1. "Personal Data": Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2. "Processing": Any operation or set of operations performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
3. "Controller": The natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
4. "Processor": A natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.
5. "Recipient": A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing.
6. "Data Subject’s Consent": Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
7. "Data Breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

1. Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”).
2. Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible with the original purposes, in accordance with Article 89(1) (“purpose limitation”).
3. Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”).
4. Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”).
5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Longer storage periods are permissible only for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this Regulation to safeguard the rights and freedoms of the data subject (“storage limitation”).
6. Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
7. The data controller shall be responsible for, and able to demonstrate compliance with, the above principles (“accountability”).

This document contains all relevant information regarding data processing in connection with the operation of the webshop, in accordance with the European Union Regulation 2016/679 (General Data Protection Regulation, hereinafter: Regulation, GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.).

What is a Cookie?

The Data Controller uses so-called cookies on the website during visits. A cookie is a package of information consisting of letters and numbers, sent by our website to your browser with the goal of saving certain settings, facilitating the use of the website, and helping us gather relevant statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying individual users. However, some contain a unique identifier - a randomly generated number - stored on your device, allowing for your identification.

The duration of each cookie's operation is described for each individual cookie.

Managing Cookies

Typical cookies for webshops include "password-protected session cookies," "shopping cart cookies," and "security cookies." These do not require prior consent from the data subjects for use.

Legal Background and Legal Basis of Cookies:

We distinguish three types of cookies: essential cookies for the website’s operation, statistical cookies, and marketing cookies.

The legal basis for processing cookies is:

• Consent from the data subject for statistical and marketing cookies (Article 6(1)(a) of the GDPR),
• Legitimate interest for cookies necessary for the website’s functionality (Article 6(1)(f) of the GDPR).

Main Characteristics of Cookies Used on the Website:

1. Essential Cookies:
   If you do not accept the use of these cookies, certain features may not be available for you.
2. Strictly Necessary Cookies:
   These cookies are essential for the website’s use, enabling basic functionality. Without them, several features of the website will not be available. The duration of these cookies is limited to the session period.
3. Statistical Cookies:
4. Cookies for Improving User Experience:
   These cookies collect information about user behavior on the website, such as the most frequently visited pages or any error messages encountered. These cookies do not collect identifiable information about the visitor and work with anonymous data to improve website performance. Duration: session.
5. Marketing Cookies:Example:

Cookie Deletion Information:
You can learn more about deleting cookies on the following links:

• Internet Explorer
• Firefox
• Safari
• Chrome
• Edge

Social Media:

Data Collection:
Data collected includes the registered name and public profile picture of users on Facebook, Google+, Twitter, Pinterest, YouTube, Instagram, etc.

Scope of Data Subjects:
All individuals who are registered on Facebook, Google+, Pinterest, YouTube, Instagram, etc., and "liked" the website.

Purpose of Data Collection:
To share or "like" certain content or products on social media platforms, promoting the website.

Data Retention:
The data processing takes place on the respective social media platform. For more information about data retention, modification, and deletion, the data subject should refer to the privacy policies of the respective platforms.

Legal Basis for Data Processing:
The processing of personal data is based on the voluntary consent of the data subject on the social media platforms.

{"type":"root","children":[{"type":"list","listType":"ordered","children":[{"type":"list-item","children":[{"type":"text","value":"Data processed for contract conclusion and fulfillment","bold":true},{"type":"text","value":"\nSeveral instances of data processing may occur for the purpose of contract conclusion and fulfillment. We inform you that data processing related to complaint handling and warranty management only takes place if you exercise any of these rights. If you do not make a purchase through the webshop and are merely a visitor, only marketing-related data processing (as described in the marketing section) applies to you, provided you have given consent for such processing."}]},{"type":"list-item","children":[{"type":"text","value":"Contacting us","bold":true},{"type":"text","value":"\nIf you reach out to us via email, contact form, or phone regarding any product inquiry, the initial contact is not mandatory, and you can place an order anytime without it."}]},{"type":"list-item","children":[{"type":"text","value":"Registration on the website","bold":true},{"type":"text","value":"\nData provided during registration is stored to offer more convenient service (e.g., you won’t have to re-enter your information for future purchases). Registration is not a requirement for contract conclusion."}]},{"type":"list-item","children":[{"type":"text","value":"Order processing","bold":true},{"type":"text","value":"\nDuring order processing, data is necessary to fulfill the contract."}]},{"type":"list-item","children":[{"type":"text","value":"Issuing invoices","bold":true},{"type":"text","value":"\nData processing is carried out to issue invoices and fulfill accounting document retention obligations in accordance with applicable laws."}]},{"type":"list-item","children":[{"type":"text","value":"Data processing related to product shipping","bold":true},{"type":"text","value":"\nData processing is necessary for delivering the ordered product."}]},{"type":"list-item","children":[{"type":"text","value":"Recipients and data processors related to shipping","bold":true},{"type":"text","value":"\nDetails of recipients and data processors involved in the delivery process, such as Hungarian Post and FoxPost. These third parties process personal data based on contracts with us, according to their own privacy policies."}]},{"type":"list-item","children":[{"type":"text","value":"Handling warranty and guarantee claims","bold":true},{"type":"text","value":"\nWarranty and guarantee claims must be handled according to regulations, which require documenting the claim with specific details."}]},{"type":"list-item","children":[{"type":"text","value":"Consumer protection complaint handling","bold":true},{"type":"text","value":"\nData processing is performed for handling consumer protection complaints."}]},{"type":"list-item","children":[{"type":"text","value":"Data for proving consent","bold":true},{"type":"text","value":"\nData related to user consent for registration, orders, and newsletter subscription is stored for future proof of consent."}]}]},{"type":"list","listType":"unordered","children":[{"type":"list-item","children":[{"type":"text","value":"Processed data:","bold":true},{"type":"text","value":" Consent timestamp and IP address."}]},{"type":"list-item","children":[{"type":"text","value":"Data retention period:","bold":true},{"type":"text","value":" Until the statute of limitations for proving consent expires."}]},{"type":"list-item","children":[{"type":"text","value":"Legal basis:","bold":true},{"type":"text","value":" Compliance with consent verification requirements [Regulation 6. article (1) paragraph (c)]."}]}]},{"listType":"ordered","type":"list","children":[{"type":"list-item","children":[{"type":"text","value":"Marketing data processing","bold":true},{"type":"text","value":"\nFor marketing purposes, the seller may send users/clients offers and updates regarding products they may be interested in. This occurs through newsletters and other forms of communication, with prior, explicit, voluntary consent, which can be withdrawn at any time."}]}]},{"type":"list","listType":"unordered","children":[{"type":"list-item","children":[{"type":"text","value":"Processed data:","bold":true},{"type":"text","value":" Name, address, email address."}]},{"type":"list-item","children":[{"type":"text","value":"Data retention period:","bold":true},{"type":"text","value":" Until consent is withdrawn."}]},{"type":"list-item","children":[{"type":"text","value":"Legal basis:","bold":true},{"type":"text","value":" Voluntary consent [Regulation 6. article (1) paragraph (a)]."}]},{"type":"list-item","children":[{"type":"text","value":"Personalized advertisements:","bold":true},{"type":"text","value":" Data is processed to send personalized content, such as ads tailored to the user's interests."}]},{"type":"list-item","children":[{"type":"text","value":"Processed data:","bold":true},{"type":"text","value":" Name, address, email address, phone number."}]},{"type":"list-item","children":[{"type":"text","value":"Data retention period:","bold":true},{"type":"text","value":" Until consent is withdrawn."}]},{"type":"list-item","children":[{"type":"text","value":"Legal basis:","bold":true},{"type":"text","value":" Voluntary consent [Regulation 6. article (1) paragraph (a)]."}]},{"type":"list-item","children":[{"type":"text","value":"Remarketing:","bold":true},{"type":"text","value":" This process uses cookies to collect data for remarketing purposes."}]},{"type":"list-item","children":[{"type":"text","value":"Processed data:","bold":true},{"type":"text","value":" Data collected through cookies as detailed in cookie notifications."}]},{"type":"list-item","children":[{"type":"text","value":"Data retention period:","bold":true},{"type":"text","value":" As specified in the cookie storage duration."}]},{"type":"list-item","children":[{"type":"text","value":"Legal basis:","bold":true},{"type":"text","value":" Voluntary consent given through the use of the website [Regulation 6. article (1) paragraph (a)]."}]}]},{"type":"list","listType":"ordered","children":[{"type":"list-item","children":[{"type":"text","value":"Additional data processing","bold":true},{"type":"text","value":"\nIf additional data processing is to be carried out, the data controller will provide prior notice regarding the essential details of the processing, such as the legal background, purpose, scope of data, retention period, and legal basis."}]}]}]}

Under the Regulation, the following rights are granted to you within the duration of the data processing:

• Right to withdraw consent
• Right to access personal data and related information
• Right to rectification
• Right to restriction of processing
• Right to erasure
• Right to object to processing
• Right to data portability

If you wish to exercise your rights, this will require your identification, and the Data Controller must communicate with you accordingly. Identification may require you to provide personal data, though only data that the Data Controller already processes will be used for identification. You can submit complaints regarding data processing through the Data Controller’s email address, as specified in this notice. If you were a customer and wish to identify yourself for complaints or warranty purposes, please provide your order ID.

The Data Controller will respond to complaints about data processing within 30 days.

Right to Withdraw Consent
You have the right to withdraw your consent to data processing at any time. Upon withdrawal, your data will be deleted from our systems. However, please note that if you have an unfulfilled order, withdrawing consent may prevent us from completing the delivery. Additionally, for completed purchases, accounting data cannot be deleted due to legal requirements, and if you have an outstanding debt, we may continue processing your data to collect the debt, even if you withdraw consent.

Right to Access Personal Data
You have the right to receive confirmation from the Data Controller as to whether your personal data is being processed, and if so, to access the following information:

• The purposes of data processing
• The categories of personal data being processed
• The recipients or categories of recipients of your data
• The planned retention period for your data, or the criteria for determining that period
• Your right to request rectification, deletion, or restriction of your personal data, and the right to object to data processing based on legitimate interest
• The right to lodge a complaint with the supervisory authority
• The source of the data, if not collected from you
• Information about automated decision-making, including profiling

You can request this information free of charge, but the Data Controller may charge a reasonable fee for repeated requests based on administrative costs. Information will be provided in a widely used electronic format, unless you request otherwise. If you have a registered account, you can view and verify your data via your user profile.

The Data Controller will respond to access requests within one month of receiving the request, and the response will be provided in an understandable form.

Right to Rectification
You can request the correction of inaccurate or incomplete personal data. The Data Controller will make corrections without undue delay.

Right to Restriction of Processing
You have the right to request the restriction of processing if any of the following applies:

• You contest the accuracy of your data, in which case the restriction applies for the time needed to verify the accuracy of the data
• The processing is unlawful, and you oppose the deletion of the data, requesting instead a restriction on its use
• The Data Controller no longer needs your data for the intended purpose, but you need it for legal claims
• You have objected to processing based on legitimate interest, and the Data Controller is determining whether its legitimate interests outweigh yours

If processing is restricted, your data will only be processed further with your consent or for legal claims, or to protect the rights of others.

Right to Erasure (Right to be Forgotten)
You can request the deletion of your personal data without undue delay if:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent, and there is no other legal basis for processing
• You object to processing based on legitimate interest, and there is no overriding legitimate reason for processing
• The data has been unlawfully processed
• The data must be erased to comply with EU or member state law

If the Data Controller has disclosed your data to third parties, it will take reasonable steps to inform them of the erasure request, including technical measures where applicable.

Personal data does not need to be erased if processing is necessary for:

• Exercising freedom of expression and information
• Compliance with a legal obligation
• Public interest or the exercise of public authority vested in the Data Controller
• Public health, archiving for historical research, or statistical purposes
• Legal claims

Right to Object
You can object to the processing of your personal data for reasons related to your specific situation if the processing is based on legitimate interests. In this case, the Data Controller must stop processing your data unless they can demonstrate compelling legitimate grounds for the processing that override your interests.

If your personal data is being processed for direct marketing, you have the right to object at any time, and the Data Controller must cease processing your data for that purpose.

Right to Data Portability
If the processing is automated or based on your consent, you have the right to request your personal data in a structured, commonly used, and machine-readable format, such as XML, JSON, or CSV. You can also request that your data be transferred directly to another data controller if technically feasible.

Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that have a legal effect or significantly affect you. If such decisions are made, the Data Controller must take appropriate measures to protect your rights, including at least the right to human intervention, the right to express your point of view, and the right to contest the decision.

This does not apply when the decision is necessary for the performance of a contract, authorized by law, or based on your explicit consent.

Legal Remedies and Complaints
If you believe your personal data has been mishandled, you can contact us at elindor@outlook.hu or via post at 4031 Debrecen, István út 77. 1/5.
If you believe your rights have been violated, you may file a complaint with the National Authority for Data Protection and Freedom of Information (address: 1363 Budapest, Pf. 9, email: ugyfelszolgalat@naih.hu, phone: +36 30 683-5969).
You also have the right to pursue a civil lawsuit before the court.

Changes to the Privacy Policy
The Data Controller reserves the right to modify this privacy policy without affecting its purpose and legal basis. Continued use of the website constitutes acceptance of the modified policy. If further processing is required for a different purpose, the Data Controller will inform you beforehand.

Let me know if you'd like any adjustments to the content.

1. Data Processing for Personal Data Storage

Data Processor: Shopify Inc.
Contact Information:

• Phone: +1 888 746 7439
• Email: support@shopify.com
• Headquarters: 150 Elgin St, Suite 800, Ottawa, ON, K2P 1L4, Canada
• Website: www.shopify.com

Shopify acts as a data processor under a contract with the data controller (you) to store personal data. Shopify is not authorized to access or use the personal data for any other purpose.

2. Data Processing for Accounting

Data Processor: ASK Debreceni Könyvelő Iroda (Benemiz Könyvelő Bt.)
Processor Headquarters: 4034 Debrecen, Nagybánya utca 39, Building 2
Processor Email: z.nyiri@chello.hu
Processor Website: www.debrecen-konyveles.hu

The data processor assists with the accounting of invoices under a written agreement with the data controller. Personal data such as name and address will be processed for accounting purposes as required by Hungarian law (Sztv. Section 169(2)) and will be deleted after the required period.

3. Data Processing for Invoicing

Data Processor: BudapestEszközfinanszírozó Zrt. (BUPA)
Processor Headquarters: 1138 Budapest, Váci út 193
Processor Email: info@bupa.hu
Processor Website: www.bupa.hu

The data processor assists with the registration of accounting records under a contract with the data controller. Personal data such as name and address will be processed for the required period under Hungarian accounting regulations and will be deleted afterwards.

4. Data Processing for Online Payments

Data Controller: Stripe Inc.
Data Controller Headquarters: 185 Berry Street, Suite 550, San Francisco, CA 94107, USA
Data Controller Email: info@stripe.com
Website: www.stripe.com

Stripe processes payment-related data in compliance with its agreement with the data controller (you). This data is processed securely and is necessary for the completion of online transactions.

The Data Controller declares that appropriate technical and organizational security measures have been implemented to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as from accidental loss and damage. The Data Controller also ensures that any third parties (Data Processors) to whom the data is shared, based on the User’s consent, are required to meet the data security requirements when handling personal data. The Data Controller makes every effort to prevent accidental data loss or destruction.

This commitment is also applied to the employees involved in data processing activities, who are required to comply with these security measures.

The User acknowledges and agrees that, while the Data Controller uses modern security tools to prevent unauthorized access or data leakage, the protection of personal data on the Internet cannot be fully guaranteed. In the event of unauthorized access or data breach, despite efforts to prevent it, the Data Controller is not liable for any such data acquisition or unauthorized access, nor for any damages caused to the User as a result. Furthermore, the User may provide personal data to third parties, who may misuse it for illegal purposes.

Links to Third-Party Websites

The Data Controller is not responsible for the content, data protection, or privacy practices of external websites accessible via links on the Website. If the Data Controller becomes aware that any linked website or its content violates the rights of third parties or applicable laws, the link will be removed immediately.

Data Breach Notification and Handling

A data breach is any event that results in the unlawful processing or handling of personal data, such as unauthorized or accidental access, alteration, disclosure, deletion, loss, or destruction of personal data.

The Data Controller is obligated to notify the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay, and no later than 72 hours after becoming aware of the data breach, unless the Data Controller can demonstrate that the breach is unlikely to result in risks to the rights and freedoms of individuals. If the notification cannot be made within 72 hours, the reasons for the delay must be specified, and the required information will be provided without further undue delay.

The notification to NAIH will include at least the following information:

• The nature of the data breach, including the number and categories of affected individuals and personal data;
• The name and contact details of the Data Controller;
• The likely consequences of the data breach;
• The measures taken or planned to address, remedy, or mitigate the data breach.

The Data Controller will inform affected individuals about the breach via the website as soon as possible. The notification will include the data outlined above.

A record of data breaches will be maintained by the Data Controller for monitoring and response purposes, containing:

• The types of personal data affected;
• The number of individuals affected;
• The time and circumstances of the breach;
• Measures taken to remedy or mitigate the breach.

The Data Controller will retain the breach record for 5 years from the date the breach was detected.

This Privacy Notice is governed by Hungarian law, specifically the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (April 27, 2016).