Privacy policy
Data Protection Notice
Adopted by Pihepets Kft. (registered office: 1089 Budapest, Orczy út 12., company registration number: 01-09- 387984, tax number: 25481819-2-42, tel.: +3620-4010000, e-mail address: info@brizlo.hu; represented by: Szabolcs Másody, CEO) (hereinafter: Data Controller) on September 11, 2024.
1./ General provisions
The subject of this data protection notice is the processing of personal data acquired by the Data Controller based on the commercial activities of the Data Controller on the website www.brizlo.hu in accordance with Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information. Act (hereinafter: Infotv.) based on Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and other relevant laws in force.
This Information sets out the data protection and data processing principles applied by the Data Controller, through which the Data Controller ensures that the personal data of natural persons who come into contact with it are not damaged.
The Data Controller reserves the right to unilaterally modify its data protection policy and the content of this Information in the event of changes in the services it provides, and in accordance with the legal provisions in force at all times. The Data Controller will notify the Data Subjects of any changes to this Information on the www.brizlo.hu website at the same time as the change.
2./ Legal background
• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation GDPR)
• Act CXII of 2011 on the right to informational self-determination and freedom of information
• Act V of 2013 on the Civil Code
• Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities
• Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society
3./ Definitions
Personal data/Data subject: any information relating to an identified or identifiable natural person (“Data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data management: any operation or set of operations which is performed on personal data or on data files, whether or not by automated means, such as collection, recording, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data processing: any operation which is performed on personal data or on their behalf by a processor acting on behalf of or under the instructions of the controller.
Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific aspects of the designation of the controller may also be determined by Union or Member State law.
Processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
Destruction: the complete physical destruction of the medium on which the data are stored.
Transfer: making the data accessible to a specific third party.
Erasure: the rendering of data unrecognizable in such a way that their recovery is no longer possible.
Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area, as well as a State whose nationals enjoy the same legal status as nationals of a State party to the Agreement on the European Economic Area under an international agreement concluded between the European Union and its Member States and a State not party to the Agreement on the European Economic Area.
Third party: a natural or legal person, public authority, agency or any other body other than the Data Subject, the controller, the processor or the persons who, under the direct control of the controller or processor, are authorised to process personal data.
Third country: any state that is not an EEA state.
Consent: a voluntary, specific, adequately informed and unambiguous indication of the Data Subject's wishes by which the Data Subject, by a statement or by an unequivocal statement, signifies agreement to the processing of personal data concerning him or her.
Disclosure: making the data available to anyone.
4./ Data Subjects:
The data processing covers:
- Natural persons who:
• register with the Data Controller, in its online webshop (hereinafter: webshop) available on the website www.bizlo.hu (hereinafter: website) for the purpose of maintaining contact; for advertising or other information; for sending newsletters; • register with the Data Controller in person or in the webshop for the purpose of ordering goods (hereinafter: order).
The above are hereinafter collectively referred to as: Data Subject, Data Subjects.
The scope of this information covers all data processing carried out by the Data Controller in which personal data is processed, regardless of the nature of the personal data.
5./ Source of data:
Data voluntarily provided by the Data Subjects.
6./ Principles of data processing:
The Data Controller shall act in accordance with the following principles relating to the processing of personal data during data processing:
a) personal data shall be processed lawfully and fairly and in a manner transparent to the Data Subject;
b) personal data shall only be collected for specified, explicit and legitimate purposes, i.e. purpose-bound;
c) data processing shall in all cases be limited to what is necessary (“data economy”);
d) the data processed shall be accurate and, where necessary, kept up-to-date: all reasonable steps shall be taken to ensure that personal data which are inaccurate in relation to the purposes of the data processing are erased or rectified (“accuracy”);
e) personal data shall be stored in a form which permits identification of the Data Subject only for the period necessary to achieve the purposes of the personal data processing (“limited storage”);
f) personal data must be processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage to data ("integrity and confidentiality").
7./ Scope of the processed data, purpose, duration of the processing and legal basis for the processing
• Contact; advertising or other information; mandatory personal data to be provided when sending a newsletter:
| Processed data | Purpose of data processing | Duration of data processing | Legal basis for data processing |
| First and last name: | For personal addressing in the newsletter | until withdrawal | According to Article 6 (1) a) of the GDPR, the Data Subject's consent to data processing |
| E-mail address: |
To communicate information that also affects customers regarding the offers, promotions, new products of the webshop, as well as the operation and functioning of the webshop. At intervals - in case of previous purchases, - sending an offer in case of possible distribution of a similar new product. |
until withdrawal | According to Article 6 (1) a) of the GDPR, the Data Subject's consent to data processing. |
• Personal data required for purchases in the webshop
| Processed data | Purpose of data processing | Duration of data processing | Legal basis for data processing |
|
Last name and first name |
1./ Order-related dispatch of a package |
1./ For five years after the date of execution of the order 2./ For eight years following the issuance of the invoice |
1./ In connection with an order: according to Article 6 (1) b) of the GDPR, for the preparation of the contract, Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society Act No. 13/A |
| Address |
1./ For the preparation of a 2./ Issuance of an invoice for the order |
1./ For five years after the date of execution of the order |
1./ In connection with the order: performance of the contract pursuant to Article 6 (1) b) of the GDPR |
| Telephone number |
Information and contact regarding the order |
Five years after the date of execution of the order placed in the webshop |
According to Article 6 (1) b) of the GDPR, the performance of the contract Act V of 2013 on the Civil Code, Section 6:22 (limitation period – five years) |
| E-mail address |
Information and contact regarding the order |
Five years after the date of execution of the order placed in the webshop |
According to Article 6 (1) b) of the GDPR, the performance of the contract Act V of 2013 on the Civil Code, Section 6:22 (limitation period – five years) |
| Delivery address |
For the delivery of the order (If the |
Five years after the date of completion of the order placed in the webshop |
According to Article 6 (1) (b) of the GDPR, the performance of the contract Act V of 2013 on the Civil Code, Section 6:22 (limitation period – five years) |
The personal data listed above are required to fulfill the contract in the webshop, they are mandatory (required) to be provided in order to fulfill the order. If the personal data is not provided, the order cannot be fulfilled
8./ Data Transfer and Recipients
A. The Data Controller does not transfer personal data to third countries or international organizations.
B. The Data Controller transfers the processed data to the following recipients:
The Data Controller's Data Processors:
| Name and contact information | Which data this relates to | Purpose of data transfer |
| MŰISZ Holding Kft. (1089 Budapest Orczy út 12.) |
all processed data | accounting and payroll |
| GLS courier service (2351 Alsónémedi, GLS Európa utca 2.) | Name, delivery address, contact person's telephone number, e-mail address |
Order deliveries |
| Magyar Posta Zrt. (1138 Budapest, Dunavirág utca 2- 6.) |
Name, delivery address, contact person's telephone number, e-mail address | Order deliveries |
| számlázz.hu KBOSS.hu Kft. (1031 Budapest, Záhony utca 7.) |
Name, address, telephone number, e-mail address | issuance of invoices |
| CreatIT Solutions Background and Communication Limited Liability Company (6724 Szeged, Körtöltés utca 59.) |
all processed data | Operation of data management software for data subjects |
| X-COM Telecommunication Technology, Commercial Developer and Manufacturer Limited Liability Company (1156 Budapest, Nyírpalota u. 12.) |
all processed data | Operation of emails for data subjects and management of data controller domains |
C. Other
The consideration for the products purchased in the webshop must be paid for in the “SimplePay” application provided by OTP Mobil Szolgáltató Korlátolt Felelfösségű Társaság (1138 Budapest, Váci út 135-139. B. ép. 5. em.) (hereinafter: OTP Mobil Kft.) for the benefit of the Data Controller.
In the event of an order, the personal data of First Name, Last Name, Postal Code, City, Address, Building, Floor, Door, Telephone Number must be entered on the “SimplePay” payment preparation page of the webshop. After entering the data, the Data Subject will be redirected to the secure “SimplePay” payment page, where the card details necessary for payment must be entered. Payment will then be possible.
The Data Controller will not be aware of the data entered either on the “SimplePay” payment preparation page or on the “SimplePay” payment page, as these are independent and protected websites.
During the payment as described above, the Data Controller does not perform any data processing activities. During the payment, the sole, independent data controller is OTP Mobil Kft..
9./ Technical implementation of data processing:
The Data Controller stores the personal data of the Data Subjects exclusively electronically, on servers in Hungary, and the personal data are not transferred to a data processor in a third country.
The Data Controller ensures the security of personal data with appropriate technical and organizational measures. The Data Controller provides the IT equipment used to manage and store personal data with appropriate protection (password, firewall); and ensures that only authorized persons have access to these equipment.
The Data Controller also ensures that personal data are not damaged, destroyed, or become known in the event of force majeure.
10./ Rights of Data Subjects in relation to data processing
During data processing, the Data Controller ensures the Data Subjects' right to the protection of their data. Data Subjects are entitled to:
a) right to information: The Data Subject has the right to receive information related to data processing before the start of the activity aimed at processing their data.
b) right to access: The Data Subject has the right to receive feedback from the Data Controller as to whether their personal data is being processed and, if such processing is in progress, to access the personal data and relevant information (purpose of data processing, personal data of the Data Subject, storage period of personal data, etc.)
c) right to rectification and erasure: The Data Subject has the right to have the Data Controller correct inaccurate personal data concerning them without undue delay upon request. The Data Subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller is obliged to erase personal data concerning him or her without undue delay if the Data Subject has withdrawn his or her express consent or the purpose of the data processing has ceased for other reasons. Unless the data must be retained in accordance with the law. However, in addition to the above, the Data Controller will continue to process data that cannot be erased by law or cannot be erased at the time of the request.
d) right to restriction of data processing: The Data Subject has the right to obtain from the Controller the restriction of data processing upon request if the Data Subject contests the accuracy of the personal data (in this case, the restriction shall apply for a period enabling the Data Controller to verify the accuracy of the personal data); the data processing is unlawful and the Data Subject opposes the erasure of the data and instead requests the restriction of their use; the Data Controller no longer needs the personal data for the purposes of the processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims.
e) notification obligation to rectify or erase personal data or to restrict processing: The Data Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
f) right to data portability: The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and shall have the right to transmit these data to another Data Controller.
g) right to lodge a complaint and seek legal redress: The Data Subject has the right to lodge a complaint with the supervisory authority under Article 77 of the GDPR if, in the opinion of the Data Subject, the processing of personal data concerning him or her infringes the GDPR. Furthermore, pursuant to Section 22 of the Infotv., the Data Subject may initiate an investigation by a supervisory authority to examine the legality of the data controller's action if the Data Controller restricts the exercise of the above rights or rejects the request to exercise these rights, and may request the conduct of a data protection authority procedure by a supervisory authority if, in the opinion of the Data Controller, or a data processor acting on his or her behalf or on his or her instructions, infringes the provisions of the law or a binding legal act of the European Union on the processing of personal data.
The Data Subject may exercise his or her right to lodge a complaint at the following contact details: National Data Protection and Freedom of Information Authority; address: 1055 Budapest, Falk Miksa utca 9-11.; Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; www: http://www.naih.hu; email: ugyfelszolgalat@naih.hu
The Data Subject may apply to court in the event of a violation of his/her rights or in other cases specified in the Information Act (Article 23 of the Information Act). The adjudication of the lawsuit falls within the jurisdiction of the General Court. The lawsuit may - at the choice of the Data Subject - also be initiated before the court of the place of residence or stay of the Data Subject.
11./ Special rules regarding information for newsletter sending and advertising purposes
The Data Controller sends messages to the Data Subjects primarily containing information related to the purpose of data processing and the services provided by it, which arise in order to use the services.
However, the Data Subject acknowledges that subscribing to the newsletter service also qualifies as consent pursuant to Section 6 (1) of Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities, based on which the Data Controller is entitled to forward advertising and marketing inquiries directly to the Data Subject's provided e-mail address in connection with the services organized by the Data Controller. By subscribing to the newsletter service, the Data Subject expressly consents to the Data Controller sending him/her news, newsletters, advertisements and promotional offers related to the services provided by the Data Controller.
If the Data Subject does not wish to receive messages that are considered advertising in the future, he/she may cancel this at any time by using the option offered in the newsletter sent by the Data Controller, and may expressly prohibit the sending of advertising-related inquiries in person or by postal or electronic mail addressed to the Data Controller. The cancellation in accordance with the above does not affect the lawfulness of the data processing carried out on the basis of consent before the withdrawal.
12./ Provisions related to Facebook, Google Analytics, Google Adwords, Hotjar applications
12.1.Facebook
You can find out more about the cookies placed by Facebook at the following link: https://hu-hu.facebook.com/policies/cookies/ You can find more information about disabling cookies at the attached link.
12.2. Google Analytics
Google Analytics is a service provided by Google Inc. ("Google") is an analytics service provided by Google, which uses cookies stored on the user's computer to analyze user activities on the website. The legal basis for web analytics data processing is the voluntary consent of the website user. Cookies used for analytics purposes are anonymized and aggregated data, based on which it is difficult to identify the given device, but not impossible.
Data collected by Google Analytics cookies, which are transferred and stored on Google servers. The collected information and data are processed by Google. Google's purpose is to assess and evaluate users' website visiting habits, to prepare reports on the frequency of website use, and to provide other related services using the website. When using Google Analytics, Google cannot connect the IP address transmitted through the browser with other data.
Google Analytics uses cookies for analytics purposes. Further information about the cookies used by Google Analytics can be found at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie usage#analyticsjs
12.3. Google Adwords
The website uses Google Adwords remarketing tracking codes, the purpose of which is to target the site's visitors with remarketing ads on websites belonging to the Google Display Network in the future. The remarketing code uses cookies to tag the website's visitors. Website users have the option to disable these cookies. You can do this by visiting Google's ad settings manager and following the instructions there. If you manage to disable cookies, you will not receive further personalized offers from the Service Provider.
Further information about the cookies used by Google can be found at the following link: https://policies.google.com/technologies/ads?hl=hu
Google's privacy statement can be viewed at the following link: https://policies.google.com/privacy?hl=hu
12.4. Hotjar
The website sometimes uses Hotjar web analytics to analyze user behavior. Hotjar uses cookies on the user's computer to analyze user interactions on the website. The legal basis for data processing for web analytics purposes is the voluntary consent of the website user. Cookies used for analytical purposes are anonymized and aggregated data, based on which it is difficult to identify the given device/computer, but it is not impossible.
Hotjar uses cookies for analytical purposes. Further information about the cookies used by Hotjar is available at the following link: https://www.hotjar.com/legal/policies/cookie-information
13./ Final provisions
When visiting the website, the Consumer's IP address may be registered, however, the IT solutions used during the operation of the website do not allow the Data Controller to access the Consumer's personal data, this data is used exclusively for the development of the website and the improvement of the services available through it (for the preparation of statistics and analyses).
During the first visit, the website may install a so-called "cookie" (hereinafter: "cookie") on the hard drive or memory of the Consumer's computer or phone in order to make the content of the page and browsing and navigation faster and easier
when visiting the site again. If the "cookie" is refused, some elements of the page may not be displayed.
The Data Controller does not exchange "cookies" with websites operated by third parties, and does not allow them to be placed on its own website. The detailed rules of “cookie management” are contained in the cookie management windows that pop up on the www.brizlo.hu website.
The Data Controller reserves the right to make changes and improvements to the website at any time without notice, or to partially or completely eliminate the website or the information provided on it. The Data Controller does not guarantee the continuity and error-free access to the website, and the Data Controller is not liable for any damage that may occur due to a malfunction.
The Data Controller is obliged to compensate for any damage caused to others by the unlawful processing of the Data Subject’s data or by violating the data security requirements, unless the damage resulted from the intentional or grossly negligent conduct of the injured party.
14./ Relevant legislation
In matters not covered in this Information, the European Parliament and Council (EU) 2016/679 (GDPR), Act CXII of 2011, shall apply. Act, on the right to informational self-determination and freedom of information, Act V of 2013 on the Civil Code, and the provisions of other relevant laws shall apply.
This data processing information has been prepared in Hungarian.
This data processing information is valid from today until revoked.
Budapest, September 11, 2024.