfer: making data accessible to a specified third party;
3.7. disclosure: making data accessible to anyone;
3.8. data erasure: rendering data unrecognizable in such a way that its restoration is no longer possible;
3.9. data processing operations: the performance of technical tasks related to data processing operations, regardless of the method and means used to carry them out, and regardless of the place of application, provided that the technical task is performed on the data;
3.10. data processor: the natural or legal person, or organization without legal personality, who processes data on the basis of a contract – including a contract concluded pursuant to a legal provision;
3.11. data protection incident: unlawful processing or handling of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.
4. Scope of processed data, purpose, duration of processing, and processor of the data
| Type of processed data | Purpose of data processing | Duration of data processing | Legal basis for data processing | Processor of the given personal data |
| Username | Identification, registration. | Until withdrawal of consent | Consent of the data subject. | |
| Password | Secure login to the user account. | Until withdrawal of consent | Consent of the data subject. | |
| Name | Contact, clarification of arising questions. | Until withdrawal of consent | Consent of the data subject. | |
| E-mail address | Contact, clarification of arising questions. | Until withdrawal of consent | Consent of the data subject. | |
| Phone number | Contact, clarification of arising questions. | Until withdrawal of consent | Consent of the data subject. | |
| Billing name and address | Issuing a lawful invoice, creating and then fulfilling the contract. | We process the data for 5 years in accordance with the civil law limitation period. | Issuing an invoice is mandatory pursuant to Section 159 (1] of Act CXXVII of 2007 on Value Added Tax and pursuant to Section 169 (2] of Act C of 2000 on Accounting. | |
| Shipping name and address | Enabling home delivery. | Until delivery of the ordered goods. | Performance of a contract. [Data processing under Article 6 (1] point b] of the Regulation] | |
| Date and time of purchase/registration | Proof of consent. | Until the limitation period following the termination of data processing | This obligation is prescribed by Article 7 (1] of the Regulation. [Data processing under Article 6 (1] point c] of the Regulation] | |
| IP address at the time of purchase/registration | Proof of consent. | Until the limitation period following the termination of data processing | This obligation is prescribed by Article 7 (1] of the Regulation. [Data processing under Article 6 (1] point c] of the Regulation] |
Scope of data subjects: All registered/purchasing data subjects on the webshop website.
We share personal data only and exclusively with the third party indicated in the “Processor of the given personal data” column, for the purpose of fulfilling the obligations set out in the contract.
Details and tasks of data processors used during data processing
Hosting provider
Name: InfoNetfort Kft.
Address: 7900 Szigetvár, Szent István ltp 17. IV/25.
Phone: +36-30/530-2953
E-mail: @email
Web: www.netfort.hu
Tax number: 26648082-2-02
Company registration number: 02 09 084205
Accounting tasks
Courier service
Direct marketing, newsletter
Name:
Address:
4.1 Contact form:
| Type of processed data | Purpose of data processing | Duration of data processing | Legal basis for data processing |
| Name | Contact | For 90 days after the data subject’s last contact | Consent of the data subject during contact |
| Email address | Contact | For 90 days after the data subject’s last contact | Consent of the data subject during contact |
| Phone number | Contact | For 90 days after the data subject’s last contact | Consent of the data subject during contact |
| Other personal data provided by the data subject during contact | For 90 days after the data subject’s last contact | Consent of the data subject during contact |
Scope of data subjects: Persons contacting us by phone, e-mail, or through the contact form.
We do not share personal data with third parties.
5. Newsletter, direct marketing activity
We send newsletters only to Users who have given their prior and explicit consent. Consent is given using the “Newsletter subscription” form.
| Type of processed data | Purpose of data processing | Duration of data processing | Legal basis for data processing |
| Name | Sending newsletters | Until withdrawal (unsubscription]. | Consent of the data subject |
| E-mail address | Sending newsletters | Until withdrawal (unsubscription]. | Consent of the data subject |
| Time of consent and the data subject’s IP address. | Verifiability of consent | Until withdrawal (unsubscription]. | This obligation is prescribed by Article 7 (1] of the Regulation. |
Scope of data subjects: All data subjects subscribed to the newsletter.
The operator of the newsletter sending system and the processor of the data:
Name:
Address:
5.1 Procedure for withdrawing consent (unsubscribing]
The data subject may unsubscribe from the newsletter at any time, free of charge. Unsubscription may be done via the link sent in the newsletters, or by e-mail sent to the EMAIL ADDRESS GOES HERE e-mail address.
6. Handling of cookies
6.1 What is a cookie?
During visits to the website, the Data Controller uses so-called cookies. A cookie is an information package consisting of letters and numbers that our website sends to the data subject’s browser in order to save certain settings, facilitate the use of our website, and contribute to collecting some relevant statistical information about our visitors. Cookies do not contain personal information and are not suitable for identifying an individual user. Cookies often contain a unique identifier - a secret, randomly generated sequence of numbers - which is stored on the data subject’s device.
Some cookies cease to exist after the website is closed, while others are stored on the computer for a longer period.
6.2. Legal background and legal basis of cookie handling
Cookies typical for webshops are the so-called “password-protected session cookies”, “cookies required for the shopping cart” and “security cookies”, the use of which does not require prior consent from the data subjects.
Fact of data processing, scope of processed data: Unique identification number, dates, times
Scope of data subjects: All data subjects visiting the website.
Purpose of data processing: Identification of users, tracking of visitors.
Legal basis of data processing: consent of the data subject in accordance with Section 5 (1] point a] of the Hungarian Info Act.
6.3 Duration of data processing, deadline for deletion of data: the website uses the following cookies:
- Security cookies: __cfduid, _biz_flagsA, _biz_nA 3, _biz_pendingA, _biz_sid, _biz_uid
- Google Analytics cookies: _ga, _gid
- Cookies necessary for the proper use of the website:
Persons of possible data controllers authorized to access the data: The data controller does not process personal data through the use of cookies.
Information on the rights of data subjects regarding data processing: The data subject has the possibility to delete cookies in the browsers’ Tools/Settings menu, usually under the Privacy settings.
If the data subject does not accept the use of cookies, certain functions will not be available to them. More detailed information about deleting cookies can be found at the following links:
• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-managecooki…
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store…
• Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Safari: https://support.apple.com/kb/ph21411?locale=en_US
7. Google Analytics
7.1. This website uses Google Analytics, a web analysis service provided by Google Inc. (\"Google\"]. Google Analytics uses so-called \"cookies\", text files that are stored on your computer and help analyze how the User uses the visited website.
7.2. The information generated by the cookies regarding the website used by the User is generally transmitted to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address in advance within member states of the European Union or in other states party to the Agreement on the European Economic Area.
7.3. The full IP address is transmitted to Google’s server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User has used the website, to compile reports related to website activity for the website operator, and to provide further services related to website and internet usage.
7.4. Within the framework of Google Analytics, the IP address transmitted by the User’s browser is not merged with other Google data. The User may prevent the storage of cookies by setting their browser accordingly, however, please note that in this case not all functions of this website may be fully usable. The User can also prevent Google from collecting and processing data generated by cookies relating to the User’s use of the website (including the IP address] by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
8. Google Adwords conversion tracking and remarketing
8.1. The Data Controller uses the online advertising program called \"Google AdWords\", and within its framework uses Google’s conversion tracking service. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; \"Google\"].
8.2. When the User reaches a website through a Google advertisement, a cookie necessary for conversion tracking is placed on their computer. These cookies have limited validity and do not contain any personal data, so the User cannot be identified through them.
8.3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the Data Controller can see that the User clicked on the advertisement.
8.4. Each Google AdWords customer receives a different cookie, therefore they cannot be tracked through the websites of AdWords customers.
8.5. The information obtained through the conversion tracking cookies serves the purpose of preparing conversion statistics for customers who choose AdWords conversion tracking. Customers are thus informed about the number of users who clicked on their advertisement and were redirected to a page tagged with conversion tracking. However, they do not gain access to information that could identify any user.
8.6. If you do not wish to participate in conversion tracking, you may refuse this by disabling the installation of cookies in your browser. After that, the data subject will not appear in the conversion tracking statistics.
8.7. Further information and Google’s privacy statement are available at: www.google.de/policies/privacy/
8.8. Google Adwords Remarketing
8.9. Data processing as a remarketing activity is implemented with the help of cookies.
Processed data
Data processed by the cookies defined in the cookie information notice.
Duration of data processing
The storage period of the given cookie, more information is available here:
Google general cookie information: https://www.google.com/policies/technologies/types/
Google Analytics information:
https://developers.google.com/analytics/devguides/collection/analyticsj…
Legal basis of data processing
The voluntary consent of the data subject, which the data subject gives to the Service Provider by using the website.
9. Rights of data subjects
9.1 Right to information
Upon the request of the data subject, the Service Provider, as data controller, provides information on the data processed by it or by a processor entrusted by it, on the source of the data, the purpose, legal basis and duration of data processing, the name and address of the data processor and its activities related to data processing, the circumstances and effects of any data protection incident and the measures taken to remedy it, and, in the case of data transfer, on its legal basis and recipient. The data controller shall provide the information in an intelligible form, in writing at the request of the data subject, as soon as possible after submission of the request, but no later than within 30 days. This information is free of charge if the person requesting the information has not yet submitted an information request to the data controller in the current year regarding the same scope of data. In other cases, the Service Provider shall establish a fee reimbursement.
9.2 Right to rectification
The Service Provider shall rectify personal data if it does not correspond to reality and the correct personal data is available to it.
9.3 Right to restriction
The Service Provider shall restrict personal data if the data subject requests it, or if based on the information available it can be presumed that deletion would harm the legitimate interests of the data subject. Restricted personal data may only be processed for as long as the data processing purpose exists that excluded the deletion of the personal data. The Service Provider shall mark the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
9.4 Right to erasure
The Service Provider shall erase personal data if its processing is unlawful, if the data subject requests it, if the processed data is incomplete or incorrect - and this condition cannot be lawfully remedied - provided that deletion is not excluded by law, if the purpose of data processing has ceased, or if the statutory deadline for storing the data has expired, or if deletion has been ordered by a court or the National Authority for Data Protection and Freedom of Information.
9.5 Procedural rules
The data controller has 30 days to erase, restrict, or rectify personal data. If the data controller does not fulfill the data subject’s request for rectification, restriction, or erasure, it shall communicate the reasons for refusal in writing or electronically with the data subject’s consent within 30 days. The Service Provider shall notify the data subject, as well as all those to whom the data was previously transferred for the purpose of data processing, about rectification, restriction, marking, and erasure. Notification may be omitted if, in view of the purpose of data processing, this does not violate the legitimate interest of the data subject.
9.6 Objection
The data subject may object to the processing of their personal data if
a] the processing or transfer of personal data is necessary solely for the fulfillment of a legal obligation applicable to the data controller or for the enforcement of the legitimate interests of the data controller, recipient of the data, or a third party, except where the processing is ordered by law;
b] in other cases defined by law.
The Service Provider shall examine the objection as soon as possible after the submission of the request, but no later than within 15 days, make a decision on whether it is well-founded, and inform the applicant in writing of its decision. If the data controller establishes that the objection of the data subject is well-founded, it shall terminate the data processing - including further data collection and transfer - and restrict the data, and shall notify all those to whom it previously transferred the personal data concerned by the objection, and who are obliged to take measures to enforce the right to object, about the objection and the measures taken based on it.
If the data subject does not agree with the decision made by the data controller, they may turn to court within 30 days from its communication.
The Service Provider may not erase the data of the data subject if the processing of the data is ordered by law. However, the data may not be transferred to the recipient if the data controller agreed with the objection or the court established that the objection is justified.
9.7. Right to data portability
If data processing is carried out by automated means, or if data processing is based on the data subject’s
voluntary consent, the data subject has the right to request from the Data Controller that the data
provided by the data subject to the Data Controller be made available in xml, JSON, or csv
format, and if technically feasible, they may request that the Data Controller transfer the data in this format
to another data controller.
9.8 Compensation and damages for infringement
The Service Provider shall compensate for damage caused to another person by unlawful processing of the data subject’s data or by breaching data security requirements. In the event of violation of the data subject’s personality rights, the data subject may claim damages for infringement (Section 2:52 of the Civil Code]. The data controller is also liable towards the data subject for damage caused by the data processor. The data controller shall be exempt from liability if the damage was caused by an unavoidable reason outside the scope of data processing.
The data controller shall not compensate damage and no damages for infringement may be claimed insofar as the damage or the infringement caused by the violation of personality rights resulted from the intentional or grossly negligent conduct of the injured party or the data subject.
9.9 Right to go to court
In the event of a violation of their rights, the data subject may take legal action against the data controller. The court shall proceed in the matter out of turn.
9.10 Complaint
Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Phone: +361/391-1400
Fax: +361/391-1410
E-mail: @email
Website: http://www.naih.hu
10. Data security
The Service Provider designs and carries out data processing operations in such a way as to ensure the protection of the privacy of data subjects.
The Service Provider, and within its field of activity the data processor, ensures the security of the data, takes the technical and organizational measures, and establishes the procedural rules necessary to enforce the Hungarian Info Act as well as other data and secrecy protection rules.
The Service Provider protects the data with appropriate measures especially against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as accidental destruction and damage, and against becoming inaccessible due to changes in the applied technology.
During data processing, the Service Provider preserves:
• confidentiality: it protects the information so that only those authorized may access it
• integrity: it protects the accuracy and completeness of the information and the processing method
• availability: it ensures that when the authorized user needs it, they can actually access the desired information, and that the related tools are available.
The IT systems and networks of the Service Provider and its partners involved in data processing
are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood,
as well as against computer viruses, computer intrusions, and denial-of-service
attacks. The operator ensures security with server-level and application-level protection procedures.
11. Applicable legislation used for the privacy notice
• Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Info Act]
• Act V of 2013 – on the Civil Code (Ptk.]
• Act CLV of 1997 – on Consumer Protection (Fgytv.]
• Act XIX of 1998 – on Criminal Proceedings (Be.]
• Act CVIII of 2001 – on certain issues of electronic commerce services and information society services (Eker. tv.]
• Act C of 2003 – on Electronic Communications (Eht.]
• Act XLVIII of 2008 – on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grt.]
• Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information
• GDPR, Regulation (EU) 2016/679 of the European Parliament and of the Council, on the processing and protection of personal data of natural persons and on the free movement of such data
2026.03.25.
