{"id":1586,"date":"2026-03-09T15:59:44","date_gmt":"2026-03-09T14:59:44","guid":{"rendered":"https:\/\/brizlo.test-i.kodolj.hu\/data-management-policy\/"},"modified":"2026-04-28T18:08:15","modified_gmt":"2026-04-28T16:08:15","slug":"data-management-policy","status":"publish","type":"page","link":"https:\/\/brizlo.test-i.kodolj.hu\/en\/data-management-policy\/","title":{"rendered":"Data Management Policy"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Privacy Policy<\/h1>\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Data Management Information<\/strong><\/p>

Accepted by Pihepets Kft.<\/strong> (registered office: 1089 Budapest, Orczy \u00fat 12., company registration number: 01-09-387984, tax number: 25481819-2-42, tel.: +3620-4010000, e-mail address: info@brizlo.hu; represented by: Szabolcs M\u00e1sody<\/strong><\/em> managing director) (hereinafter: Data Controller) on September 11, 2024.<\/p>

1.\/ General Provisions<\/strong><\/p>

The subject of this data protection information is the management of personal data obtained by the Data Controller based on its commercial activities conducted on the www.brizlo.hu website in accordance with Act CXII of 2011 on the right of informational self-determination and freedom of information (hereinafter: Infotv.), Regulation (EU) 2016\/679 of the European Parliament and of the Council (hereinafter: GDPR), and other applicable laws.<\/p>

This Information records the data protection and data management principles applied by the Data Controller, through which the Data Controller ensures that the personal data of natural persons in contact with it are not violated.<\/p>

The Data Controller reserves the right to unilaterally modify its data protection policy and thus the content of this Information in case of changes in the services provided by it, as well as in accordance with the applicable legal provisions. The Data Controller will notify the Data Subjects of any changes to this Information simultaneously on the www.brizlo.hu website.<\/p>

2.\/ Legal Background<\/strong><\/p>

\u2022 Regulation (EU) 2016\/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation \u2013 GDPR)<\/p>

\u2022 Act CXII of 2011 on the right of informational self-determination and freedom of information<\/p>

\u2022 Act V of 2013 on the Civil Code<\/p>

\u2022 Act XLVIII of 2008 on the fundamental conditions and certain restrictions of economic advertising activities<\/p>

\u2022 Act CVIII of 2001 on electronic commerce services and certain issues related to information society services<\/p>

3.\/ Definitions<\/strong><\/p>

Personal data\/Data Subject:<\/strong> any information relating to an identified or identifiable natural person (\u201cData Subject\u201d); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.<\/p>

Data processing:<\/strong> any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.<\/p>

Data processor:<\/strong> a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.<\/p>

Data Controller:<\/strong> the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law.<\/p>

Data destruction:<\/strong> the complete physical destruction of the data carrier containing the data.<\/p>

Data transfer:<\/strong> making data accessible to a specified third party.<\/p>

Data deletion:<\/strong> rendering data unrecognizable in such a way that recovery is no longer possible.<\/p>

Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.<\/p>

EEA State:<\/strong> a Member State of the European Union and any other state party to the Agreement on the European Economic Area, as well as a state whose nationals enjoy the same status as nationals of the states party to the Agreement on the European Economic Area under an international agreement between the European Union and its Member States and that state.<\/p>

Third party:<\/strong> a natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, Data Processor or persons who, under the direct authority of the Data Controller or Data Processor, are authorized to process personal data.<\/p>

Third country:<\/strong> any country that is not an EEA State.<\/p>

Consent:<\/strong> any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.<\/p>

Disclosure:<\/strong> making data accessible to anyone.<\/p>

4.\/ Scope of Data Subjects<\/strong><\/p>

The data processing applies to:<\/p>

– Natural persons who:<\/p>

\u2022 register themselves with the Data Controller on its internet webshop available at www.brizlo.hu (hereinafter: webshop) for contact; advertising or other information purposes; newsletter sending; \u2022 register themselves personally or on the webshop with the Data Controller for the purpose of ordering goods (hereinafter: order).<\/p>

The above hereinafter collectively: Data Subject(s).<\/em><\/p>

The subject matter of this Information extends to all data processing carried out by the Data Controller involving personal data, regardless of the nature of the personal data.<\/p>

5.\/ Source of Data:<\/strong><\/p>

Data voluntarily provided by the Data Subjects.<\/p>

6.\/ Principles of Data Processing:<\/strong><\/p>

The Data Controller acts in accordance with the following principles regarding the processing of personal data:<\/p>

a) personal data must be processed lawfully, fairly and in a transparent manner to the Data Subject;<\/p>

b) personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;<\/p>

c) data processing shall be limited to what is necessary in relation to the purposes (\u201cdata minimization\u201d);<\/p>

d) the processed data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay (\u201caccuracy\u201d);<\/p>

e) personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes (\u201cstorage limitation\u201d);<\/p>

f) personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (\u201cintegrity and confidentiality\u201d).<\/p>

7.\/ Categories of Processed Data, Purpose, Duration and Legal Basis of Processing<\/strong><\/p>

\u2022 Mandatory personal data for contact; advertising or other information; newsletter sending:<\/strong><\/em><\/p>

Processed Data<\/strong><\/em><\/p><\/td>

Purpose of Processing<\/strong><\/em><\/p><\/td>

Duration of Processing<\/strong><\/em><\/p><\/td>

Legal Basis of Processing<\/strong><\/em><\/p><\/td><\/tr>

Last and first name:<\/em><\/p><\/td>

For personal address in the newsletter<\/em><\/p><\/td>

Until withdrawal<\/em><\/p><\/td>

According to GDPR Article 6(1)(a) consent of the Data Subject to processing<\/em><\/p><\/td><\/tr>

Email address:<\/em><\/p><\/td>

To communicate information related to the webshop’s offers, promotions, new products, and operation affecting customers. Occasionally \u2013 in case of previous purchase \u2013 sending offers for similar new products.<\/em><\/p><\/td>

Until withdrawal<\/em><\/p><\/td>

According to GDPR Article 6(1)(a) consent of the Data Subject to processing.<\/em><\/p><\/td><\/tr><\/tbody><\/table><\/div>

\u2022 Mandatory personal data for purchase in the webshop<\/strong><\/em><\/p>

Processed Data<\/em><\/strong><\/p><\/td>

Purpose of Processing<\/em><\/strong><\/p><\/td>

Duration of Processing<\/em><\/strong><\/p><\/td>

Legal Basis of Processing<\/em><\/strong><\/p><\/td><\/tr>

Last and first name<\/em><\/p><\/td>

1.\/ Contract related to the order, delivery note<\/em><\/p><\/td>

1.\/ For five years after the order fulfillment date<\/em><\/p><\/td>

1.\/ Related to order: GDPR Article 6(1)(b) performance of contract<\/em><\/p><\/td><\/tr><\/tbody><\/table><\/div>

<\/td>

preparation, issuance of thank you card, package dispatch<\/em><\/p>

2.\/ Invoice issuance for the order<\/em><\/p><\/td>

2.\/ For eight years after the invoice issuance<\/em><\/p><\/td>

Act CVIII of 2001 on electronic commerce services and certain issues related to information society services Section 13\/A<\/em><\/p>

Act V of 2013 on the Civil Code Section 6:22 (statute of limitations \u2013 five years)<\/em><\/p>

2.\/ Related to invoicing: GDPR Article 6(1)(c) legal obligation \u2013 VAT Act CXXVII of 2007 Section 159 and Accounting Act C of 2000 Section 169 (2)-(3)<\/em><\/p>

Act CVIII of 2001 on electronic commerce services and certain issues related to information society services Section 13\/A<\/em><\/p><\/td><\/tr>

Address<\/em><\/p><\/td>

1.\/ Contract related to the order, delivery note, preparation, issuance of thank you card, package dispatch<\/em><\/p>

2.\/ Invoice issuance for the order<\/em><\/p><\/td>

1.\/ For five years after the order fulfillment date<\/em><\/p>

2.\/ For eight years after the invoice issuance<\/em><\/p><\/td>

1.\/ Related to order: GDPR Article 6(1)(b) performance of contract<\/em><\/p>

Act CVIII of 2001 on electronic commerce services and certain issues related to information society services Section 13\/A<\/em><\/p>

Act V of 2013 on the Civil Code Section 6:22 (statute of limitations \u2013 five years)<\/em><\/p>

2.\/ Related to invoicing: GDPR Article 6(1)(c) legal obligation \u2013 VAT Act CXXVII of 2007 Section 159<\/em><\/p><\/td><\/tr><\/tbody><\/table><\/div>

<\/td> <\/td> <\/td>

and Accounting Act C of 2000 Section 169 (2)-(3)<\/em><\/p>

Act CVIII of 2001 on electronic commerce services and certain issues related to information society services Section 13\/A<\/em><\/p><\/td><\/tr>

Phone number<\/em><\/p><\/td>

Information and contact related to the order<\/em><\/p><\/td>

For five years after the order fulfillment date in the webshop<\/em><\/p><\/td>

GDPR Article 6(1)(b) performance of contract<\/em><\/p>

Act V of 2013 on the Civil Code Section 6:22 (statute of limitations \u2013 five years)<\/em><\/p><\/td><\/tr>

Email address<\/em><\/p><\/td>

Information and contact related to the order<\/em><\/p><\/td>

For five years after the order fulfillment date in the webshop<\/em><\/p><\/td>

GDPR Article 6(1)(b) performance of contract<\/em><\/p>

Act V of 2013 on the Civil Code Section 6:22 (statute of limitations \u2013 five years)<\/em><\/p><\/td><\/tr>

Delivery address<\/em><\/p><\/td>

For order delivery (if delivery address differs from residence address)<\/em><\/p><\/td>

For five years after the order fulfillment date in the webshop<\/em><\/p><\/td>

GDPR Article 6(1)(b) performance of contract<\/em><\/p>

Act V of 2013 on the Civil Code Section 6:22 (statute of limitations \u2013 five years)<\/em><\/p><\/td><\/tr><\/tbody><\/table><\/div>

The above-listed personal data are necessary for the fulfillment of the contract in the webshop and must be provided mandatorily (necessary) for order fulfillment. If the personal data are not provided, the order cannot be fulfilled.<\/p>

8.\/ Data Transfer and Recipients<\/strong><\/p>

A. The Data Controller does not transfer personal data to third countries or international organizations.<\/p>

B. The Data Controller transfers the processed data to the following recipients:<\/p>

Data Processors of the Data Controller:<\/p>

Name and contact<\/em><\/strong><\/p><\/td>

Data concerned<\/em><\/strong><\/p><\/td>

Purpose of data transfer<\/em><\/strong><\/p><\/td><\/tr>

M\u0170ISZ Holding Kft. (1089 Budapest Orczy \u00fat 12.)<\/p><\/td>

all processed data<\/p><\/td>

accounting and payroll<\/p><\/td><\/tr>

GLS courier service (2351 Als\u00f3n\u00e9medi, GLS Eur\u00f3pa utca 2.)<\/p><\/td>

Name, delivery address, contact phone number, email address<\/p><\/td>

Order delivery<\/p><\/td><\/tr>

Magyar Posta Zrt. (1138 Budapest, Dunavir\u00e1g utca 2-6.)<\/p><\/td>

Name, delivery address, contact phone number, email address<\/p><\/td>

Order delivery<\/p><\/td><\/tr>

sz\u00e1ml\u00e1zz.hu KBOSS.hu Kft. (1031 Budapest, Z\u00e1hony utca 7.)<\/p><\/td>

Name, address, phone number, email address<\/p><\/td>

Invoice issuance<\/p><\/td><\/tr>

CreatIT Solutions Background and Communication Limited Liability Company (6724 Szeged, K\u00f6rt\u00f6lt\u00e9s utca 59.)<\/p><\/td>

all processed data<\/p><\/td>

Operation of data controller software related to Data Subjects<\/p><\/td><\/tr>

X-COM Telecommunications, Commercial Development and Manufacturing Limited Liability Company (1156 Budapest, Ny\u00edrpalota u. 12.)<\/p><\/td>

all processed data<\/p><\/td>

Operation of emails related to Data Subjects and management of data controller domains<\/p><\/td><\/tr><\/tbody><\/table><\/div>

C. Other<\/p>

The payment for products purchased in the webshop must be made via the \u201cSimplePay\u201d application provided by OTP Mobil Szolg\u00e1ltat\u00f3 Korl\u00e1tolt Felel\u0151ss\u00e9g\u0171 T\u00e1rsas\u00e1g (1138 Budapest, V\u00e1ci \u00fat 135-139. B. building 5th floor) (hereinafter: OTP Mobil Kft.) in favor of the Data Controller.<\/p>

When ordering, personal data such as First Name, Last Name, Postal Code, City, Address, Building, Floor, Door, Phone Number must be provided on the webshop\u2019s \u201cSimplePay\u201d payment preparation page. After providing the data, the Data Subject is redirected to the secure \u201cSimplePay\u201d payment page where the card data necessary for payment must be entered. Payment becomes possible thereafter.<\/p>

The Data Controller does not gain knowledge of the data entered on the \u201cSimplePay\u201d payment preparation page or the \u201cSimplePay\u201d payment page; these are independent and protected internet pages.<\/p>

Therefore, during the above payment process, the Data Controller does not perform any data processing activities. The exclusive, independent data controller during payment is OTP Mobil Kft.<\/p>

9.\/ Technical Implementation of Data Processing:<\/strong><\/p>

The Data Controller stores the personal data of Data Subjects exclusively electronically on servers located in Hungary; personal data are not transferred to data processors in third countries.<\/p>

The Data Controller ensures the security of personal data with appropriate technical and organizational measures. The Data Controller protects the computer equipment used for processing and storing personal data with adequate safeguards (password, firewall) and ensures that only authorized persons have access to this equipment.<\/p>

The Data Controller also ensures that personal data are not damaged, destroyed, or disclosed in case of force majeure.<\/p>

10.\/ Rights of Data Subjects Regarding Data Processing<\/strong><\/p>

During data processing, the Data Controller ensures the Data Subjects\u2019 right to data protection. Data Subjects have the right to:<\/p>

a) right to information: The Data Subject is entitled to receive information about data processing activities before they commence.<\/p>

b) right of access: The Data Subject has the right to obtain confirmation from the Data Controller whether personal data concerning them are being processed, and if so, to access the personal data and relevant information (purpose of processing, Data Subject\u2019s personal data, storage duration, etc.).<\/p>

c) right to rectification and erasure: The Data Subject has the right to request the Data Controller to rectify inaccurate personal data without undue delay. The Data Subject has the right to request the Data Controller to erase personal data without undue delay, and the Data Controller is obliged to erase personal data without undue delay if the Data Subject withdraws consent or the purpose of processing ceases, except where data must be retained by law. However, data that cannot be erased at the time of the request or by law will continue to be processed by the Data Controller.<\/p>

d) right to restriction of processing: The Data Subject has the right to request restriction of processing if they contest the accuracy of the personal data (restriction applies during verification), if processing is unlawful and the Data Subject opposes erasure and requests restriction instead, or if the Data Controller no longer needs the data but the Data Subject requires them for legal claims.<\/p>

e) notification obligation related to rectification, erasure, or restriction: The Data Controller shall inform all recipients to whom personal data have been disclosed about rectification, erasure, or restriction, unless this proves impossible or involves disproportionate effort.<\/p>

f) right to data portability: The Data Subject has the right to receive personal data provided to a Data Controller in a structured, commonly used, machine-readable format and to transmit those data to another Data Controller.<\/p>

g) right to lodge a complaint and legal remedy: The Data Subject has the right under GDPR Article 77 to lodge a complaint with the supervisory authority if they consider that the processing of their personal data violates the GDPR. Furthermore, under Infotv. Section 22, the Data Subject may initiate a supervisory authority investigation regarding the legality of the Data Controller\u2019s measures if the Data Controller restricts the exercise of these rights or rejects the request, and may request a data protection authority procedure if the Data Controller or its processor violates legal provisions.<\/p>

The Data Subject may exercise the right to lodge a complaint at the following contact details: National Authority for Data Protection and Freedom of Information; address: 1055 Budapest, Falk Miksa utca 9-11.; Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; website: http:\/\/www.naih.hu; email: ugyfelszolgalat@naih.hu<\/em><\/p>

In case of violation of rights or other cases defined in Infotv., the Data Subject may turn to court (Infotv. Section 23). The court of jurisdiction is the Tribunal. The lawsuit may be initiated before the court of the Data Subject\u2019s residence or place of stay at the Data Subject\u2019s choice.<\/p>

11.\/ Special Rules for Newsletter Sending and Advertising Information<\/strong><\/p>

The Data Controller primarily sends messages to Data Subjects containing information related to the purpose of data processing and the services provided, necessary for using the services.<\/p>

The Data Subject acknowledges that subscribing to the newsletter also constitutes consent under Act XLVIII of 2008 on the fundamental conditions and certain restrictions of economic advertising activities Section 6(1), based on which the Data Controller is entitled to send direct advertising and marketing communications to the Data Subject\u2019s provided electronic mail address regarding services organized by the Data Controller. By subscribing to the newsletter, the Data Subject explicitly consents to receiving news, newsletters, advertisements, and promotional offers related to the services provided by the Data Controller.<\/p>

If the Data Subject no longer wishes to receive advertising messages in the future, they may unsubscribe at any time using the option provided in the newsletter sent by the Data Controller or expressly prohibit the sending of advertising communications by personal, postal, or electronic mail addressed to the Data Controller. Such withdrawal does not affect the lawfulness of data processing carried out based on consent before withdrawal.<\/p>

12.\/ Provisions Related to Facebook, Google Analytics, Google Adwords, Hotjar Applications<\/strong><\/p>

12.1. Facebook<\/p>

More information about cookies placed by Facebook can be found at: https:\/\/hu-hu.facebook.com\/policies\/cookies\/ Information about disabling cookies is also available at the linked page.<\/p>

12.2. Google Analytics<\/p>

Google Analytics is an analytics service provided by Google Inc. (\u201cGoogle\u201d) which examines user activities on the website using cookies stored on the user\u2019s computer. The legal basis for web analytics data processing is the voluntary consent of the website user. Cookies used for analytics are anonymized and aggregated data, making it difficult but not impossible to identify the device.<\/p>

Data collected by Google Analytics cookies are transferred and stored on Google\u2019s servers. Google processes the collected information to assess and evaluate users\u2019 website visit habits, prepare reports on website usage frequency, and provide additional related services. Google cannot associate the IP address transmitted through the browser with other data during the use of Google Analytics.<\/p>

Google Analytics uses analytics cookies. More information about cookies used by Google Analytics is available at: https:\/\/developers.google.com\/analytics\/devguides\/collection\/analyticsjs\/cookie_usage#analyticsjs<\/p>

12.3. Google Adwords<\/p>

The website uses Google Adwords remarketing tags to target visitors later with remarketing ads on websites within the Google Display Network. Remarketing tags use cookies to tag website visitors. Users can disable these cookies by visiting Google\u2019s ad settings manager and following the instructions. If cookies are disabled, personalized offers from the Service Provider will no longer appear.<\/p>

More information about cookies used by Google is available at: https:\/\/policies.google.com\/technologies\/ads?hl=hu<\/p>

Google\u2019s privacy policy can be viewed at: https:\/\/policies.google.com\/privacy?hl=hu<\/p>

12.4. Hotjar<\/p>

The website occasionally uses Hotjar web analytics to analyze user behavior. Hotjar examines user interactions on the website using cookies stored on the user\u2019s computer. The legal basis for web analytics data processing is the voluntary consent of the website user. Cookies used for analytics are anonymized and aggregated data, making it difficult but not impossible to identify the device\/computer.<\/p>

Hotjar uses analytics cookies. More information about cookies used by Hotjar is available at: https:\/\/www.hotjar.com\/legal\/policies\/cookie-information<\/p>

13.\/ Final Provisions<\/strong><\/p>

When visiting the website, the consumer\u2019s IP address may be registered; however, the IT solutions used during website operation do not allow the Data Controller to access the consumer\u2019s personal data. These data are used solely for website development and improving services available through it (for statistics and analyses).<\/p>

On the first visit, the website may install a so-called \u201ccookie\u201d (hereinafter: \u201ccookie\u201d) on the consumer\u2019s computer or phone hard drive or memory to make subsequent visits faster and easier to navigate.<\/p>

If cookie installation is refused, some elements of the page may not be displayed.<\/p>

The Data Controller does not exchange cookies with websites operated by third parties and does not allow them on its own website. Detailed rules of \u201ccookie management\u201d are contained in the cookie management pop-up windows on www.brizlo.hu.<\/p>

The Data Controller reserves the right to make changes and corrections to the website without notice at any time, and to partially or entirely discontinue the website or the information published on it. The Data Controller does not guarantee continuous and error-free access to the website and is not liable for damages caused by operational failures.<\/p>

The Data Controller is liable to compensate for damages caused to others by unlawful processing of Data Subjects\u2019 data or breach of data security requirements, except if the damage resulted from the injured party\u2019s intentional or grossly negligent conduct.<\/p>

14.\/ Applicable Legislation<\/strong><\/p>

In matters not regulated in this Information, the provisions of Regulation (EU) 2016\/679 of the European Parliament and of the Council (GDPR), Act CXII of 2011 on the right of informational self-determination and freedom of information, Act V of 2013 on the Civil Code, and other relevant laws shall apply.<\/p>

This data management information has been prepared in Hungarian.<\/p>

This data management Information is valid from today until withdrawal.<\/p>

Budapest, September 11, 2024.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Accepted by Pihepets Kft. (registered office: 1089 Budapest, Orczy \u00fat 12, tax number: 25481819-2-02, tel.: 0612109283, e-mail address: info@brizlo.eu) (hereinafter: Data Controller).<\/p>\n

1.\/ General provisions<\/b><\/p>\n

<\/b>The subject of this privacy policy is the management of personal data obtained by the Data Controller in connection with the operation of the online store (hereinafter: online store) operating on the website https:\/\/brizlo.hu\/<\/span> (hereinafter: website) operated by the Data Controller, based on Act CXII of 2011 on the right of informational self-determination and freedom of information (hereinafter: Infotv.), Regulation (EU) 2016\/679 of the European Parliament and Council (GDPR), and other applicable laws.<\/p>\n

This Policy sets out the data protection and data management principles applied by the Data Controller, through which the Data Controller ensures that the personal rights of natural persons who come into contact with it in connection with the services provided via the online store are not violated.<\/p>\n

The Data Controller reserves the right to unilaterally modify its data protection policy and the content of this Policy in case of changes in the services provided by it, as well as in accordance with the applicable legal provisions. The Data Controller shall publish a notice of any changes to this policy simultaneously with the change on the website.<\/p>\n

2.\/ Scope of data subjects<\/b><\/p>\n

Natural persons (hereinafter: data subjects) who purchase the Data Controller\u2019s products through the online store (hereinafter: product sales), or who explicitly register for the newsletter service on the website,<\/p>\n

<\/b>3.\/ Purpose of data processing<\/b><\/p>\n

The Data Controller keeps and processes the personal data voluntarily provided by the data subjects for the following purposes related to product sales: conclusion of contracts related to product sales in the online store, contract performance, contract termination, sending newsletters, and advertising information.<\/p>\n

4.\/ Legal basis of data processing and source of data<\/b><\/p>\n

The legal basis of data processing is primarily the prior, voluntary consent given by the data subjects after appropriate information about data processing, as well as the conclusion, performance, and termination of contracts related to product sales.<\/p>\n

The source of the data is the data voluntarily provided by the data subjects.<\/p>\n

By providing their personal data on the website or subscribing to the newsletter and advertising information service, the data subject expressly consents, with knowledge of this policy, to the Data Controller processing the personal data voluntarily provided by them in accordance with this policy.<\/p>\n

If the data subject provides their data for the purpose of product sales, their data will be processed for the purpose of concluding, performing, and terminating contracts related to product sales. The data subject acknowledges that by purchasing, they accept the processing of their data for multiple data processing purposes as described above with a single consent.<\/p>\n

If the data subject subscribes to the newsletter and advertising information service, their data will be processed for the purpose of sending newsletters and advertising information. The data subject acknowledges that by subscribing, they accept the processing of their data for multiple data processing purposes as described above with a single consent.<\/p>\n

5.\/ Data concerning data subjects, duration of data processing<\/b><\/p>\n

Data processing covers the following data of data subjects:<\/p>\n

In case of product sales:<\/p>\n

    \n
  • name,<\/li>\n
  • address, billing address,<\/li>\n
  • date of birth,<\/li>\n
  • identity card number, or passport number, or driver\u2019s license number,<\/li>\n
  • email address.<\/li>\n<\/ul>\n

    In case of subscription to newsletter and advertising information:<\/p>\n

      \n
    • name,<\/li>\n
    • email address.<\/li>\n<\/ul>\n

      In the case of product sales, providing the above data to the Data Controller is a prerequisite for concluding and performing the contract related to product sales.<\/p>\n

      In the case of subscription to newsletter and advertising information, providing the above data is a prerequisite for sending the respective electronic information.<\/p>\n

      Failure to provide data means the data subject cannot conclude a contract related to product sales or receive the respective information.<\/p>\n

      Data processing begins upon filling out the registration form (providing data for product sales or subscribing to newsletter and advertising information).<\/p>\n

      In the case of product sales, the Data Controller processes the data for six years.<\/p>\n

      In the case of subscription to newsletter and advertising information, the Data Controller processes the data until withdrawal, but no longer than ten years.<\/p>\n

      Upon expiration of the data processing period, the Data Controller permanently deletes the personal data of the data subjects in a way that cannot be restored.<\/p>\n

      The data subject may withdraw their consent to data processing at any time, without justification, verbally, in writing, or by electronic communication. In this case, the Data Controller will permanently delete all data in a way that cannot be restored, except for data related to product sales that must be retained longer by civil, tax, or other legal regulations.<\/p>\n

      6.\/ Types of data transferred<\/b><\/p>\n

      The Data Controller may not use personal data for purposes other than those specified. Personal data may only be transferred to third parties with the prior and informed consent of the data subjects, except in cases of mandatory data transfer required by law.<\/p>\n

      7.\/ Obligations of the Data Controller\u2019s auxiliaries during data processing<\/b><\/p>\n

      Personal data that comes to the knowledge of the Data Controller may only be accessed by the Data Controller\u2019s auxiliaries involved in achieving the data processing purposes defined in this policy, who are bound by confidentiality obligations regarding all data they become aware of, based on their employment contract, commission contract, other work-related contract, applicable legal provisions, or instructions from the Data Controller.<\/p>\n

      Compliance with the data processing policy is mandatory for the Data Controller and all its auxiliaries \u2013 including former auxiliaries \u2013 (hereinafter: auxiliary) in the handling of data subjects\u2019 personal data.<\/p>\n

      The auxiliary may not disclose or communicate any personal data related to the data subjects learned during their legal relationship to any other person, nor make it accessible to others, either during or after the legal relationship.<\/p>\n

      The auxiliary may disclose personal data learned during the legal relationship to another auxiliary only if necessary for the performance of the work. The auxiliary may disclose personal data learned during the legal relationship to other third parties only with the Data Controller\u2019s permission. The auxiliary may transfer personal data learned during the legal relationship only with the Data Controller\u2019s permission, regardless of the means or manner of transfer.<\/p>\n

      The auxiliary is obliged to immediately report to the Data Controller if they become aware of any violation of this policy.<\/p>\n

      8.\/ Technical implementation of data processing:<\/b><\/p>\n

      The Data Controller stores the personal data of data subjects exclusively electronically on servers located in Hungary; personal data are not transferred to any Data Controller or data processor in Hungary or third countries.<\/p>\n

      The Data Controller ensures the security of personal data with appropriate technical and organizational measures. The Data Controller protects the IT equipment used for processing and storing personal data with adequate safeguards (password, firewall) and ensures that only authorized persons have access to these devices. The Data Controller also ensures that personal data are not damaged, destroyed, or disclosed in case of force majeure.<\/p>\n

      9.\/ Data subjects\u2019 rights related to data processing<\/b><\/p>\n

      The data subject may request from the Data Controller:<\/p>\n

        \n
      • Information about the processing of their personal data: upon request, the Data Controller shall provide information about the data processed, their source, purpose, legal basis, duration of processing, and \u2013 in case of data transfer \u2013 the legal basis and recipient of the data transfer within 30 days of receiving the request. Refusal of information is only possible in cases regulated by law. The information is free of charge if the requester has not submitted a request for information on the same data set in the current year. Otherwise, the Data Controller may charge a fee.<\/li>\n
      • Correction of personal data: if the personal data is inaccurate and the correct data is available to the Data Controller, it shall correct the data on its own authority; otherwise, upon the data subject\u2019s request.<\/li>\n
      • Completion of personal data: if the personal data is incomplete and the additional data is available to the Data Controller, it shall complete the data on its own authority; otherwise, upon the data subject\u2019s request.<\/li>\n
      • Deletion of personal data: the Data Controller shall delete personal data if its processing is unlawful; the data subject requests it; the purpose of data processing has ceased; the retention period has expired; or a court or authority orders it.<\/li>\n
      • Blocking of personal data: instead of deletion, the Data Controller shall block personal data if the data subject requests it or if, based on available information, deletion would violate the data subject\u2019s legitimate interests. Such blocked personal data may only be processed as long as the data processing purpose that excludes deletion exists.<\/li>\n
      • Portability of personal data: the data subject shall receive the personal data provided to the Data Controller in a structured, commonly used, machine-readable format and is entitled to transmit these data to another Data Controller.<\/li>\n<\/ul>\n

        In addition to the above, the data subject may object to the processing of their personal data if the processing or transfer is necessary solely for compliance with a legal obligation of the Data Controller or for the legitimate interests of the Data Controller, data recipient, or a third party.<\/p>\n

        The Data Controller shall examine the objection as soon as possible, but no later than within 15 days of receipt, decide on its validity, and inform the requester in writing of the decision.<\/p>\n

        Details of these rights are contained in Sections 14-19 and 21 of the Infotv.<\/p>\n

        The data subject is entitled to initiate proceedings before the National Authority for Data Protection and Freedom of Information regarding data processing they consider unlawful.<\/p>\n

        The data subject may also turn to the court in cases specified in the Infotv (Section 23). The court of jurisdiction is the district court. The lawsuit may be initiated before the district court of the data subject\u2019s residence or place of stay, at the data subject\u2019s choice.<\/p>\n

        10.\/ Data protection incident<\/b><\/p>\n

        A data protection incident is defined as:<\/p>\n

        a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data transmitted, stored, or otherwise processed.<\/p>\n

        In particular, incidents may include: theft or loss of a \u201ccompany\u201d laptop or mobile phone, unauthorized access to customer databases, hacking of the online store\u2019s IT system and access to data.<\/p>\n

        The Data Controller \u2013 through its managing director \u2013 shall immediately take the necessary steps and make notifications to eliminate the data protection incident and mitigate resulting damages.<\/p>\n

        If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject without undue delay about the incident. The information provided to the data subject must clearly and understandably describe the nature of the incident and communicate the most important information and measures.<\/p>\n

        The data subject does not need to be informed as described above if any of the following conditions are met:<\/p>\n

        a) the Data Controller has implemented appropriate technical and organizational protection measures and applied these to the data affected by the incident, especially measures such as encryption that render the data unintelligible to unauthorized persons;<\/p>\n

        b) the Data Controller has taken further measures after the incident to ensure that the high risk to the rights and freedoms of the data subject mentioned above is unlikely to materialize;<\/p>\n

        c) providing information would require disproportionate effort. In such cases, the data subjects shall be informed by publicly available information or by similar measures ensuring equally effective communication.<\/p>\n

        <\/b>11.\/ Special rules regarding newsletter and advertising information<\/b><\/p>\n

        The Data Controller sends messages containing information about its products, services, and news to the data subjects.<\/p>\n

        The data subject acknowledges that subscribing to the newsletter service constitutes consent under Section 6 (1)-(2) of Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities, based on which the Data Controller is entitled to send direct advertising and marketing communications to the electronic mail address provided by the data subject. By subscribing to the newsletter service, the data subject expressly consents to receiving news, newsletters, advertisements, and promotional offers related to the services provided by the Data Controller.<\/p>\n

        If the data subject no longer wishes to receive advertising messages in the future, they may unsubscribe using the option provided in the newsletter sent by the Data Controller, or expressly prohibit the sending of advertising messages by post or electronic mail addressed to the Data Controller.<\/p>\n

        12.\/ Closing provisions<\/b><\/p>\n

        When visiting the website, the consumer\u2019s IP address may be registered; however, the IT solutions used for operating the website do not allow the Data Controller to access the consumer\u2019s personal data. These data are used solely for website development and improvement of services accessible through it (for statistics and analyses).<\/p>\n

        On the first visit, the website may install a so-called \u201ccookie\u201d on the consumer\u2019s computer or phone hard drive or memory to make subsequent visits faster and easier in terms of page content and navigation. Refusal to download the \u201ccookie\u201d may result in some basic elements of the page not being displayed.<\/p>\n

        We do not exchange cookies with websites operated by third parties, nor do we allow them on our website.<\/p>\n

        Google Analytics operation related to our website is permitted. This provides information on how visitors use the website. Google Analytics compiles website usage habits based on anonymized users. We do not allow Google to use your provided data (either for its own purposes or to share with anyone).<\/p>\n

        The Data Controller reserves the right to make changes and corrections to the website at any time without notice, and to partially or entirely discontinue the website or the information published on it. The Data Controller does not guarantee continuous and error-free access to the website and is not liable for damages caused by operational disruptions.<\/p>\n

        The Data Controller is liable to compensate for damages caused to others by unlawful data processing or breach of data security requirements, except if the damage resulted from the injured party\u2019s intentional or grossly negligent conduct.<\/p>\n

        In matters not regulated in this policy, the provisions of Act V of 2013 on the Civil Code, Act CXII of 2011 on informational self-determination and freedom of information, Regulation (EU) 2016\/679 of the European Parliament and Council (GDPR), and other applicable laws shall apply.<\/p>\n

        The managing director is responsible for the Data Controller\u2019s activities and compliance with this data processing policy.<\/p>\n

        This data processing policy is valid from the date of until withdrawal.<\/p>\n

        Budapest, 2021.06.01.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

        Privacy Policy Data Management Information Accepted by Pihepets Kft. (registered office: 1089 Budapest, Orczy \u00fat 12., company registration number: 01-09-387984, tax number: 25481819-2-42, tel.: +3620-4010000, e-mail address: info@brizlo.hu; represented by: Szabolcs M\u00e1sody managing director) (hereinafter: Data Controller) on September 11, 2024. 1.\/ General Provisions The subject of this data protection information is the management of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1586","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/pages\/1586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/comments?post=1586"}],"version-history":[{"count":1,"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/pages\/1586\/revisions"}],"predecessor-version":[{"id":1587,"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/pages\/1586\/revisions\/1587"}],"wp:attachment":[{"href":"https:\/\/brizlo.test-i.kodolj.hu\/en\/wp-json\/wp\/v2\/media?parent=1586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}