Privacy Policy




Dóra Juhász (hereinafter: Data Controller ) hereby informs the visitors of the website (hereinafter: Website ), in the electronic store located on the Website
(hereinafter: Web Store ) customers, subscribers to the newsletter (summarized hereafter: Data Subject , User, Consumer or You) about the personal data it manages, the practice followed in the management of personal data, and the manner and possibilities of exercising the rights of the data subject.

The Website available under the domain name is considered the own Website of Dóra Juhász ev (hereinafter: Service Provider).

The Data Controller reserves the right to amend this Data Protection Notice (hereinafter: "Notice"). The Data Controller publishes the currently valid version of the Information on its website. By using the Website, the User accepts the contents of the Information Sheet at the same time, so please read this Information Sheet carefully before using the Website. The User gives his consent to the individual data management by using the Website and by voluntarily providing the data in question.

The use of the text and content of this Notice by third parties for their own purposes without consent on another website, its copying, or the adoption of the entire text or any part of the text is prohibited.


  • "data subject": natural person identified or identifiable on the basis of any information;
  • "personal data" : any information about the data subject; can be identified as a natural person who, directly or indirectly, in particular by an identifier, such as a name, number, location data, online identifier or the likeness of the natural person, one or more of the physical, physiological, genetic, mental, economic, cultural or social identity identifiable by factor;
  • "data management" : any operation or set of operations performed on personal data or data files regardless of the procedure used - i.e. automated or paper-based - such as collection, recording, organization, segmentation, storage, transformation or change, querying, viewing, use, deletion and destruction;
  • "data controller" : the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others;
  • "data transfer" : making data available to a specific third party;
  • "user" : the person providing information with consumer status who places an order regarding the services available on the Website, and thus whose personal data is collected and managed by the Data Controller; or a visitor to the Website.
  • "consent" : the voluntary, specific and well-informed and clear declaration of the data subject's will, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her;
  • "data processing" : the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
  • "data protection incident" : a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;
  • " service ": fulfillment of orders for products/bags available on the website;
  • "homepage/website" :

Name: Dóra Juhász, sole proprietor

Headquarters and mailing address (also the place of complaint handling): 1027 Budapest, Fő utca 63-65. V/2.

Location: 1027 Budapest, Jurányi utca 1.

Registration number : 31368481

Tax number: 66060761-1-41

Email address :

Phone number: +3670 316 4497



The Data Controller collects and processes personal data legally and fairly, as well as in a transparent manner for the Data Subject. The Data Controller collects and processes personal data only for specific, clear and legal purposes. The personal data managed by the Data Controller are adequate and relevant in terms of the purposes of the data management, and are limited to what is necessary in terms of extent and duration.

The Data Controller manages the data in such a way that the appropriate security of the personal data is ensured by applying appropriate technical or organizational measures, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of the data.

In order to verify compliance with the presented principles, the Data Controller keeps internal data management records of its individual data management operations. If the informant does not provide his own personal data, the informant is obliged to obtain the Data Subject's consent.




The Data Controller carries out data management related to the management of personal data for the following purposes and in connection with the activities listed below:

1. Data of website visitors

Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management

date of visit;
IP address of the User's computer at the time of visit; identification number,

the type of browser used by the User.

· website use;

· checking the operation of the services during website visits;

· collecting statistical information;

· preventing abuses.

60 days from viewing the website.

Voluntary consent of the User is Article 6 (1) point a) of the GDPR; the Elker. TV. 13/A. (3) of §


2. Data management related to online shopping ( web store).

Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management


Personal identification data:

surname and first name,
e-mail address, phone number;

other possible personal data entered in the "other requests" column, coupon code (optional)

Shipping and billing information :

personal identification data + address (country, settlement, street name, house number, postal code).

Other :

date of order;

bank account number in case of transfer.

· order processing;

· identification and registration of customers, purchases and payments;

· confirmation;

· issuance of a regular invoice;

· order fulfillment and delivery of products;

· enforcement of claims;

· contacting and maintaining contact with the customer;

· execution of technical operations;

The data related to the performance of the contract concluded electronically are used for the benefit of the contract and are deleted or destroyed upon its termination or upon expiry of the legally defined deadline.

Pursuant to Section 169 (1) of the Accounting Act, accounting receipts and supporting documents must be kept for 8 years.

In the case of data processed for the purpose of contacting us, we store them until the Data Subject withdraws his consent.


Infotv is responsible for the online sales and the identification of user F as the customer and the contact with him and the fulfillment of the ordered service . Paragraph (1) of § 5, or based on Article 6 (1) point a) of the GDPR (consent). In addition, data management is necessary in order to fulfill the contract pursuant to GDPR Article 6 (1) point b) and Elker tv. 13/A. based on paragraph (3) of §

The fulfillment of the legal obligation to issue invoices and make payments is Article 6 (1) point c) of the GDPR, as well as Account. TV. Paragraph (2) of § 169 and the VAT Act. It is done on the basis of § 169.

We inform you that

- to enter into a contract concluded electronically, it is essential to provide personal data in order to be able to complete the order for the desired service;

- failure to provide data will result in us not being able to process your order.


3. Data management related to sending messages or electronic correspondence

Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management

User's last and first name, e-mail address, and other personal data provided in the message and the circumstances of the case.



· providing more information about the products, handling requests for information, documenting the case;

· identification of the User;

· ensuring contact and communication;

Until the Data Subject withdraws his consent (he can do so at any time), otherwise the communication by e-mail will be archived and

the Data Controller will delete it no later than 1 year after answering the question asked in the e-mail.

If the data is transferred by the Data Controller to Szá in this case, the Data Manager will only delete the data after 8 years from the date of receipt of the case to the Data Manager, regardless of the data subject's consent.

The legal basis for processing data is the User's voluntary consent based on Article 6 (1) point a) of the GDPR; and the fulfillment of legal obligations pursuant to Article 6 (1) c) of the GDPR and Fgy. TV. Based on § 17/A.


4. Data management related to sending newsletters

Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management

Name, e-mail address, time of registration, IP address at the time of registration.

Identification of the User, enabling subscription to the newsletter (electronic message), information about promotions and news.

Data processing lasts until the consent statement is revoked, i.e. until unsubscription.

Voluntary consent of the User based on point a) of Article 6 (1) of the GDPR, Elkertv. 13/A.§a and Grt. Paragraph (5) of § 6.


5. Establishing partner relationships; data processed for the purpose of contact

Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management

Name, e-mail address, phone number, position.

Continuation of communication during the offer phase; maintaining a relationship in order to facilitate the contractual relationship.

The data management lasts until the cancellation request of the concerned Partner.

Voluntary consent of the concerned Partner based on Article 6 (1) point a) of the GDPR. The concerned Partner gives his consent to the processing of his personal data by voluntarily handing over the contact details to the Data Controller.


6. Data management during and after the contractual legal relationship for the purpose of possible claim enforcement

Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management

Name, e-mail address, phone number, job title.

Contract performance; contact necessary for fulfillment, identification of the person concerned.

Claims arising from a contract.

Until the duration of the contractual relationship, or until the end of the time available for asserting claims arising from it. On the basis of the express consent statement of any person concerned, until their statement is revoked.

Data management is necessary for the performance of the contract based on GDPR Article 6 (1) point b) and/or the Data Controller's legitimate interest in the referenced para. based on point f).


7. Data management related to the fulfillment of tax and accounting obligations


Managed data circle

Purpose of data management

Duration of data management

Legal basis for data management


Possible range of data:

name, address, tax status, tax identification number, signature of recipient, payer, business ID number.

Fulfillment of tax and accounting obligations.

8 years after the termination of the legal relationship giving the legal basis.

Fulfillment of the legal obligation according to Article 6 (1) point c) of the GDPR (Law CXXVII of 2017 § 169 § 202, Law C of 2000 § 167, Law CXVII of 1995).


8. Data management related to potential complaints


Purpose of data management

Duration of data management

Legal basis for data management

Investigating and documenting the circumstances of the complaint in order to make reports, requests and comments available to the Data Controller.

The Data Controller is obliged to keep the minutes of the oral complaint, the written complaint and the copy of the response for 5 years, and present it to the inspection authorities upon their request.

If the data is transferred by the Data Controller to Account TV. is obliged to keep the data, then the Data Controller will only delete the data after 8 years from the date of the complaint, regardless of the consent of the data subject.

The legal basis for the processing of data handled during complaint handling activities is the consent of the data subject pursuant to Article 6 (1) point a) of the GDPR and/or the fulfillment of a contract based on Article 6 (1) point b) of the GDPR, or fulfillment of a legal obligation GDPR Article 6 (1) c) and Fgy. TV. Based on § 17/A.



The Data Controller provides the possibility to subscribe to the newsletter via the Website.

In this way, the User can give prior and explicit consent, bearing in mind the provisions of this Notice, to inform the Data Controller about news, current affairs, and promotions related to the Data Controller's activities through electronic messages (newsletters) via the provided contact details, and the Data Controller to manage the personal data necessary for sending the information. The Data Controller does not send unsolicited promotional messages.

In the case of a newsletter, the Data Controller manages the data provided by the User during subscription to the newsletter until the User unsubscribes from the newsletter by clicking on the "Unsubscribe" button at the bottom of the newsletter message or requests - without limitation or obligation to provide reasons - to be removed from the list of subscribers to the newsletter e by email or post. In case of unsubscribing, the Data Controller will not contact the User with further newsletters and offers. The User can unsubscribe from the newsletter free of charge and withdraw his consent at any time. The Data Controller will inform the User electronically about unsubscribing or deletion from the newsletter address list.

Information on the scope, purpose, legal basis of the processed data, and the duration of the data management can be found in Section III of this Notice. can be found in point 4 of chapter



The scope of the managed data: Facebook, Instagram registered name, public profile picture of the User, other personal data provided in comments.

Scope of stakeholders: all stakeholders who registered on the Facebook social network and "liked" and "followed" the page of the Data Controller.

The Data Subject can find out about the source of the data, its management, the method of transfer and its legal basis on the given social page. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site. ; .

The legal basis for data management: the voluntary consent of the concerned person to the processing of his personal data on social networking sites.


The Data Controller is entitled to use a Data Processor to carry out its activities. The Data Processor does not make an independent decision. For their part, the Data Processors record the personal data provided by the Data Controllers and managed or processed by them in accordance with the provisions of the GDPR, or processed.

The Data Controller uses the following Data Processor for IT activities :

Name : NETDOOR Kft.

Headquarters: 1055 Budapest, Akadémia utca 14. fszt. 5.

  • Activity provided by the data processor: hosting service; system administrator service (check, technical update, other improvements, repair tasks).
  • Scope of data: personal data of the user of the Website or placing an order.
  1. The Data Controller uses the following Data Processors and Data Transmitters in the context of online marketing activities :
  2. A) Name: Mailchimp owned by The Rocket Science Group, LLC

Website :

Registered Office: 675 Ponce De Leon Ave NE, Suite 5000, Atlanta GA 30308, USA

  1. B) Name: Google , owned by Google Ireland Ltd

Registered office: Gordon House, Barrow Street, Ireland, Dublin, D04 E5W5.

  1. Activity provided by the data processor: newsletter service; respectively promoting and advertising the services available on the Website, increasing the number of visitors to the Website.
  2. The Data Controller uses the following Data Processor for accounting activities :

Name: IT.Control Services Bt.

Headquarters: 9011 Győr, Honfoglazal u. 71/B building.

  • Activity performed by a data processor: processing invoices issued in the Data Controller's system.
  • Scope of data: name, billing name, billing address.
  • Duration of data processing, deadline for data deletion: 8 years based on § 169 (2) of Act C of 2000 on accounting.
  1. The Data Controller uses the following Data Processors for invoicing activities :

A.) Name:, which is Kft . property

Headquarters: 1031 Budapest, Záhony utca 7.


B.) Name: Naturasoft, which is owned by NATURASOFT Magyarország Kft

Headquarters: 1113 Budapest, Daróczi út 11.


  • Scope of data: name, billing name, billing address.
  • Duration of data processing, deadline for data deletion: 8 years based on § 169 (2) of Act C of 2000 on accounting.
  1. The Data Controller uses the following Data Processors during online payment :

Name: CIB eCommerce, owned by CIB Bank Zrt

Headquarters: 1027 Budapest, Medve utca 4-14.


The Data Controller uses the following Data Processors when paying by bank card :

Name: myPOS , owned by myPOS Europe Ltd

Headquarters: The Shard, Level 24, 32 London Bridge Street, London, United Kingdom


Name: Raiffeisen Bank Zrt.

Headquarters: 1054 Budapest , Akadémia utca 6.

  • The purpose of the data processing: processing payments, confirming transactions and checking abuses for the protection of users.

  1. The Data Controller uses the following Data Processors for package delivery :


A.) GLS General Logistics Systems Hungary Kft. /head office: 2351 Alsónémedi, GLS Európa utca 2./

B.) Packeta Hungary Kft. /headquarters: 1044 Budapest, Ezred utca 1-3./

C.) Magyar Posta Zrt. /headquarters: 1138 Budapest, Dunavirág utca 2-6./

  • Scope of data: name, delivery name, address.



A "cookie" is a short text file (string of characters) that our web server sends to the affected device (be it any computer, mobile phone or tablet) and reads it back, i.e. the data of the User's logged-in device, which is the use of the service are generated during and recorded by our system as an automatic result of technical processes, especially the date and time of the visit, the IP address of the User's computer, and the type of browser.

According to the law, cookies can be stored on your device if this is absolutely necessary for the efficient and secure operation of our website. These data, which are recorded automatically, are automatically logged by the system upon entry and exit without the User's separate statement or action. These data cannot be combined with other personal user data, except in cases made mandatory by law. Only the Data Controller has access to the data. We need your permission to use all other types of cookies.

  • Security cookie;
  • Temporary (session) cookies: they are automatically deleted after the User visits/closes the browser. These cookies are used so that the Service Provider's website can function more efficiently and securely, so they are essential for certain functions of the Website or certain applications to function properly;
  • Persistent cookies: these are stored for a longer time in the cookie file of the browser. The duration of this depends on the settings the User uses in his Internet browser.

External servers assist in the independent measurement and auditing of the website's visitor and other web analytics data (Google Analytics, Facebook Analytics). The regulations for the service provide information on the handling of measurement data. Contact information: ; .

Cookies for improving the user experience : these cookies collect information about the user's use of the website, for example, which pages are visited most often or what error message is received from the website. These cookies do not collect information that identifies the visitor, that is, they work with completely general, anonymous information. We use the data obtained from these to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

Google Adwords cookie: when someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, in Google products, such as to customize the ads displayed in Google Search. For example, it uses such cookies to remember your most recent searches, your previous interactions with ads or search results from certain advertisers, and your visits to advertisers' websites. AdWords conversion tracking uses cookies. To track sales and other conversions resulting from the ad, cookies are saved on the user's computer when that person clicks on an ad. Some of the common uses of cookies are: to select ads based on what is relevant to the user, to improve reporting on campaign performance, and to avoid showing ads that the user has already seen.

Google Analytics cookie : Google Analytics is Google's analysis tool that helps website and application owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and report statistical data on the use of the website without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to the reports generated from website usage statistics, Google Analytics - together with some of the advertising cookies described above - can also be used to display more relevant ads in Google products (such as Google Search) and across the Internet.

Remarketing cookies : may appear to previous visitors or users when browsing other websites in the Google Display Network or searching for terms related to your products or services

Session cookie: these cookies store the location of the visitor, the language of the browser, the currency of the payment, and their lifetime is until the browser is closed, or a maximum of 2 hours.

Mobile version, design cookie : detects the device used by the visitor and switches to full view on mobile. Its lifespan is 365 days.

Cookie acceptance -cookie : when you arrive at the website, you accept the statement about the storage of cookies in the warning window. Its lifespan is 365 days.

Facebook pixel (Facebook cookie) Facebook pixel is a code with the help of which a report is prepared on the website about conversions, target audiences can be compiled, and the owner of the page receives detailed analysis data about the visitors' use of the website. With the help of the Facebook pixel, you can display personalized offers and advertisements to website visitors on the Facebook interface. You can read Facebook's privacy policy here:

If the User does not want the external service providers to measure the above data in the manner and for the purpose described, install the blocking add-on in his browser.

Browsers allow you to change cookie settings. Most browsers automatically accept cookies by default, but this can be changed to prevent automatic acceptance once set. For more information on changing your browser settings, please consult your browser's instructions or help.



The Data Controller stores the data provided by the User for a specific purpose.

The Data Controller does not check the personal data provided to him. The person providing the data is solely responsible for the accuracy of the data provided. All responsibility related to a specified e-mail address rests solely with the User who provided the e-mail address.

The Data Controller does not use the provided personal data for purposes other than those specified in this Information. The Data Controller does not transfer the personal data it manages to third parties other than the Data Processors specified in this Information.

The User can contact the Data Controller with any questions or comments related to data management via the known contact details.

The Data Controller will provide information on data processing not listed in this Notice when the data is collected.

In response to an exceptional official request, or in the case of requests from other bodies based on the authorization of the law, the Data Controller is obliged to provide information, communicate and transfer data, and make documents available. In these cases, the Data Controller only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.



  1. Right of access

The data subject is entitled to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data is being processed, he is entitled to access the personal data and the information listed in the Regulation.

  1. Right to rectification

The Data Subject may request that the Data Controller correct inaccurate personal data concerning the Data Subject without undue delay. Taking into account the purpose of data management, the Data Subject may request the addition of incomplete personal data.

  1. The right to erasure

The data subject may request that the Data Controller delete the personal data processed on the basis of his consent without undue delay under the conditions specified in the Regulation.


  1. The right to be forgotten

If the Data Controller has disclosed the personal data and is obliged to delete it, taking into account the available technology and the costs of the implementation, it will take the reasonably expected steps - including technical measures - in order to inform the data controllers handling the data that the Data Subject has requested the personal data in question the deletion of links or duplicates of these personal data.

  1. The right to restrict data processing

The data subject may request that the Data Controller restrict data processing upon request, if the conditions specified in Article 18 (1) of the GDPR are met.

  1. The right to data portability

The data subject is entitled to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller.

  1. The right to protest

The data subject has the right to object to the processing of his personal data at any time.

Request for information

The data subject has the right to request information from the Data Controller at any time regarding the processing of his personal data. Access to personal data, their deletion, modification, or restriction of processing, data portability, and objections to data processing are provided for in II. The Data Subject can initiate the process via one of the contact details indicated in point :

Action deadline

The Data Controller shall inform the Data Subject in writing of the measures taken following the above requests without undue delay, but no later than within 30 days of receipt of the request. If necessary, this can be extended by 30 days . The Data Controller shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within 30 days of receiving the request.

If the Data Controller does not take measures following the Data Subject's request, it shall inform the Data Subject in writing of the factual and legal reasons for the rejection of the request without delay, but at the latest within one month of the receipt of the request, the reasons for the failure to take action , and that the Data Subject may file a complaint under Article XI. at the supervisory authority specified in point or you can use your right of judicial remedy.


The Data Controller informs the Data Subject about the data protection incident without undue delay - in a clear and understandable manner - if the data protection incident is likely to involve a high risk for the rights and freedoms of the Data Subject(s).

In the information provided to the Data Subject, the Data Controller describes the nature of the data protection incident, and provides the name and contact details of the contact person providing further information; describes the likely consequences of a data protection incident; describes the measures taken or planned to remedy the data protection incident, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The Data Controller is not obliged to inform the Users if one of the cases set out in Article 34, paragraph (3) of the GDPR is met.



  1. The Data Subject can contact the Data Controller with comments regarding the handling of his personal data in II. at one of the contact details specified in
  2. In the event of a violation of their rights, the Data Subject may apply to the court against the Data Controller. The court acts out of sequence in the case.
  3. A complaint against a potential violation of the Data Controller can be filed with the National Data Protection and Freedom of Information Authority.

1055 Budapest, Falk Miksa u. 9-11.

Mailing address: 1363 Budapest, PO Box: 9.

Telephone: +36 -1-683-5969

Fax: +36-1-391-1410





The Data Controller undertakes to ensure the security of the data. It also takes the technical measures to ensure that the recorded, stored and managed data are protected, and does everything to prevent their destruction, unauthorized use and unauthorized change. The data is stored on a secure, password-protected computer, data storage or cloud storage. Based on the relevant request, the Data Controller provides information on its requirements, responsibilities and the backup procedure related to backups affecting its IT systems.

The Data Controller pays attention to the fact that, during its data management, it acts in accordance with the applicable data protection legislation and established data protection official practice. Its basic data management principles are in line with the applicable legislation on data protection, and in particular with the following:

  • Regulation 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);
  • CXII of 2011 Act on the right to self-determination of information and freedom of information (Infotv.)
  • CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society (Ekertv.);
  • Act V of 2013 on the Civil Code (Ptk.);
  • CLV of 1997. law on consumer protection (Fgytv.);
  • Act C of 2000 on accounting (Accounting);
  • XLVIII of 2008 Act on the basic conditions and certain limitations of economic advertising activity (Grt.).

This Data Management Notice will enter into force on May 17, 2022.

Dóra Juhász ev