Privacy Policy
EPRHUNGARY.com
Data Controller: Axit Kft.
Tax number: 13954428-2-03
Mailing address: 6098 Tass Dunasor u. 10, Hungary
Email address: eva@axit.hu
WhatsApp: +36 20 8 5555 00
During our operation, we process the data of visitors to the Website and those who fill out the contact form on the Website or provide their personal data in any other way (hereinafter collectively referred to as the Data Subject). We process data in accordance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Info Act).
The Data Controller hereby informs Data Subjects about the processing of their personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Purpose of data processing: ensuring and monitoring the operation of the website, preventing security incidents, evaluating them afterwards, establishing contact, providing services.
Legal basis for data processing: Section 13/A (3) of Act CVIII of 2001 on certain issues of information society services.
Scope of data processed: date and exact time of visit, address of the website visited, address of the previously visited website, visitor's IP address, data characterizing the browser and operating system used, as well as data provided in the contact form, namely name, email address, and phone number.
Deadline for data deletion: 2 years from the visit, 2 years from the termination of the service.
Information about the use of cookies
What is a cookie?
The Data Controller uses cookies when you visit the website. A cookie is a small text file containing letters and numbers that our website sends to your browser. We use cookies to save your preferences, make our website easier to use, and collect anonymous statistical information about our visitors.
Some cookies do not contain personal information and cannot identify individual users. However, some cookies do contain a unique identifier -- a randomly generated string of numbers -- that is stored on your device. This identifier can be used to recognize your device when you return to our website. The lifespan of each cookie is specified in the description of that cookie.
Legal background and legal basis of cookies
The legal basis for data processing is your consent, in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR).
Types of cookies used by the website
| Cookie Type | Description | Lifespan |
|---|---|---|
| Session cookie | Stores the visitor's location, browser language, and payment currency. | Browser close / max 2 hours |
| Referrer cookies | Tracks the external website from which the visitor arrived. | Browser close |
| Recently viewed product/training module cookie | Remembers the products or training modules the visitor last viewed. | 60 days |
| Recently viewed category cookie | Remembers the last category viewed. | 60 days |
| Mobile version/design cookie | Detects the device used by the visitor and switches to full view on mobile. | 365 days |
| Cookie acceptance cookie | Records acceptance of the cookie policy when first visiting the site. | 365 days |
| Basket cookie | Stores the products placed in the shopping basket. | 365 days |
| Intelligent offer cookie | Records conditions for displaying personalized offers (e.g., whether the visitor has been to the site before). | 30 days |
| Logout #2 cookie | Logs out the visitor after 90 days, according to option #2. | 90 days |
| Backend identification cookie | Identifies the backend server serving the page. | Browser close |
| Google AdWords cookie | Adds the visitor's cookie ID to the remarketing list. Used for ad personalization and conversion tracking. | Varies |
| Google Analytics cookie | Collects website usage statistics without personally identifying visitors. Main cookie: "__ga". | Varies |
| User experience cookies | Collects general, anonymous data to improve website performance. | Session |
If you do not accept the use of cookies, some features of the website may not be available. You can find more information about deleting cookies at the following links:
Getting in touch
If you contact us with a question, for example via email, contact form, or phone.
Data processed: The data you provide during contact (e.g., name, email address, phone number, and the content of your inquiry).
Duration of data management: We process the data only for as long as necessary to respond to and resolve your inquiry.
Legal basis for data management: Your voluntary consent, which you give to the Data Controller by contacting us. [Data processing according to Article 6(1)(a) of the GDPR]
Handling complaints
The data processing is necessary to handle complaints filed against the company. If you contact us with a complaint, data processing is essential to address your concerns.
Managed data: The name, telephone number, email address of the individual filing the complaint, and the content of the complaint.
Duration of data management: We will keep a record of the complaint for 5 years.
Legal basis for data management: While filing a complaint with us is voluntary, if you do file a complaint, we are obliged to keep a record of it for 5 years according to Act CLV of 1997 on Consumer Protection, Section 17/A.(7). [Data processing according to Article 6(1)(c) of the GDPR]
Additional data management
If the Data Controller intends to carry out further data processing, it will provide you with prior information about the essential details of that processing (legal basis, purpose, scope of data processed, and duration of processing).
Please be aware that the Data Controller is required to comply with lawful requests for data from authorities. In accordance with Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act), Section 15(2)-(3), the Data Controller maintains a record of data disclosures (to which authority, what personal data, on what legal basis, and when it was transmitted). The Data Controller will provide information from this record upon request, unless prohibited by law.
Your rights during data processing
During the period of data processing, you have the following rights under the GDPR:
- Right to withdraw consent
- Right of access to your personal data and information related to data processing
- Right to rectification
- Right to restriction of processing
- Right to erasure ("right to be forgotten")
- Right to object
- Right to data portability
To exercise your rights, you will need to verify your identity, and the Data Controller may need to communicate with you. Verification may require you to provide personal data (however, identification will only be based on data that the Data Controller already holds about you). Your complaint about data processing will be accessible in the Data Controller's email account for the period specified in this information regarding complaints. If you were a customer and would like to verify your identity for complaint handling or warranty management, please provide your order ID. This will help us identify you as a customer.
The Data Controller will respond to complaints related to data processing within 30 days.
The right to withdraw consent
You have the right to withdraw your consent to data processing at any time. If you do so, the data you provided will be deleted from our systems. However, please note that if you withdraw your consent before your order has been fulfilled, we may not be able to deliver your order. Additionally, if your purchase has already been completed, we cannot delete data related to invoicing due to accounting regulations. If you have an outstanding debt with us, we may process your data to collect that debt based on our legitimate interests.
Right of access to personal data
You have the right to obtain confirmation from the Data Controller as to whether or not your personal data is being processed, and, where that is the case, access to the personal data and the following information:
- The purposes of the processing
- The categories of personal data concerned
- The recipients or categories of recipients to whom the personal data have been or will be disclosed
- The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- Your right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you and to object to such processing
- The right to lodge a complaint with a supervisory authority
- Where the personal data are not collected from you, any available information as to their source
- The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you
The purpose of exercising the right of access may be to verify the lawfulness of data processing. Therefore, if you make repeated requests for access, the Data Controller may charge a reasonable fee for providing the information.
After you have verified your identity, the Data Controller will provide you with access to your personal data and related information by sending it to you by email. If you have registered an account, you can access, view, and check your personal data by logging into your user account.
Please clearly state in your request that you are requesting access to your personal data or information related to data processing.
Right to rectification
You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you.
Right to restriction of processing
You have the right to obtain from the Data Controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, the restriction applies for a period enabling the controller to verify the accuracy of the personal data. If the data can be verified immediately, restriction will not apply;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- The controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
- You have objected to processing pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Controller will inform you before the restriction of processing is lifted (at least 3 working days in advance).
Right to erasure ("right to be forgotten")
You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary:
- For exercising the right of freedom of expression and information.
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject (for example, data processing in the context of invoicing, as the retention of invoices is required by law); or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- For the establishment, exercise, or defense of legal claims (e.g., if the Data Controller has a claim against you and it has not yet been fulfilled, or a consumer or data protection complaint is in progress).
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- The processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
- The processing is carried out by automated means.
In exercising your right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
We would like to draw the attention of visitors to the website that this data protection notice has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Our company primarily provides EPR consulting services to businesses, and the business data of the company do not qualify as personal data of a natural person.