Privacy Policy
Privacy Policy
1. Introduction
The purpose of this information sheet is to record the following
Name: Henok-Trade Kft.
Registered office: 9028 Győr, Szent Imre út 125
Tax number: 13447795-2-08
Representative: Pintér Norbert
Email: henoktrade2005@gmail.com
Website: https://premiumontozes.hu/
hereinafter referred to as the Data Controller or Pintér Norbert
the data protection and data management policy applied in the course of its operations and economic activities, and to ensure that data subjects receive adequate information regarding the processing of their personal data. The Data Controller is committed to fully complying with the provisions of the legislation described below regarding the processing of personal data in the course of its activities.
In developing these rules, the Data Controller took particular account of
the Fundamental Law;
Act CVIII of 2001 on certain issues of electronic commerce services and information society services;
Act CXII of 2011 on the right to self-determination in information and freedom of information (hereinafter: Info Act);
Act V of 2013 on the Civil Code (hereinafter: Civil Code);
Act VI of 1998 on the promulgation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on January 28, 1981;
Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR);
The Data Controller hereby declares that in the course of its operations, it shall only obtain personal data that the data subject voluntarily provides or consents to the recording, processing, and use of.
By accepting this Privacy Policy, the Data Subjects, as data subjects, declare that they have read and accepted the provisions and information contained therein and give their consent to the processing of their data.
2. Terms used in this information sheet
Data processing: performing technical tasks related to data processing operations;
Data processing: any operation or set of operations performed on data, regardless of the procedure used, in particular collection, recording, organisation, storage, alteration, use, retrieval, disclosure, alignment or combination, blocking, erasure or destruction, as well as preventing further use of the data, taking photographs, making audio or video recordings;
Data controller: the natural or legal person or legal entity who, alone or jointly with others, determines the purposes of data processing, makes and implements decisions regarding data processing (including the means used), or has them implemented by a data processor commissioned by him;
Data transfer: making the data available to a specific third party;
Data deletion: rendering data unrecognizable in such a way that it cannot be restored;
Data protection incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Affected: the natural person whose personal data is affected by the data processing;
Third party: a natural or legal person, or any other body, other than the data subject, the controller, the processor, or the persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Contribution: the voluntary and explicit expression of the Data Subject's will, based on adequate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, either in full or for specific operations;
Customer: means natural persons, legal entities, or companies without legal personality who use, subscribe to, or utilize the Data Controller's services.
Personal data: data that can be linked to a specific natural person, in particular their name, identification number, and one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity, as well as conclusions that can be drawn from the data about the Data Subject that are not considered to be in the public interest or public data. Personal data includes, among other things, name, address, telephone number, and email address.
Protest: a statement by the data subject objecting to the processing of their personal data and requesting the termination of data processing or the erasure of the data processed.
Website: refers to the website https://premiumontozes.hu/
3. Data management principles
The data processing carried out by the Data Controller complies with the data processing principles of the GDPR and the Infotv., which are as follows:
Principles of legality, fair procedure, and transparency: Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
Principle of purpose limitation: Personal data should only be collected for specific, explicit, and legitimate purposes, and should not be processed in a way that is incompatible with those purposes.
Principle of data minimization: Personal data must be adequate and relevant for the purposes of data processing and limited to what is necessary.
Principle of accuracy: Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Principle of limited storage capacity: Personal data must be stored in a form that allows the identification of data subjects only for as long as is necessary to achieve the purposes for which the personal data are processed.
Principles of integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Principle of accountability: The Data Controller is responsible for compliance with the principles and must be able to demonstrate such compliance.
In addition to the principles of data processing, the requirement for adequate information can be identified as a common requirement, as Data Controllers must inform Data Subjects about data processing in any case of data processing.
4. Scope of data processed, purpose of data processing, legal basis and duration
4.1 Data processing related to the Data Controller's range of services
The Data Controller records and processes personal data provided by Data Subjects when using the services offered on the website.
| Scope of data affected by data processing | **** |
| Purpose of data processing | **** |
| Legal basis for data processing | **** |
| Duration of data processing | until the Data Subject requests deletion of the data, or for a maximum of 5 years from the performance or termination of the contract for the provision of services, i.e. until the general limitation period specified in the Civil Code |
4.2 Newsletter subscription
The Data Subject has the opportunity to subscribe to the Data Controller's newsletter via the Website operated by the Data Controller or other online platforms:
| Scope of data affected by data processing | Name/email address of the data subject |
| Purpose of data processing | The Data Subject may be informed by the newsletter about current promotions, offers, and content relevant to the Data Controller's services. |
| Legal basis for data processing | the voluntary consent of the Data Subject |
| Duration of data processing | until the Data Subject requests deletion or unsubscribes from the newsletter. |
4.3 Cookies
A cookie is a small text file that is stored on the hard drive of the Data Subject's computer or mobile device for the duration specified in the cookie and is reactivated during subsequent visits. Its purpose is to record information about the visit and personal settings, but this data cannot be linked to the visitor's identity. It helps to create a user-friendly website and enhance the Data Subject's online experience. If the Data Subject does not agree to the Data Controller using cookies when browsing the website, the website may not function fully. Data Subjects can obtain more detailed information about the cookies used by the Data Controller in the Cookie Policy.
| Scope of data affected by data processing | The Data Controller stores all analytical information without the name or other personal data relating to the Data Subject. |
| Purpose of data processing | storage of the Data Subject's personal settings |
| Legal basis for data processing | the voluntary consent of the Data Subject |
| Duration of data processing | The Data Subject may delete cookies stored on their computer or mobile phone at any time via their browser settings. |
4.4 Concluding contracts with partners
If a contract is concluded between the Data Controller and a partner, the parties shall indicate in the contract the personal data of the contact person that are essential for the contact necessary for the performance of the contract.
| Scope of data affected by data processing | Name/phone number/position/email address of the person concerned |
| Purpose of data processing | maintaining contact between companies, fulfilling the terms of contracts |
| Legal basis for data processing | data processing is necessary for the performance of contractual obligations |
| Duration of data processing | until the termination of the contractual relationship or for the general limitation period specified in the relevant legislation |
4.5 Contacting us via our website and customer service data processing
Data subjects can contact the Data Controller directly via the Contact Us function on the Website, or they can contact the Data Controller's customer service representative by telephone.
| Scope of data affected by data processing | the name of the Data Subject, company name (optional), email address, telephone number, and other personal data voluntarily provided during the telephone conversation and in the message |
| Purpose of data processing | contact between the Data Subject and the Data Controller, quality assurance, customer service, problem handling |
| Legal basis for data processing | the voluntary consent of the Data Subject |
| Duration of data processing | The Data Controller shall store personal data obtained in this manner for a maximum period of 5 years. |
5. Data processors
5.1 Certain categories of personal data may be accessed by the following data processors as necessary, in accordance with the relevant data processing principles.
| Data processors | Contact details | Activity |
| **** | **** | accounting, payroll accounting |
| **** | **** | marketing activities, advertising management, PR |
| Billingo Technologies Zrt. | Website: https://www.billingo.hu/ | website development |
| Magic Qube Kft. | Registered office: 7081 Simontornya, Gyár utca 13.; tax number: 32800555-2-17 Email: office@magicqube.com | website development as a subcontractor |
| Versanus Kft. | Tel.: 06 30 951 3744 Address: 1138 Budapest, Mura utca 4. 9th floor, door 7 | Website domain provider |
| Tárhely.Eu Service Provider Ltd. | Website: https://tarhely.eu/ | online hosting service |
In addition to the above Data Processors, persons in an employment or contractual relationship with the Data Controller are entitled to access and process certain personal data. The persons referred to in this section shall treat the data as confidential, given that, under the terms of their contracts with the Data Controller, the Data Controller's employees and contractual partners providing services to the Data Controller are bound by a confidentiality obligation, under which they may not process the data they have access to for purposes other than those related to their legal relationship, nor may they transfer such data to third parties. The tasks, access rights, and obligations of persons involved in data processing are regulated by the Data Controller's internal regulations and data processing agreements. Employees are liable under labor law for compliance with these regulations, while contractual partners are liable under civil law.
5.2 Other data processing activities involving the use of cookies.
A) Google Analytics and Tag Manager integration
We collect technical data about visits to our website and the use of our services using Google Analytics. The data collected by Analytics (e.g., device type, browser type, language settings, referring website address, browser IP address, and other geographic data) is stored anonymously, independently of personal data, and is used for statistical analysis to optimize the usability and marketing of the system.
Google Tag Manager (GTM) is a tool that allows you to easily and centrally manage tags used on your website or application without having to directly modify the code on the page.
B) Pixel (META)
It is used to measure visitor activity on the Website (page views, adding items to the shopping cart, purchases) and helps with remarketing on META ads.
C) Instagram Pixel (META)
It collects conversion and activity data about visitor behavior for Instagram ads.
D) LinkedIn Pixel (LinkedIn Insight Tag)
Tracking activities related to LinkedIn ads on the website, measuring conversions and interest data.
E) TikTok Pixel
Track events and conversions related to TikTok ads on your website to measure and optimize campaign performance.
6. Data transfer
As a general rule, the Data Controller shall not transfer the data it processes to third parties. Data may only be transferred if the Data Subject has given their express prior consent, or if required by law, or if requested by an authority with the power to do so under the law.
7. Data security
The basic forum for data recording is the Data Controller's IT system.
The Data Controller stores the personal data mentioned above on the company's IT data processor's network.
The Data Controller undertakes to ensure data security in accordance with the provisions of the GDPR and the Infotv.
During the operation of the IT systems, the necessary authorization management, internal organizational and technical solutions ensure that your data cannot fall into the hands of unauthorized persons and that unauthorized persons cannot delete, export or modify the data from the system. The data controller also enforces data protection and data security requirements on data processors.
It keeps a record of any data protection incidents and, if necessary, informs the data subject and, if necessary, the National Authority for Data Protection and Freedom of Information (NAIH) of any incidents that arise.
Personal data shall be accessed by persons acting within the sphere of interest of the data controller, in particular agents and employees, who need it to perform their duties and who are aware of and familiar with their obligations regarding data processing.
The Data Controller pays particular attention to ensuring that all its agents and employees are familiar with its internal data protection protocol and handle personal data in accordance with its provisions.
The Data Controller undertakes to ensure the security of the data with the most modern and appropriate equipment and security rules, with particular regard to preventing unauthorized persons from accessing the data and ensuring that the data is not unlawfully disclosed, deleted, or destroyed. It shall do everything in its power to ensure that the data is not accidentally damaged or destroyed. The data controller shall also impose the above obligation on its employees involved in data processing activities.
Under no circumstances shall the Data Controller collect special data, i.e. data relating to racial origin, membership of a national or ethnic minority, political opinion or party affiliation, religious or other beliefs, membership of interest groups, health status, addictions, sex life, or criminal record.
8. The rights of the data subject during data processing
During the period of data processing, Data Subjects shall have the following rights:
Right to information
The Data Controller shall provide appropriate, simple and accessible language, easily accessible (online or offline) information on the essential aspects of data processing. At the time of obtaining personal data, or if the data subject subsequently requests information, the Data Protection Policy must be made available to the data subject when this information is provided, and a statement confirming that they have read, understood, and accepted its contents must be signed by them.
The Data Subject shall be entitled to request information about the personal data concerning him or her processed by the Data Controller at any time. The information may be requested at the e-mail address, by post or by telephone indicated in the information notice on the data processing in question. The Data Controller shall provide the requested information within 30 days of the request.
Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data concerning the data subject without undue delay. If the Data Controller has granted access to the data requested for erasure to third parties, it shall inform all those to whom it has disclosed the data concerned that they must erase all references to and personal data stored by them. The purpose of this is to ensure that, unless there are legal or reasonable obstacles, the data concerned "disappears" from the databases that can be found.
The deletion does not have to be carried out if the data processing
is necessary for the exercise of the right to freedom of expression or information;
is necessary for the establishment, exercise, or defense of legal claims;
is necessary for compliance with a legal obligation;
is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, and erasure would render impossible or seriously impair the achievement of the purpose of the processing.
The Data Controller shall also delete the personal data contained in its documentation relating to the data subject if the purpose for which the personal data was processed has ceased to exist.
In the case of paper-based documentation, its destruction must be recorded in a protocol so that this fact can be proven to the competent authority at a later date.
Right to rectification of data:
The Data Subject may indicate that the processed data is inaccurate and request that it be replaced. The Data Controller is responsible for the accuracy of the data, so it is necessary to check its accuracy from time to time.
Right to restriction of processing:
The Data Subject may request the Data Controller to restrict the processing of their personal data, for example in an unclear, disputed situation. If the processing of data is restricted, such personal data may only be processed, with the exception of storage, with the consent of the Data Subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
Right to data portability:
The Data Subject may request to receive the data processed concerning him/her in a structured, commonly used, machine-readable format (e.g. .doc, .pdf, etc.), and is entitled to transmit these data to another data controller without hindrance from the original data controller. This makes it easier for the data subject to transfer their personal data from one data controller to another.
Right to protest:
The Data Subject has the right to object at any time to the processing of their personal data for specific reasons if they have not given their consent to the processing of such data.
If the Data Subject wishes to exercise their rights, they must identify themselves and communicate with the Data Controller as necessary. Therefore, personal data will be required for identification purposes (but identification may only be based on data that we already process about you), and your complaints regarding data processing will be available in our email account within the time period specified in this notice.
Complaints regarding data processing will be responded to by the Data Controller without delay, but no later than within 30 days.
9. Remedies
The Data Subject is entitled to lodge a complaint with the NAIH (1055 Budapest, Falk Miksa u. 9-11.; www.naih.hu, Telephone: +36 (1) 391-1400, Fax: +36 (1) 391-1410, E-mail: ugyfelszolgalat@naih.hu) or to enforce their rights relating to the processing of personal data before the court having jurisdiction and competence under Act CXXX of 2016 on Civil Procedure.
10. Final provisions
If the Data Controller wishes to process personal data for purposes other than those specified in this notice, it shall inform the Data Subject of the new purpose of the data processing prior to further processing. Data processing for the new purpose may only commence thereafter – if the legal basis for data processing is consent – if the Data Subject also consents to the data processing in addition to the information provided.
The Data Protection Policy shall remain in force until revoked and shall apply to all organizational units of the Data Controller, data processors, employees, officers, and persons in a contractual relationship with them.
The Data Protection Policy shall be reviewed annually or in the event of changes in Community or domestic legislation.
The Data Controller reserves the right to amend this policy and to modify it accordingly in the event of changes in European Union or Hungarian legislation.