Privacy

Privacy and Data Management Notice

This notice informs you, as a visitor to our website and webshop and as a user of our services, about our company’s data processing and data protection rules.

1. What principles do we follow in our data processing?

Our company follows the principles below when processing personal data:

1. we process personal data lawfully, fairly and in a manner that is transparent to you
2. we collect personal data only for specified, explicit and legitimate purposes and do not process them in a way incompatible with those purposes
3. the personal data we collect and process are adequate, relevant and limited to what is necessary for the purposes of processing
4. we take all reasonable steps to ensure that the data we process are accurate and, where necessary, kept up to date; we erase or rectify inaccurate personal data without delay
5. we store personal data in a form which permits your identification only for as long as necessary to achieve the purposes of processing
6. by applying appropriate technical and organisational measures, we ensure the appropriate security of personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage

Our company processes your personal data

1. based on your prior, informed and voluntary consent, only to the extent necessary and always for a specific purpose; i.e., we collect, record, organise, store and use them
2. in certain cases, processing your data is based on legal requirements and is mandatory; in such cases we will specifically draw your attention to this fact
3. in some cases, our company or a third party has a legitimate interest in processing your personal data, for example the operation, development and security of our website and webshop

2. Who are we?

2.1. Our company as data controller:

Name: Sportérem Kereskedelmi és Gyártó Kft.
Registered office: 1094 Budapest, Liliom utca 32.

Tax number: 13779740-2-43
Company registration number: 01-09-872779

Sites:

• 1094 Budapest, Liliom utca 32.
• 1106 Budapest, Fehér út 10/26.

Mailing address: 1094 Budapest, Liliom utca 32.

Website: www.noatrophy.eu
Phone: +36 (1) 311-6245
E-mail: info@noaserleg.hu

Chamber membership: BU13779740
Data protection registry number: NAIH-126108/2017.

Under Article 37 of the GDPR our company is not obliged to appoint a data protection officer.

Hosting provider
Name: Tárhely.Eu Szolgáltató Kft.
Registered office: 1144 Budapest, Ormánság u. 4.
Phone: +36 1 789 2 789, support@tarhely.hu

2.2 Scope of persons who may access data, data transfers, data processing:

The data are primarily accessible to the Service Provider and its internal staff; they are not published and are not transferred to third parties.

For operating the underlying IT system, fulfilling orders and settling accounts, the Service Provider may use data processors (e.g. system operator, courier company, accountant).

Data processors:

3. What data do we process and for how long?

3.1. Registration

Purpose:
To provide a more complete user experience to our visitors, enable tracking of previous orders, and send notifications about service outages or changes to our company’s contact details, etc.

Data processed:
Own e-mail address, password, billing address (billing name, street name, house number, town/city, postal code), shipping address (recipient/shipping name, street name, house number, town/city, postal code), phone number

Retention period: until the registration is deleted or consent is withdrawn

3.2. Technical data

During operation of the system, data are recorded technically: data of the data subject’s login device that are generated during use of the service and are recorded by the Service Provider’s system as an automatic result of technical processes. Automatically recorded data are logged by the system automatically on login and logout without any separate declaration or action by the data subject. These data cannot be linked with other personal user data—except in cases mandated by law. Only the Service Provider has access to the data.

3.3. Use of webshop services

Purpose:
Registration and keeping records of visitors, handling and fulfilment of orders, managing purchases, invoicing and delivery, handling complaints and return calls, analysing our customers’ habits, maintaining contact with our customers

Data processed:
full name, phone number and e-mail address, online identifier, details of your purchases (product, quantity, price, date/time), payment-related data, data relating to pickup and delivery: pickup/delivery deadline and delivery address (postal code, town/city, public area name and type, house number, floor, door) or pickup point details, billing name, in the case of a natural person full name, your tax number (if required for invoicing), billing address (postal code, town/city, public area name and type, house number, floor, door)

Retention period:
For an indefinite period during operation of the webshop, but at the latest until withdrawal of consent.
Retention of data related to performance of contracts: 5 years.
Retention of issued invoices and documents on which the invoices are based: 8 years.

3.4. Administration, complaints

Purpose:
Responding to feedback and complaints

Data processed:
Full name, e-mail address, phone number, mailing address, other personal message

Retention period: 5 years

3.5. Prize draw

Purpose:
To positively influence our company’s business through raising awareness and raffling valuable prizes, and to increase customer satisfaction

Data processed:
Depending on the prize draw: full name, e-mail address, phone number, address

Retention period:
For participants: until the end of the draw; for winners: 8 years

3.6. Electronic invoicing

For the purpose of issuing an electronic invoice, the data provided by the data subject are transferred to the controller indicated in section 2.2. The purpose of the transfer is to issue an electronic invoice to the data subject, which our company sends electronically to the e-mail address provided by the data subject.

4. Cookies

Cookies are small data files (hereinafter: cookies) that are placed on your computer through the website when you use the website; your internet browser saves and stores them. Most commonly used internet browsers (Chrome, Firefox, Safari, etc.) accept and allow the downloading and use of cookies by default; however, it is up to you to modify your browser settings to refuse or block them, and you can also delete stored cookies from your computer. The “help” menu of each browser provides more detailed information on the use of cookies.

There are cookies that do not require your prior consent. Our website provides brief information about these at the start of your first visit; such cookies include authentication cookies, multimedia player cookies, load-balancing cookies, user interface customisation session cookies, and user-centric security cookies.

For cookies requiring consent—if processing starts upon visiting the page—our company will inform you at the start of your first visit and request your consent.

Our company does not use and does not permit cookies that would allow third parties to collect data without your consent.

Accepting cookies is not mandatory; however, our company is not liable if our website does not function as expected without enabling cookies.

What cookies do we use?

1. System cookies:
   Cookies essential for the operation of the site. These track the user session; without them, data such as cart contents would be lost between page loads. They cannot be disabled. They are deleted after the visitor’s session ends.
2. Performance cookies:
   These cookies are not essential for operation; they only make the site faster/more usable. The user may disable these cookies. Their duration depends on the settings in the data subject’s internet browser.
3. Tracking cookies:
   These cookies help make the use of the site more convenient (e.g. remembering settings). They improve the effectiveness of our service by providing visit and usage statistics. These data help us improve our service and measure and improve the effectiveness of our advertising. The user may disable these cookies.

External servers help independently measure and audit the website’s traffic and other web analytics data (Google Analytics). The controllers can provide detailed information on the processing of measurement data to the data subject.
More information: www.google.com/analytics
If the data subject does not want Google Analytics to measure the above data in the manner and for the purpose described, please enable the “do not track” feature in your browser or install a blocking function.

The “Help” function in most browsers provides information on how to disable cookies in the browser, how to accept new cookies, how to instruct your browser to set a new cookie, or how to disable other cookies.

5. Our processing related to newsletters and direct marketing

During registration, or later by modifying the personal data stored in the webshop interface (i.e., by clearly expressing your intention to consent), you may consent to the use of your personal data for marketing purposes. In this case—until consent is withdrawn—we process your data for direct marketing and/or sending newsletters and send you advertising and other communications and information and offers and/or forward a newsletter (Grtv. Section 6).

We consider deletion of registration in all cases as withdrawal of consent. Withdrawal of consent for direct marketing and/or newsletter processing is not interpreted as simultaneous withdrawal of consent to processing related to our webshop.

For technical reasons, we undertake to register the withdrawal of individual consents or cancellations within a 30-day period.

6. Legal basis, purpose and method of our data processing

4.1. We request personal data from visitors to our website only if they wish to register, log in, participate in a prize draw, or make purchases in our webshop.
Personal data provided in connection with registration or use of webshop services cannot be combined, and identifying our visitors is not our primary aim.
If you have questions regarding data processing, you can request further information at our provided e-mail or postal address; we will send our response without delay, within a maximum of 30 days, to the contact details you have provided.

You provide your personal data to us voluntarily during registration, purchase or when communicating with our company; therefore, please take particular care to ensure the truthfulness, correctness and accuracy of your data, as you are responsible for them. Incorrect, inaccurate or incomplete data may prevent the use of our services.
If you provide personal data not of your own but of another person, we will presume that you have the necessary authorisation.
You may withdraw your consent to processing at any time free of charge by deleting your registration, by withdrawing consent to processing, or by withdrawing consent or requesting the blocking of the processing or use of any data that is mandatory to fill in during registration.
For technical reasons we undertake to register the withdrawal of consent within … days; however, please note that for the purpose of complying with legal obligations or enforcing our legitimate interests we may continue to process certain data even after withdrawal of consent (e.g. Act on Accounting Section 169, Consumer Protection Act Section 17/A).
In the case of deceptive use of personal data or if any of our visitors commits a criminal offence or attacks our company’s system, we will, simultaneously with terminating the registration of the visitor concerned, immediately erase their data or—if necessary—retain them for the period of establishing civil liability or conducting criminal proceedings.

4.2. The purpose of processing is to ensure provision of the services available on the Website. The Service Provider uses the data provided by the data subject for the specific purposes of performing orders, enabling home delivery, invoicing, maintaining contact and—if the data subject has subscribed—to sending newsletters, and for later evidence of the terms of any contract concluded.

4.3. The purpose of automatically recorded data is to compile statistics, develop the IT system technically, and protect the rights of the data subject.

4.4. The Service Provider does not use and may not use the personal data provided for purposes other than those set out in these points. Disclosure of personal data to third parties or authorities—unless a law provides otherwise with binding force—is only possible with the prior, express consent of the data subject.

7. Other data processing issues

We may transfer your data only within the limits set by law, and in the case of our data processors we ensure by contractual terms that they do not use your personal data for purposes contrary to your consent. Further information is provided in section 2.

Our company may transfer data abroad only in accordance with the relevant provisions of the GDPR and the Hungarian Information Act (Infotv.).

Courts, the prosecutor’s office and other authorities (e.g. police, tax authority, National Authority for Data Protection and Freedom of Information) may contact our company to provide information, disclose data or make documents available. In such cases, we must fulfil our data provision obligations, but only to the extent strictly necessary to achieve the purpose of the request.

The contributors and employees involved in our company’s data processing and/or data processing operations are entitled—subject to a confidentiality obligation—to access your personal data to a predetermined extent.

We protect your personal data with appropriate technical and other measures, ensure the security and availability of the data, and protect them from unauthorised access, alteration, damage or disclosure and any other unauthorised use.

As organisational measures we control physical access to our buildings, continuously train our employees and keep paper-based documents locked away with appropriate protection. As technical measures we use encryption, password protection and anti-virus software. Please note, however, that data transmission over the internet cannot be considered fully secure. Our company does everything possible to make processes as secure as possible, but we cannot take full responsibility for data transmissions through our website; once received by our company, we comply with strict rules to ensure the security of your data and to prevent unlawful access.

Regarding security, we ask for your assistance in carefully keeping your access password to our website and/or webshop and not sharing it with anyone.

8. Remedies

You may request information about processing, request rectification, modification or supplementation of your personal data processed by us, object to processing and request erasure and blocking of your data (except for mandatory processing), seek legal remedy before a court, and lodge a complaint or initiate proceedings with the supervisory authority (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Authority for Data Protection and Freedom of Information (NAIH)

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/

Upon your request we will provide information about your data processed by us or by our commissioned data processor, their source, the purpose and legal basis of processing, its duration, or if this is not possible, the criteria for determining this duration, the names and addresses of our data processors and their activities in relation to processing, the circumstances and effects of any data protection incidents and the measures taken to prevent and remedy them, as well as the legal basis and recipient of any transfer of your personal data.

We will provide the information in the shortest possible time, within 30 days from receipt of the request. The information is free of charge except where you have already submitted a request for information to us in the current year regarding the same set of data. We will refund any fee already paid by you if we processed the data unlawfully or if the request for information led to rectification. We may refuse to provide information only in cases provided by law, indicating the legal provision and informing you of the possibility of judicial remedy and recourse to the Authority.

Our company will notify you of rectification, blocking, marking and erasure of personal data, as well as all those to whom we previously transmitted the data for processing purposes, except where failure to notify does not prejudice your legitimate interest.

If we do not comply with your request for rectification, blocking or erasure, within 30 days of receipt of the request we will state our reasons for refusal in writing or—subject to your consent—electronically, and inform you of the possibility of judicial remedy and recourse to the Authority.

If you object to the processing of your personal data, we will examine the objection as soon as possible, within 30 days of submission of the request, and notify you in writing of our decision. If we decide that your objection is well-founded, we will terminate processing—including further data collection and transfer—and block the data, and we will notify all those to whom we previously transferred the personal data affected by the objection and who are obliged to take measures to enforce the right to object.

We will refuse to comply with the request if we prove that processing is justified by compelling legitimate grounds which override your interests, rights and freedoms, or which are related to the submission, enforcement or defence of legal claims. If you do not agree with our decision or we miss the deadline, you may turn to a court within 30 days from notification of the decision or from the last day of the deadline.

Data protection lawsuits fall within the jurisdiction of the regional courts; the action may—at the choice of the data subject—also be brought before the regional court with jurisdiction over the data subject’s place of residence or domicile. Foreign citizens may also lodge a complaint with the supervisory authority competent for their place of residence.

We kindly ask you to contact our company before turning to the supervisory authority or a court with your complaint—in order to consult and resolve the problem as quickly as possible.

9. Which are the main laws applicable to our activities?

• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.)
• Act V of 2013 on the Civil Code (Ptk.)
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Services Related to the Information Society (Eker. tv.)
• Act C of 2003 on Electronic Communications (Ehtv.)
• Act CLV of 1997 on Consumer Protection (Fogyv. tv.)
• Act CLXV of 2013 on Complaints and Public Interest Disclosures (Pktv.)
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grtv.)
• Act C of 2000 on Accounting (Számv. tv.)

10. Modification of the Privacy Notice

Our company reserves the right to amend this Privacy Notice and will inform data subjects appropriately. Information related to data processing is published on the website https://noatrophy.eu/privacy-policy.

Download the Privacy and Data Management Notice in PDF format.

Budapest, October 17, 2024