Privacy Policy

Privacy Policy for clients

Personal data protection is extremely important for us, therefore we inform you by way of this Privacy Policy about the personal data we process, as well as the purpose and legal basis of processing. The Privacy Policy also contains the rights you are entitled to.

1. Details of the Data Controller

Data Controller: Audeara Europe Kft. (hereinafter as: Data Controller)
Registered seat: H-1133 Budapest, Árbóc utca 1-3., 5. em.
Corporate registration number: 01-09-406221
Tax number: 32092459-2-41
Website: https://hu.audeara.com/
Email addresshungary@audeara.com

2. General legislative provisions serving as a legal basis for data processing

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
  • Act CXII of 2011 on Informational self-determination and freedom of information (Act on Privacy)
  • Act V of 2013 on the Hungarian Civil Code (Civil Code)
  • Act CXXVII of 2007 on Value Added Tax (Act on VAT)
  • Act C of 2000 on Accounting (Act on Accounting)
  • Act CXIX of 1995 on the Use of Name and Address Information Serving the Purpose of Research and Direct Marketing (DM Act)
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services (Act on E-Commerce)
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Commercial Advertising Act)

3. Definitions

Personal data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data includes in particular: name, address, place and date of birth, mother's name.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

4. Principles

  1. In the course of processing personal data, the following principles are taken into account by the Data Controller so that personal data is:
  2. processed lawfully, fairly and in a transparent manner in relation to the Data Subject (lawfulness, fairness and transparency)
  3. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89 (1) of the GDPR, not be considered to be incompatible with the initial purposes (purpose limitation)
  4. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)
  5. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy)
  6. kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (storage limitation)
  7. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality)
  8. the Data Controller shall be responsible for compliance with the foregoing, and must be able to demonstrate such compliance (accountability)

5. Data processing activity

a.) contacting (website)

    Purpose of data processing

    Contacting, keeping in touch

    Legal basis of data processing

    Article 6 (1) b) of the GDPR: data processing is necessary for the performance of a contract or in order to take steps at the request of the Data Subject prior to entering into a contract

    Categories of Data Subjects

    Enquirer

    Scope of Personal Data

    Name, telephone number, email address

    Data retention period

    For 1 year from the date of first contacting

    Data transfer

    Data transfer is performed on the basis of Articles 44-49 of the GDPR

    Recipients

    The Data Controller engages Data Processors:

    • hosting service provider: Namecheap, Inc. (registered seat: 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA)
    • mail system provider: Google Ireland Ltd. (registered seat: Google Building Gordon House, Barrow St, Dublin 4, Ireland)

    Source of personal data

    The source of personal data is the enquirer

    Method and consequences of data provision

    Provision of data is necessary. However, if you do not provide the personal data, the Data Controller will not be able to contact you


    b.) contacting via e-mail

      Purpose of data processing

      Contacting, keeping in touch

      Legal basis of data processing

      Article 6 (1) b) of the GDPR: data processing is necessary for the performance of a contract or in order to take steps at the request of the Data Subject prior to entering into a contract

      Categories of Data Subjects

      Enquirer

      Scope of Personal Data

      Name, telephone number, email address

      Data retention period

      Until the end of the 1st year after the first contact

      Data transfer

      Data transfer is not performed on the basis of Articles 44-49 of the GDPR

      Recipients

      The Data Controller engages a Data Processor: 

      • mail system provider: Google Ireland Ltd. (registered seat: Google Building Gordon House, Barrow St, Dublin 4, Ireland)

      Source of personal data

      The source of personal data is the enquirer

      Method and consequences of data provision

      Provision of data is necessary. However, if you do not provide the personal data, the Data Controller will not be able to contact you


      c.) requesting information about product resale (under the menu "Become a stockist")

      Purpose of data processing

      Requesting information about product resale

      Legal basis of data processing

      Article 6 (1) b) of the GDPR: data processing is necessary for the performance of a contract or in order to take steps at the request of the Data Subject prior to entering into a contract

      Categories of Data Subjects

      Enquirer

      Scope of Personal Data

      Name, email address, company name

      Data retention period

      Until the end of the 1st year after the first contact

      Data transfer

      Data transfer is performed on the basis of Articles 44-49 of the GDPR

      Recipients

      The Data Controller engages Data Processors: 

      • hosting service provider: Namecheap, Inc. (registered seat: 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA)
      • mail system provider: Google Ireland Ltd. (registered seat: Google Building Gordon House, Barrow St, Dublin 4, Ireland)

      Source of personal data

      The source of personal data is the enquirer

      Method and consequences of data provision

      Provision of data is necessary. If you do not provide the personal data, the Data Controller will not be able to inform you about the resale of the product


      d.) sending newsletters  

      Purpose of data processing

      Sending newsletters 

      Legal basis of data processing

      GDPR, Article 6 (1) a): consent

      Categories of Data Subjects

      Newsletter subscribers

      Scope of Personal Data

      Name, email address

      Data retention period

      Until withdrawal of consent or 30 days from  the date of cancelling the subscription

      Data transfer

      Data transfer is performed on the basis of Articles 44-49 of the GDPR

      Recipients

      The Data Controller engages Data Processors: 

      • hosting service provider: Namecheap, Inc. (registered seat: 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA)
      • newsletter software: 
        • HubSpot, Inc. (registered seat: 1 Sir John Rogerson’s Quay, Dublin 2, Ireland)
        • Shopify International Ltd. (registered seat: 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland)

      Source of personal data

      The source of personal data is the newsletter subscriber

      Method and consequences of data provision

      Provision of data is voluntary. However, if you do not provide the personal data, the Data Controller will not be able to send you newsletters


      e.) invoicing

      Purpose of data processing

      Issuing invoices

      Legal basis of data processing

      Article 6 (1) c) of the GDPR: Compliance with legal obligation Section 159 (1) of the Act on VAT

      Categories of Data Subjects

      Partner

      Scope of Personal Data

      Name, address, tax number (for corporate Partner)

      Data retention period

      8 years based on Section 169 (1) and (2) of the Act on Accounting

      Data transfer

      Data transfer is not performed on the basis of Articles 44-49 of the GDPR

      Recipients

      The Data Controller engages Data Processors: 

      • operator of the invoicing program, szamlazz.hu: KBOSS.hu Kft. (registered seat: 1031 Budapest, Záhony utca 7, corporate registration number: 01-09-303201) 
      • accountant: K + J Kft. (registered seat: H-2120 Dunakeszi, Rákóczi út 66, corporate registration number: 13-09-124347)

      The Data Controller provides data to the National Tax and Customs Authority (NAV) under point 1 of Annex 10 to Act CXXVII of 2007 on Value Added Tax (Act on VAT)

      Source of personal data

      The source of personal data is the Partner

       

      Method and consequences of data provision

      Provision of data is necessary. If you do not provide the personal data, the Data Controller cannot fulfil their statutory invoicing obligation


      f.) contractual communication

      The Data Controller communicates with contracted Partners (suppliers) and maintains the business relationship through the contact person specified in the contract.

      Purpose of data processing

      Maintaining communication and realizing cooperation in order to achieve the objectives of the contract concluded between the Data Controller and the Partner

      Legal basis of data processing

      Article 6 (1) f) of the GDPR: legitimate interest

      Categories of Data Subjects

      Partner's employee (individual entrepreneur, Kft. /limited liability company/, Bt. /limited partnership/, Zrt./private company limited by shares/), as appointed contact person

      Scope of Personal Data

      Name, position, telephone number, email address

      Data retention period

      End of the 5th year following the performance or termination of the contract

      Data transfer

      Data transfer is not performed on the basis of Articles 44-49 of the GDPR

      Recipients

      The Data Controller engages a Data Processor:

      • HubSpot, Inc. (registered seat: 1 Sir John Rogerson’s Quay, Dublin 2, Ireland)

      Source of personal data

      The source of personal data is the Partner's contact person

      Method and consequences of data provision

      Provision of data is necessary. If you do not provide the personal data, the Data Controller cannot consult with the Partner


      6. Data processing through the website

      Our Website uses cookies.

      A cookie is a file that is placed on your computer when you visit a website. A cookie is a set of information sent from the server to the browser, then every time there is a request the browser sends it back to the server with data content specified by the server. This is designed to save the internet settings on the website you visited, so if you visit the site again from the same device, the page will remember the set parameters.

      Cookies have several functions. Cookies are most often used for personalizing advertisements and services, and analysing website traffic.

      In light of the current legislation in force, we can only store cookies on your device if this is strictly necessary, that is, if it is essential for the operation of the website; these are called "necessary cookies". Your consent is required for the use of any other types of cookies. You can view and set the cookies currently used on the website in a pop-up window when accessing the website. 

      Modern browsers allow changes to cookie settings. Some browsers automatically accept cookies by default, but this setting can be changed to prevent automatic acceptance in the future. If you change the setting, the browser will continue to offer the option to set the cookies each time.

      Given that the purpose of cookies is to support and facilitate website usability and processes, if cookies are disabled, it cannot be guaranteed that you will be able to fully use all the functions of the website. In this case the website may operate differently in the browser than planned. You can find further information about cookie settings on the following links:

      7. Social media

      The Data Controller is available at the following social media sites. 

      The operator of the social site is considered an independent Data Controller, the information on data processing is available at the following links:  

      Social media site: 

      Name of the Data Controller: 

      Privacy Policy available: 

      Facebook

      Meta Platforms Ireland Ltd. (registered seat: 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland)

      https://www.facebook.com/privacy/explanation 

      LinkedIn

      LinkedIn Corporation (registered seat: 2029 Stierlin Court, Mountain View, CA 94043, USA)

      https://www.linkedin.com/legal/privacy-policy   

      Instagram

      Meta Platforms Ireland Ltd. (registered seat: 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland)

      https://help.instagram.com/519522125107875/?helpref=hc_fnav

      Google+ Youtube

      Google LLC (registered seat: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

      https://policies.google.com/technologies/product-privacy?hl=hu

      The Data Controller does not record or process personal data about the user of the given social site in its internal database and system. 

      8. Access to data

      Personal data can be accessed by the competent staff of the Data Controller to the extent necessary for the performance of their duties.

      9. Data security measures

      The Data Controller shall ensure adequate IT, technical and personnel measures to protect the processed personal data, including the protection of the personal data against unauthorized access or unauthorized modifications.

      10. Data Subject rights and their content relating to data processing


      Data processing-related

      Data Subject rights



      Content of Data Subject rights relating to data processing

      Right to be informed

      /GDPR, Article 13-14/

      You have the right to be provided information about the fact and purpose of data processing at the time when personal data are obtained. The Data Controller provides you with additional information that are necessary to ensure fair and transparent data processing, taking into account the specific circumstances and context of the personal data processing. You must also be informed about the fact of profiling and its consequences.

      Right of access

      /GDPR, Article 15/

      You are entitled to receive confirmation as to whether your personal data are being processed, and if such data processing is in progress, you will be entitled to be granted access concerning:

      • what personal data
      • on what legal basis
      • for what processing purposes
      • for how long are processed by the Data Controller 
      • who to, when, and based on which legislation did the Data Controller provide access to your personal data or who were they transmitted to
      • what source do personal data originate from (if it was not you that provided them to the Data Controller)
      • whether you apply automated decision-making and its logic, including profiling as well.

      Right to rectification

      /GDPR, Article 16/

      You have the right to receive from the Data Controller upon request the rectification of inaccurate personal data concerning you or to have incomplete personal data completed. Therefore, you may ask the Data Controller to modify some of your personal data (for example, you can change your email address or other contact details at any time).

      Right to erasure ("right to be forgotten")

      /GDPR, Article 17/

      You have the right to obtain from the Data Controller the erasure of your personal data where one of the following grounds applies: 

      • your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed 
      • you withdraw your consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and there is no other legal ground for the processing
      • you object to data processing on the basis of Article 21 (1), and there is no overriding legitimate reason for the processing of data, or you object to data processing on the basis of Article 21 (2)
      • your personal data have been unlawfully processed
      • your personal data must be deleted in order to comply with a legal obligation imposed by EU or Member State law applicable to the Data Controller
      • the collection of your personal data is performed in connection with offering information society services as referred in Article 8 (1).

      Right to restriction

      /GDPR, Article 18/

      You have the right to obtain from the Data Controller the restriction of your personal data where one of the following grounds applies: 

      • The accuracy of your personal data is contested by you (in this case the restriction applies to the time period which allows the Data Controller to verify the accuracy of the personal data)
      • the data processing is unlawful and you oppose to the erasure of the data and request the restriction of their use instead
      • the Data Controller no longer needs the personal data for the purpose of data processing, but you require them to present, exercise or defend a legal claim

      in light of Article 21 (1) you objected to data processing (in this case the restriction applies to the time period that is necessary to determine whether the Data Controller's legitimate reasons override your legitimate reasons).

      Right to data portability

      /GDPR, Article 20/

      You have the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, where:

      • the processing is based on consent according to point (a) of Article 6 (1), or point (a) of Article 9 (2), or on a contract within the meaning of point b) of Article 6 (1), and 
      • the processing is carried out by automated means.

      You also have the right – if this is technically feasible – to request that your personal data are directly transferred among Data Controllers.

      Right to object

      /GDPR, Article 21/

      You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1), including profiling based on the referred provisions. In this case the Data Controller shall not continue to process your personal data, except where the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

      If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

      Right to withdraw consent

      /GDPR, Article 7 (3)/

      You have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of the data processing performed based on consent before the withdrawal. You shall be informed of this before consent is granted. It shall be as easy to withdraw as to give consent.


      11. Legal remedies for Data Subjects relating to data processing, and their content

      Legal remedy

      Content of the remedy

      Right to lodge a complaint with a supervisory authority

      /GDPR, Article 77/

      If your right to the protection of personal data is infringed, you may lodge a complaint to the following Authority:

      Hungarian National Authority for Data Protection and Freedom of Information 

      registered seat: 1055 Budapest, Falk Miksa utca 9-11.

      address for correspondence: 1363 Budapest, Pf. 9.

      telephone: +36 (1) 391-1400

      email: ugyfelszolgalat@naih.hu   

      website: www.naih.hu  

      Right to effective judicial remedy against a Data Controller or Data Processor (initiation of court proceedings)

      /GDPR, Article 79/

      You are entitled to go to court against the Data Controller or the Data Processor if you experience the unlawful processing of your personal data. The court will hear the case without delay. In this case you are free to decide whether to submit your request with the tribunal of your domicile or your residence. Contact details of the tribunals:  www.birosag.hu/torvenyszekek


      12. Updates to the Privacy Policy

      The Data Controller reserves the right to unilaterally modify this Privacy Policy. The modification of this Policy may be particularly executed if it is necessary due to changes in legislation, official data protection practices, business needs or other circumstances. At the request of the Data Subject the Data Controller sends a copy of the Privacy Policy in force to the Data Subject in the arranged format.

      Budapest, 13 March 2023