Privacy Policy

Data Collection and Processing, Data Protection

Edis-dev Ltd. has implemented the necessary technical and organizational measures to protect the personal data you provide to us against loss, destruction, manipulation, and unauthorized access. We also do not share your personal data with any unauthorized third parties.

On our website, your personal data, such as your name, email address, phone number, etc., are only recorded when you provide them in one of our forms (e.g., contact form) and/or after placing an order.

We may use your personal data for:

• Managing your full profile (e.g., tracking orders, statistics)
• Sending newsletters addressed to you (e.g., promotions, new arrivals, etc.)
• Sharing with partners directly involved in the order and delivery process, if not handled by www.edis.hu (e.g., shipping with a partner company)

This Data Processing Information applies to the processing of personal data related to the use of services provided by www.edis.hu (hereinafter: Data Controller).

The person concerned expresses their intention to use the Data Controller’s services by filling out the form on the www.edis.hu website.

The provision of necessary data is essential to use the service, partly due to legal obligations (e.g., data required to issue an invoice) and partly to fulfill the service (e.g., shipping address and contact information necessary for delivering and receiving the purchased product).

If the person concerned feels that they have further questions beyond what is stated in this Information, or if any part of the Information is unclear and requires explanation, we ask that they contact the colleague responsible for ensuring the protection of personal data at the following email address: info@edis.hu.

Upon request, the Data Controller will provide detailed information about the personal data processed, the purpose of processing, the legal basis, the duration, and the activities related to the data processing.

Data Controller

Name: Edis-dev Ltd.
Email: info@edis.hu
Website: www.edis.hu

Person Concerned

Anyone who fills out the online order form on the www.edis.hu website and provides their data during registration (hereinafter: the Data Subject).

Consent for Data Processing

By registering, you explicitly and unequivocally consent to our company processing your personal data in accordance with the terms outlined in this Data Processing Information, in connection with electronic commerce (webshop, online purchases).

By accepting the Data Processing Information during registration, you explicitly and unequivocally consent to our company processing your personal data, in connection with our service and for the purpose of maintaining contact.

Marketing Purpose Data Processing

We only carry out data processing for marketing purposes (sending promotional emails, SMS, or letters) if you have given separate consent, and you have subscribed to receive newsletters.

In this case, our company may contact you via promotional emails, SMS, or letters regarding our services and related new information, as long as you do not withdraw your consent. However, we will not send unsolicited promotional messages, and you may unsubscribe from the newsletter (promotional emails) at any time without justification. This will not result in any disadvantage to you.

Principles of Data Processing

The Data Controller processes data related to the use of the service in accordance with applicable laws, ensuring the protection and respect of the data subject’s privacy, particularly:

• Act CVIII of 2001 on Electronic Commerce Services and Information Society Services
• Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)
• The European Parliament and Council Regulation (EU) 2016/679 (GDPR) as of May 25, 2018
• Act XLVIII of 2008 on the Fundamental Conditions and Restrictions of Economic Advertising Activities
• Act CXIX of 1995 on the Management of Name and Address Data for Research and Direct Marketing Purposes

Terms used in this Data Processing Notice should be interpreted according to the definitions established by the Information Act (Infotv.) and the GDPR.

The Data Controller processes only the personal data listed in this Data Processing Notice, in accordance with the principle of purpose limitation. The personal data will be processed only to the extent, for the duration, and for the purpose specified in this Notice, and for which the Data Subject has given their consent at the time of registration.

The Data Controller undertakes that if the purpose, principles, and/or practices for processing personal data change, it will notify the affected individuals of these changes, so they can always be aware of the applicable data processing principles and practices. The Data Controller commits to ensuring that this Data Processing Notice always reflects the actual principles and practices in use.

If we intend to use personal data in a way that deviates from the principles and purposes originally outlined when the data was collected, we will inform the Data Subjects in advance via email. They will be offered the opportunity to decide whether they consent to the processing of their personal data under the new terms, which may differ from the original terms.

Data Security

The Data Controller takes all necessary technical and organizational measures to ensure the security of the provided personal data throughout the entire processing process. The Data Controller plans and executes data processing operations in such a way that it ensures the protection of the privacy of the data subjects in accordance with the Information Act (Infotv.) and other applicable rules during data processing. The Data Controller and the data processor ensure the security of the data and take the necessary technical and organizational measures, as well as establish procedural rules required to comply with the provisions of the Information Act and other data protection and confidentiality rules.

The Data Controller protects the data with appropriate measures, especially to prevent unauthorized access, alteration, transfer, disclosure, deletion, destruction, as well as accidental destruction and damage, and to prevent access limitations resulting from changes in the applied technology. Data processing is done using IT tools. Data retrieval and transfer (e.g., to the competent authority) are carried out only by an authorized Data Controller, recorded in the data transfer log. All activities are documented in a traceable manner according to the established regulations.

Purpose of Data Processing

– Partly for fulfilling legal obligations (e.g., in accordance with the provisions of the 2000 Act C on accounting), – Partly for the performance of the service provided, such as the delivery of the purchased product, as well as – In connection with marketing data processing, sending electronic newsletters containing business advertising messages (advertising content emails) related to the activities and services of the Data Controller.

Description of Data Processing

The personal data provided by the Data Subject during the online purchase process on the www.edis.hu electronic platform, while completing the electronic form, is processed in the electronic system of www.edis.hu for the purpose of fulfilling the ordered service.

If an online payment is made on our service page, the payment details (e.g., credit card number) will be received by the banking service provider, but we do not store these data; we only store the necessary information for verifying the payment (such as the payer’s name and the amount paid). Similarly, in the case of a bank transfer, the bank storing the account number and the name of the account holder (from which the bank transfer is made) will store the data, and the Data Controller will also store the necessary data for identifying the payment and fulfilling accounting legal obligations, as mentioned previously.

Further data processing occurs in the case of newsletter subscription, when the Data Subject’s email address is stored in the electronic mail system for the purpose of sending marketing emails.

Legal Basis for Data Processing

Data processing is carried out following the registration for online shopping on the www.edis.hu website, based on your explicit and voluntary consent. Beyond the provision of services, after the ordered goods are delivered and received, your data will be stored and processed in order to fulfill tax and accounting obligations. Except for fulfilling these legal obligations, your data will not be shared with third parties.

If you subscribe to our newsletter, your email address will be processed for marketing purposes based on your explicit and voluntary consent provided during registration. You can withdraw this consent at any time, as explained in the Privacy Notice.

If you contact us by email, this will also be considered your explicit and voluntary consent for processing the data provided in the email.

By “liking” or following our social media pages (such as Facebook, Instagram, etc.), you are giving your explicit and voluntary consent. You can find information regarding the source, processing, transfer, and legal basis of the data on the respective social media page. Data processing on these platforms is subject to the policies of the respective social media, including the duration, methods, and possibilities for deleting or modifying data.

Types of Data Provided and Processed

• Name / Company Name
• Email address
• Phone number
• Other information

We inform you that, in all cases when personal data is requested, you have the free choice to provide the requested information. However, please note that if someone does not provide the requested data, it may prevent full use of the service (for example, the delivery address is essential for shipping).

The accuracy and validity of the personal and other data provided is the sole responsibility of the data subject.

Source of Data

Data directly collected from the data subject, voluntarily provided by the data subject during registration or during the use of the service.

Duration of Data Processing

• We store the personal data provided until the data subject withdraws their consent.
• Consent can be withdrawn at any time in the manner specified above.
• If a purchase takes place, the data related to the invoice will be stored for the 8 years following the last year of issuing the invoice, in accordance with the legal requirements under the Act C of 2000 on accounting.
• The data controller will delete any received emails, messages, and data provided through phone, Facebook, etc., along with the name, email address, and other voluntarily provided personal data, within one year from the date of communication.

Who Can Access the Provided Personal Data?

The provided data can only be accessed by the Data Controller and, in relation to their work, by employees who have a legal relationship with the Data Controller, such as system administrators, salespeople, or executives. Except in cases of legal obligations, your personal data will not be shared with third parties.

Data Transfer

The Data Controller will not transfer your personal data to third parties in relation to the provision of the service. However, courts, the prosecution, investigative authorities, public administration authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may request the disclosure or transfer of data. In response to such requests, the Data Controller will provide only the necessary personal data to fulfill the purpose of the request, with the exact scope and purpose clearly indicated by the requesting body.

Rights and Remedies Related to Data Processing

The data subject may exercise their rights regarding the data processing outlined in this Privacy Notice by proving their identity and the relationship with the data. This means that the Data Controller must verify the identity of the data subject to prevent misuse and protect the personal data of the data subject.

Right to Information

The data subject has the right to request information about the personal data being processed at any time. Upon request, the Data Controller will provide information regarding the personal data processed, including the purpose, legal basis, duration of processing, and, if applicable, the legal basis and recipients of any data transfer. The Data Controller is obligated to provide this information in a comprehensible form, within the shortest time possible, but no later than 25 days (or within one month from May 25, 2018, under the GDPR), in writing, as per the data subject’s request.

Correction, Deletion, and Restriction (Locking) of Data

The data subject can at any time modify or request the correction, deletion (except in cases of mandatory data processing), or restriction (locking) of their personal data from the Data Controller.

The Data Controller will delete the data if:

• The data processing is unlawful;
• The purpose of processing has ceased;
• The retention period for the data defined by law has expired;
• A court or the National Authority for Data Protection and Freedom of Information has ordered deletion;
• The data processing is incomplete or inaccurate, and this cannot be legally remedied—unless the law excludes deletion.

Notification Obligation

The Data Controller will inform all recipients of the personal data about any corrections, deletions, or restrictions (locks) made. Upon request, the Data Controller will notify the data subject about these recipients.

In case of a data protection incident with a high likelihood of risk, the Data Controller will inform the data subject without undue delay (and notify the supervisory authority within 72 hours). A data protection incident refers to a breach of security resulting in the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data.

Objection to Data Processing

The data subject may object to the processing of their personal data:

a. If the data processing or transfer is necessary solely for the fulfillment of a legal obligation concerning the Data Controller or for the enforcement of the legitimate interests of the Data Controller, data recipient, or third party (except for mandatory data processing); b. If the personal data is being used for direct marketing, public opinion research, or scientific research purposes; c. Or in any other case specified by law.

If the Data Controller finds the objection to be justified, the data processing will be ceased, and the data will be locked.

Legal Remedy

If the data subject believes their rights have been violated in relation to the processing of their personal data, they may contact the Data Controller at the provided contact information for further clarification or seek legal remedy.

Additionally, the data subject can initiate an investigation with the National Authority for Data Protection and Freedom of Information. The contact information is as follows:

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Website: www.naih.hu
• Phone: +36-1-3911400
• Email: ugyfelszolgalat@naih.hu

The data subject may also contact the competent court based on their place of residence.

Cookie Management on the Data Controller’s Website

If the Data Controller places tracking cookies on the Data Subject’s computer and uses them for targeted advertising on the websites visited by the Data Subject, such as social media sites, the Data Controller will inform the Data Subjects separately in the cookie notice. Most internet browsers are set up to accept cookies by default. The Data Subject can change the settings to block cookies or request a warning when cookies are set on the device. There are many ways to manage cookies. Please refer to your browser’s information or help page if you would like to learn more about the browser settings and how to modify them. A cookie generally contains the name of the website from which it originates, its lifespan (how long it stays on the visitor’s device), and its value, which is usually a randomly generated unique number.

Cookies are used to better customize the Data Controller’s website for later visits, making it easier for visitors to use.

Cookies are text-format data files stored on your device by your browser. Their content includes the websites and advertisements you have visited and searched for. However, cookies do not contain personal data such as name, address, email, etc. Cookies are used by the website visitor, for example, to grant permission to view certain page information. No special settings are required for your browser to download cookies to your computer. By default, your browser will accept cookies and store them in a list (e.g., “temporarily downloaded internet files”), as they do not pose any risk. If you do not want www.edis.hu or its contracted service providers and partners to use cookies, you can deactivate the acceptance of cookies in your web browser.

For more information, please refer to your browser’s help page. If you accept cookies, they will be stored on your computer unless you delete them. However, please note that disabling cookies may affect the functionality of our website for users. In such cases, cookies are still placed and read by your computer. On a later visit, the cookie-handling provider may be able to match the current visit to previous ones, but only regarding relevant content for the site.

Therefore, if you leave our website, you may encounter our ads on other websites. The user can delete the cookie from their computer or disable its management in their browser.

Declaration

Edis-dev Kft. takes responsibility for adhering to the data protection points outlined above.