Privacy Policy

1. General principles

• We collect and process personal data only in accordance with the applicable laws.
• We transfer personal data to third parties only with consent.
• Under no circumstances do we sell the personal data we process to third parties.
• We store data as securely as possible.
• We send newsletters only to those who have given their prior and explicit consent.
• Data subjects may request access to, modification of, or deletion of the data stored about them at any time.

2. Details and contact information of our company (data controller, Service Provider)

Name of the data controller: AnDaKris Kft.
Contact details of the data controller: HU 7900 Szigetvár, Szent István lakótelep 20, 2 17
Phone: +36 20 419 4877
E-mail: @email
Web: https://www.szigetvarbiztositalak.hu
Tax number: 32185467-1-02

The Service Provider reserves the right to amend this Privacy Notice, about which it will inform the data subjects appropriately. Information related to data processing is published on the LINK GOES HERE website.

3. Definitions according to the GDPR (Regulation)

3.1. data subject/User: any identified or identifiable natural person on the basis of personal data, either directly or indirectly;

3.2. personal data: any data relating to the data subject – in particular the data subject’s name, identification mark, and one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity – as well as any conclusion drawn from such data concerning the data subject;

3.3. consent: a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify their agreement to the processing of personal data relating to them, either in full or in relation to specific operations;

3.4. data controller: the natural or legal person, or organization without legal personality, who alone or jointly with others determines the purposes of the processing of data, makes and implements decisions regarding data processing (including the means used), or has them implemented by a data processor;

3.5. data processing: any operation or set of operations performed on data, regardless of the procedure used, in particular collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion, and destruction, as well as preventing further use of the data, taking photographs, making audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g. fingerprint or palm print, DNA sample, iris image);

3.6. data transfer: making data accessible to a specified third party;

3.7. disclosure: making data accessible to anyone;

3.8. data deletion: rendering data unrecognizable in such a way that its restoration is no longer possible;

3.9. data processing operations: carrying out technical tasks related to data processing operations, regardless of the method and means used to carry them out and the place of application, provided that the technical task is performed on the data;

3.10. data processor: the natural or legal person, or organization without legal personality, who processes data on the basis of a contract, including a contract concluded pursuant to a legal provision;

3.11. data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

4. Scope of processed data, purpose and duration of data processing, and data processors

Scope of data subjects: All registered/purchasing users of the webshop website.

We share personal data only and exclusively with the third party indicated in the “Processor of the given personal data” column for the purpose of fulfilling contractual obligations.

Details and tasks of data processors used during data processing

Hosting provider
Name: InfoNetfort Kft.
Address: 7900 Szigetvár, Szent István ltp 17. IV/25.
Phone: +36-30/530-2953
E-mail: @email
Web: www.netfort.hu
Tax number: 26648082-2-02
Company registration number: 02 09 084205

Accounting tasks
 

Courier service
 

Direct marketing, newsletter
Name: 
Address: 

4.1 Contact form:

Scope of data subjects: Persons contacting us by phone, e-mail, or via the contact form.

We do not share personal data with third parties.

5. Newsletter, direct marketing activity

We send newsletters only to Users who have given their prior and explicit consent. Consent is given באמצעות the “Newsletter subscription” form.

Scope of data subjects: All data subjects subscribed to the newsletter.

Operator of the newsletter sending system and processor of the data:
Name: 
Address: 

5.1 Procedure for withdrawing consent (unsubscribing)
The data subject may unsubscribe from the newsletter at any time, free of charge. Unsubscription may be made using the link included in the newsletters, or by sending an e-mail to the EMAIL ADDRESS GOES HERE e-mail address.

6. Handling of cookies

6.1 What is a cookie?

During the visit to the website, the Data Controller uses so-called cookies. A cookie is a package of information consisting of letters and numbers that our website sends to the data subject’s browser for the purpose of saving certain settings, facilitating the use of our website, and helping us collect certain relevant statistical information about our visitors. Cookies do not contain personal information and are not suitable for identifying individual users. Cookies often contain a unique identifier – a secret, randomly generated number sequence – that is stored on the data subject’s device.
Some cookies cease to exist after the website is closed, while others are stored on the user’s computer for a longer period.

6.2 Legal background and legal basis for cookie handling

Cookies typically used by webshops include the so-called “cookies used for password-protected sessions”, “cookies required for the shopping cart”, and “security cookies”, for which prior consent from the data subjects is not required.

Fact of data processing, scope of processed data: Unique identifier, dates, times

Scope of data subjects: All visitors to the website.

Purpose of data processing: Identification of users, tracking visitors.

Legal basis for data processing: the consent of the data subject in accordance with Section 5(1)(a) of the Hungarian Information Act.

6.3 Duration of data processing, deadline for deletion of data: the website uses the following cookies:

• Security cookies: __cfduid, _biz_flagsA, _biz_nA 3, _biz_pendingA, _biz_sid, _biz_uid
• Google Analytics cookies: _ga, _gid
• Cookies necessary for the proper use of the site: 

Possible data controllers entitled to access the data: The data controller does not process personal data through the use of cookies.

Description of the data subjects’ rights related to data processing: Data subjects have the option to delete cookies in the Tools/Settings menu of browsers, usually under the Privacy settings.
If the data subject does not accept the use of cookies, certain functions may not be available to them. More information about deleting cookies can be found at the following links:
    • Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-managecooki…
    • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store…
    • Chrome: https://support.google.com/chrome/answer/95647?hl=en
    • Safari: https://support.apple.com/kb/ph21411?locale=en_US

7. Google Analytics

7.1. This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files which are stored on your computer and help analyze how users use the website.
7.2. The information generated by the cookie about the website used by the User is generally transmitted to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google will shorten the User’s IP address in advance within Member States of the European Union or in other states party to the Agreement on the European Economic Area.
7.3. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User uses the website, to compile reports on website activity for the website operator, and to provide other services related to website and internet usage.
7.4. Within the scope of Google Analytics, the IP address transmitted by the User’s browser is not associated with other Google data. The User may prevent the storage of cookies by selecting the appropriate settings in their browser; however, please note that in this case not all functions of this website may be fully usable. The User may also prevent Google from collecting and processing the data generated by cookies related to the use of the website (including the IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

8. Google AdWords conversion tracking and remarketing

8.1. The data controller uses the online advertising program called "Google AdWords" and within its framework uses Google’s conversion tracking service. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
8.2. When the User reaches a website through a Google advertisement, a cookie necessary for conversion tracking is placed on their computer. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.
8.3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User clicked on the advertisement.
8.4. Each Google AdWords customer receives a different cookie, therefore they cannot be tracked through the websites of AdWords customers.
8.5. The information obtained through conversion tracking cookies serves the purpose of preparing conversion statistics for customers who choose AdWords conversion tracking. Customers thus receive information about the number of users who clicked on their ad and were redirected to a page marked with a conversion tracking tag. However, they do not receive information that would enable them to identify any user.
8.6. If you do not wish to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. After that, the data subject will not be included in the conversion tracking statistics.
8.7. Further information and Google’s privacy statement are available at: www.google.de/policies/privacy/

8.8. Google AdWords Remarketing

8.9. Data processing as a remarketing activity is carried out using cookies.

Processed data
The data processed by the cookies defined in the cookie notice.
Duration of data processing
The storage period of the relevant cookie data; more information is available here:
Google general cookie notice: https://www.google.com/policies/technologies/types/
Google Analytics notice:
https://developers.google.com/analytics/devguides/collection/analyticsj…
Legal basis for data processing
The voluntary consent of the data subject, which the data subject gives to the service provider by using the website.

9. Rights of data subjects

9.1 Right to information
Upon the request of the data subject, the Service Provider, as data controller, shall provide information about the data processed by it or by a processor appointed by it, their source, the purpose, legal basis and duration of the processing, the name and address of the processor and its activities related to data processing, the circumstances and effects of any data protection incident and the measures taken to remedy it, as well as, in the case of data transfer, its legal basis and recipient. The data controller shall provide the information in writing, in an intelligible form, as soon as possible after submission of the request, but no later than within 30 days. This information is free of charge if the person requesting the information has not submitted a request for information to the data controller during the current year concerning the same set of data. In other cases, the Service Provider may establish cost reimbursement.

9.2 Right to rectification
The Service Provider shall rectify personal data if it does not correspond to reality and the correct personal data is available to it.

9.3 Right to restriction
The Service Provider shall restrict personal data if the data subject so requests, or if based on the information available it is assumed that deletion would harm the legitimate interests of the data subject. Restricted personal data may only be processed as long as the processing purpose that excluded the deletion of the personal data exists. The Service Provider shall mark the personal data it processes if the data subject contests its accuracy or correctness, but the incorrectness or inaccuracy of the contested personal data cannot be clearly established.

9.4 Right to erasure
The Service Provider shall delete personal data if its processing is unlawful, if the data subject requests it, if the processed data is incomplete or incorrect – and this condition cannot be lawfully remedied – provided that deletion is not excluded by law, if the purpose of data processing has ceased, or if the statutory retention period has expired, or if deletion has been ordered by the court or the National Authority for Data Protection and Freedom of Information.

9.5 Procedural rules
The data controller has 30 days to delete, restrict, or rectify personal data. If the data controller does not comply with the data subject’s request for rectification, restriction, or deletion, it shall communicate the reasons for refusal in writing, or electronically with the data subject’s consent, within 30 days. The Service Provider shall notify the data subject, as well as all those to whom the data was previously transferred for the purpose of processing, of the rectification, restriction, marking, and deletion. Notification may be omitted if this does not infringe the legitimate interest of the data subject in view of the purpose of processing.

9.6 Objection
The data subject may object to the processing of their personal data if

a) the processing or transfer of personal data is necessary solely for compliance with a legal obligation applicable to the data controller, or for the purposes of the legitimate interests pursued by the data controller, data recipient, or a third party, except where processing is prescribed by law;

b) in other cases specified by law.

The Service Provider shall examine the objection as soon as possible from the submission of the request, but no later than within 15 days, make a decision on whether it is well-founded, and inform the applicant of its decision in writing. If the data controller finds that the objection of the data subject is well-founded, it shall terminate the data processing – including further data collection and data transfer – and restrict the data, and shall notify all parties to whom the personal data affected by the objection had previously been transferred, and who are obliged to take measures to enforce the right to object.

If the data subject does not agree with the decision of the data controller, they may turn to court within 30 days of its communication.

The Service Provider may not delete the data of the data subject if the processing is prescribed by law. However, the data may not be transferred to the recipient if the data controller agreed with the objection or if the court established that the objection was justified.

9.7 Right to data portability
If the processing is carried out by automated means, or if the processing is based on the voluntary consent of the data subject, the data subject has the right to request from the Data Controller the data provided by the data subject to the Data Controller, which the Data Controller will make available to the data subject in xml, JSON, or csv format, and if technically feasible, the data subject may request that the Data Controller transfer the data in this format to another data controller.

9.8 Compensation and damages for non-material harm
The Service Provider shall compensate for damage caused to others by the unlawful processing of the data subject’s data or by breaching the requirements of data security. In the event of infringement of the data subject’s personality rights, the data subject may claim compensation for non-material harm (Section 2:52 of the Hungarian Civil Code). The data controller is also liable to the data subject for damage caused by the data processor. The data controller is exempt from liability if the damage was caused by an unavoidable cause outside the scope of data processing.

The data controller shall not compensate for damage and compensation for non-material harm may not be claimed insofar as the damage or the infringement of personality rights was caused by the intentional or grossly negligent conduct of the injured party.

9.9 Right to go to court
In the event of a violation of their rights, the data subject may turn to court against the data controller. The court shall act in the matter out of turn.

9.10 Complaint
Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: +361/391-1400
Fax: +361/391-1410
E-mail: @email
Website: http://www.naih.hu

10. Data security

The Service Provider designs and carries out data processing operations in such a way as to ensure the protection of the privacy of data subjects.

The Service Provider, and within its field of activity the data processor, ensures the security of the data, takes the technical and organizational measures, and establishes the procedural rules necessary for the enforcement of the Information Act and other data and confidentiality protection regulations.

The Service Provider protects the data with appropriate measures in particular against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as accidental destruction and damage, and against inaccessibility resulting from changes in the applied technology.

During data processing, the Service Provider preserves:
    • confidentiality: it protects the information so that only those who are entitled to access it can do so
    • integrity: it protects the accuracy and completeness of the information and the method of processing
    • availability: it ensures that when the authorized user needs it, they can actually access the desired information, and that the related means are available.

The IT systems and networks of the Service Provider and its partners involved in data processing are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions, and denial-of-service attacks. The operator ensures security through server-level and application-level protective procedures.

11. Applicable legislation used for this Privacy Notice

    • Act CXII of 2011 – on the right to informational self-determination and freedom of information (Infotv.)
    • Act V of 2013 – on the Civil Code (Ptk.)
    • Act CLV of 1997 – on Consumer Protection (Fgytv.)
    • Act XIX of 1998 – on Criminal Proceedings (Be.)
    • Act CVIII of 2001 – on certain issues of electronic commerce services and information society services (E-commerce Act)
    • Act C of 2003 – on Electronic Communications (Eht.)
    • Act XLVIII of 2008 – on the basic conditions and certain restrictions of commercial advertising activity (Grt.)
    • Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information
    • GDPR, Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing and protection of personal data of natural persons and on the free movement of such data

2026.03.25.