Privacy Policy

The operator of the website www.gepida.hu (hereinafter referred to as the "Website") is Gepida Online Kft. (hereinafter referred to as the "Data Controller"). The management of the Data Controller acknowledges and accepts the content of this statement as binding for itself and the operation of the company. The content of this Privacy Policy constitutes a legal obligation for the company.

INTRODUCTION

The Data Controller takes all reasonable measures to ensure the security of the personal data it processes.
We kindly ask you to read this Privacy Policy before using our website. It contains information in a clear and comprehensible manner about how we process your personal data. This document provides clear and detailed information to the data subjects regarding all important aspects of data processing.
During the operation of the website, the Data Controller processes the data of individuals registered on the site in order to provide them with appropriate services. The service provider aims to fully comply with legal requirements regarding the processing of personal data, particularly those outlined in Regulation (EU) 2016/679 of the European Parliament and of the Council. This Privacy Policy has been prepared based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

DEFINITIONS

To facilitate the understanding of the Privacy Policy, the following legal terms related to data processing are explained:

“personal data”: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“data processing”: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“data controller”: A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“data processor”: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
“ data subject”: Any identified or identifiable natural person based on personal data, either directly or indirectly.
“third party”: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“recipient”: A natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether or not it is a third party.
“restriction of data processing”: The marking of stored personal data with the aim of limiting its future processing.
“data erasure”: The process of rendering personal data unrecognizable in a manner that prevents its recovery.
“data destruction”: The physical destruction of the medium containing data in a way that prevents recovery, decryption, or decoding.
“disclosure”: Making data accessible to anyone.
“consent of the data subject”: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
“objection”: A declaration by the data subject whereby they object to the processing of their personal data and request the termination of such processing and/or the deletion of the processed data.
“data protection incident”: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

USER SCOPE

A User refers to both registered individuals on the Website and unregistered individuals who use the Website’s services, place orders, or are identifiable—directly or indirectly—based on specific personal data.

PRINCIPLES OF DATA PROCESSING

The Data Controller declares that personal data will be processed in accordance with the provisions set out in this Privacy Policy and in compliance with applicable legal requirements, with particular attention to the following:

Personal data must be processed lawfully, fairly, and transparently in relation to the data subject.
Personal data collection can only be carried out for specified, clear, and lawful purposes.
The purpose of processing personal data must be appropriate and relevant, and it should only be to the extent necessary.
Personal data must be accurate and up to date. Inaccurate personal data must be erased without delay.
Personal data should be stored in a manner that allows the identification of data subjects only for as long as necessary. Personal data may be stored longer only if the storage is for public interest archiving, scientific and historical research purposes, or statistical purposes.
Personal data must be processed in a way that ensures adequate technical or organizational measures are in place to safeguard the personal data's security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
The principles of data protection must apply to any information related to an identified or identifiable natural person.

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

Personal data may only be processed to exercise a right or fulfill an obligation. Such rights can be established by law, through the explicit agreement of the parties, or by the implied conduct of one or more parties. Data processing must always adhere to the principle of purpose limitation. It may only occur to the extent and for the duration necessary to achieve the intended purpose, and at all stages, it must align with that purpose. If the purpose of the data processing ceases or the data processing becomes unlawful, the data must be deleted. The deletion is carried out by the employee responsible for processing the data. Gepida Online Kft. processes personal data for purposes related to its economic activities, including, but not limited to, the provision of commercial, business, transportation, and other services; employment purposes; marketing and direct marketing; document management processes associated with corporate operations; IT services and information security; and the utilization of corporate data assets. Additionally, data processing may be carried out for other purposes if the legal requirements are met and the purposes are precisely defined. The data processing activities of Gepida Online Kft. are based on voluntary consent, the performance of contractual or legal obligations (e.g., data provision), or, in certain cases, the legitimate interests of the Data Controller. These aspects will be discussed in more detail later.

WEBSITE REGISTRATION

Data submission on the Website is only permitted for individuals aged 16 or older.

Purpose of data processing: To provide certain additional functionalities of the Website. If the User has explicitly consented, data may also be used for sending newsletters, conducting public opinion or market research (via newsletters or phone calls), and carrying out consumer surveys.
Legal basis for registration data processing: Your consent.
Scope of data subjects: Registered users of the Website.
Duration of data processing: Data processing continues until consent is withdrawn. You can withdraw your consent at any time by sending an email to the designated contact email address.
Data deletion: Data is deleted upon the withdrawal of consent. You can withdraw your consent at any time by sending an email to the designated contact email address.
Authorized personnel to access the data: The data controller and its employees.
Data storage method: Electronic.
Modification or deletion of personal data: Can be initiated via email, phone, or mail using the contact details provided above.
Necessity of providing personal data: Personal data is essential for identification within databases and for maintaining contact.

Scope of Processed Data and Specific Purposes of Data Processing

Data Processed	Specific Purpose of Data Processing
Name	Identification, maintaining contact
Email Address	Identification, maintaining contact
Password	Enabling login functionality
Registration Date	Technical information operations
IP Address	Technical information operations

The user's consent for data processing can be granted by intentionally ticking an empty checkbox specifically provided for this purpose on the website. As a data subject, you have the right to object to the processing of your personal data. In this regard, you are entitled to follow the procedures detailed in the data processing information provided above, this Privacy Policy, and the relevant laws referenced in the Policy.

REGISTRATION FOR THE LIFETIME WARRANTY PROGRAM

Purpose of data processing: To fulfill the warranty obligations undertaken by Gepida Online Kft., maintain a registry of Users eligible to validate the warranty, and – if the User has explicitly consented – to send newsletters, conduct public opinion or market research, and carry out consumer surveys (via newsletters or phone calls) (hereinafter referred to as "Market Research").
Legal basis for registration data processing: Your consent.
Scope of data subjects: Registered users of the Website.
Duration of data processing: Data processing continues until consent is withdrawn. You can withdraw your consent at any time by sending an email to the designated contact email address.
Data deletion: Data is deleted upon the withdrawal of consent. You can withdraw your consent at any time by sending an email to the designated contact email address.
Authorized personnel to access the data: The data controller and its employees.
Data storage method: Electronic.
Modification or deletion of personal data: Can be initiated via email, phone, or mail using the contact details provided above.
Necessity of providing personal data: Personal data is essential for identification in the database and for maintaining contact. The accurate company name and address are required for invoicing, which is a legal obligation.
Scope of Processed Data and Specific Purposes of Data Processing

Data Processed	Specific Purpose of Data Processing
Type of purchased bicycle	Identification
ID number	Identification
Owner's name	Identification, maintaining contact
Owner's email address	Identification, maintaining contact
Postal address	Identification, maintaining contact
Phone number	Identification, maintaining contact
Place of purchase	Identification, verification of warranty eligibility
Date of purchase	Identification, verification of warranty eligibility
Purchase receipt number	Identification, verification of warranty eligibility
Registration submission date	Technical information operations
IP address	Technical information operations

REGISTRATION WITHOUT PURCHASE IN THE ONLINE STORE

Data submission on the Website is only permitted for individuals aged 16 or older.

Purpose of data processing: To contact the User, maintain communication, and respond to messages sent by the User.
Legal basis for data processing: Your consent.
Scope of data subjects: Users who submit the contact form.
Duration of data processing: Data processing continues until consent is withdrawn. You can withdraw your consent at any time by sending an email to the designated contact email address.
Data deletion: Data is deleted upon the withdrawal of consent. You can withdraw your consent at any time by sending an email to the designated contact email address.
Authorized personnel to access the data: The data controller and its employees.
Data storage method: The Data Controller uses the information submitted through the contact form solely for communication and providing information. These data are not stored in a database.
Modification or deletion of personal data: Can be initiated via email, phone, or mail using the contact details provided above.
Necessity of providing personal data: Personal data is essential for identification and communication purposes.

Scope of Processed Data and Specific Purposes of Data Processing

Data Processed	Specific Purpose of Data Processing
Name	Identification, maintaining contact
Email	Identification, maintaining contact
Phone	Identification, maintaining contact
Registration Date	Technical information operations
IP Address	Technical information operations

REGISTRATION DURING PURCHASE

Only authorized partners are permitted to register in our online store. Subscription and unsubscription to the online store are managed centrally.

Purpose of data processing: To record and fulfill orders placed through the Website, deliver ordered products, maintain communication related to orders, issue invoices, and fulfill accounting obligations. If the User has explicitly consented, newsletters may be sent to the corporate email addresses of traders, providing information about industry news and product promotions.
Legal basis for data processing: Your consent. For invoicing, the data processing is based on legal requirements.
Scope of data subjects: Registered users of the Website.
Duration of data processing: The duration is determined by legal requirements or until consent is withdrawn. You may withdraw your consent at any time by sending an email to the designated contact email address.
Data deletion: Occurs upon withdrawal of consent. You may withdraw your consent at any time by sending an email to the designated contact email address. Deletion of invoicing data is subject to legal requirements.
Authorized personnel to access the data: The data controller and its employees.
Data storage method: Electronic.
Modification or deletion of personal data: Can be initiated via email, phone, or mail using the contact details provided above. Accurate company name and address are required for invoicing, as mandated by law.

Scope of Processed Data and Specific Purposes

Data Processed	Specific Purpose of Data Processing
Name	Identification, contact, invoicing
Company Name	Identification, contact, invoicing
Address	Identification, contact, invoicing
Email	Identification, contact
Phone	Identification, contact
Details of ordered product	Product identification
Registration date	Technical information operations
IP address	Technical information operations

PURCHASE WITHOUT REGISTRATION

It is possible to make purchases in the online store without registration, as a guest. In this case, only the data necessary to complete the order is provided. Guest purchases do not require registration or a password. Personal data related to the order must be re-entered for each purchase.

Purpose of data processing: To record and fulfill orders placed through the Website, deliver the ordered products, maintain communication related to orders, issue invoices, and fulfill accounting obligations.
Legal basis for data processing: Your consent. For invoicing, data processing is based on legal requirements.
Scope of data subjects: Guest purchasers of the Website.
Duration of data processing: Data processing is carried out in accordance with legal requirements or until consent is withdrawn. You can withdraw your consent at any time by sending an email to the designated contact email address.
Data deletion: Data is deleted upon withdrawal of consent. You can withdraw your consent at any time by sending an email to the designated contact email address. Deletion of invoicing data is subject to legal requirements.
Authorized personnel to access the data: The data controller and its employees.
Data storage method: Electronic.
Modification or deletion of personal data: Can be initiated via email, phone, or mail using the contact details provided above. Accurate company name and address are required for invoicing, as mandated by law.

Scope of Processed Data and Specific Purposes

Data Processed	Specific Purpose of Data Processing
Name	Identification, contact, invoicing
Company Name	Identification, contact, invoicing
Address	Identification, contact, invoicing
Email	Identification, contact
Phone	Identification, contact
Details of Ordered Product	Product identification
IP Address	Technical information operations

The user can provide their consent for data processing by intentionally ticking an empty checkbox specifically provided for this purpose on the Website. As a data subject, you have the right to object to the processing of your personal data. You may exercise this right in accordance with the data processing details outlined above, this Privacy Policy, and the procedures described in the relevant legal provisions mentioned in the Policy.

INVOICE ISSUANCE

Purpose of data processing: To issue and send electronic invoices as email attachments.
Legal basis for data processing: Mandatory data processing based on legal requirements.
Scope of data subjects: Customers of the service provider.
Duration of data processing: Data processing is conducted in accordance with legal requirements or until consent is withdrawn. Consent for data processing can be withdrawn at any time by sending an email to the designated contact email address.
Data deletion: Data will be deleted upon withdrawal of consent. Consent can be withdrawn at any time by sending an email to the designated contact email address. Deletion of invoicing data is subject to legal requirements.
Authorized personnel to access the data: The data controller and its employees.
Data storage method: Electronic.
Modification or deletion of invoice data: Can be initiated via email, phone, or mail using the contact details provided above.

Scope of Processed Data and Specific Purposes of Data Processing for Invoice Issuance

Data Processed	Specific Purpose of Data Processing
Name	Identification, contact, invoicing
Company Name	Identification, contact, invoicing
Address	Identification, contact, invoicing
Email	Identification, contact
Phone	Identification, contact
Tax Number / Tax ID	Customer identification, invoicing
Invoice details	Identification of the invoice
Invoice Issuance Date	Technical information operations

The user can provide their consent for data processing by intentionally ticking an empty checkbox specifically provided for this purpose on the Website. As a data subject, you have the right to object to the processing of your personal data. You are entitled to exercise this right in accordance with the data processing details outlined above, this Privacy Policy, and the procedures specified by the relevant legal provisions referenced in the Policy.

PROCESSING OF CONTRACTUAL PARTNERS' DATA

Gepida Online Kft. processes the personal data of natural persons contracted as customers, suppliers, or under other legal relationships (e.g., commissioned subcontractors) on the legal basis of contract performance for the purposes of preparing, concluding, fulfilling, or terminating contracts, and providing contractual discounts. The processed data includes the person's name, tax identification number/tax number, business ID number, personal ID card number, address or registered office/branch address, phone number, email address containing the person's name, and bank account number. Such data processing is lawful and permissible even before the conclusion of a contract if necessary to take steps at the request of the data subject (e.g., requesting a quotation or providing a technical proposal). In such cases, the legal basis for data processing is the legitimate interest of one or more parties. For contractual partners, recipients of the personal data may include employees of the company responsible for customer service tasks (primarily sales representatives), employees managing accounting and taxation tasks, and data processors. According to legal regulations:

Contractual data is retained for an additional five years (a total of up to six years) from the end of the calendar year in which the contract terminates.

For data required under record-keeping obligations, retention extends to an additional eight years (a total of up to nine years) from the end of the calendar year in which the contract terminates. Gepida Online Kft. informs the data subject in advance that data processing is based on the legal title of contract performance and serves the interests of both contracting parties. This notification is provided during pre-contract negotiations, either verbally or in writing, and is included in the final contract. The data subject is also informed if their data is shared with a data processor (e.g., an accountant). Gepida Online Kft. processes and stores the contact information of natural persons representing legal entity clients, business partners, customers, suppliers, and subcontractors. The purpose of such data processing is business communication, which can only be effectively and evidently conducted through natural persons. The legal basis for this is the performance of the contract concluded with the other party. This includes processing the data of corporate representatives, contacts, and performance verifiers of contractual partners. The name of the natural person, their workplace or office address, workplace phone number, and email address containing their name. The storage of personal data – if the contact person's data is physically separable from the contract – lasts until the business relationship between the parties ends, the individual's status as a representative ceases, or 30 days after receiving the individual's deletion request. However, if the contact person's data is included as an inseparable part of the contract (e.g., embedded in the text), it cannot be independently deleted without damaging the contract.In such cases, the data shares the legal fate of the contract, and the retention period for the contact person's data is five years from the end of the calendar year in which the contract terminates.He storage of physical, paper-based data carriers is conducted in the office and warehouse facilities owned by Gepida Online Kft. Electronically stored data is located within Gepida Online Kft.’s corporate system (a Hungarian-based system or cloud-based server). Personal data related to the performance of contracts is stored on Gepida Online Kft.'s server, on the secure personal computers and notebooks of employees, and on the servers and computers of authorized data processors (e.g., accountants). The retention period for paper-based contracts is two years. Recipients of personal data within the Data Controller's organization may include the management, the company, and relevant employees. Gepida Online Kft.’s contractual data, including personal data contained therein, may be lawfully accessed by authorized individuals, such as those handling client data in compliance with regulations:

Shoprenter Kft. (4028 Debrecen, Kassai út 129.), as the operator of the www.gepida.hu website
Kotán és Tsa Bt. (2096 Üröm, Fenyves sétány 14/B.), as the appointed operator of the corporate IT system, access control, and security system.
Finacont Szolgáltató és Tanácsadó Kft. (address: 1062 Budapest, Aradi u. 16. II/2.), as the accounting firm (with Szilvia Povázson as the accountant).
AMORSA s.r.o. (address: SK-92901 Dunajská Streda, ul. biskupa Kondého 4577/16), as an online agency.
Dr. Róbert Loványi, attorney (address: 1111 Budapest, Bartók Béla út 36-38. III. 7.), as legal representative and advisor.
Hunet Kft. (address: 1145 Budapest, Varsó u. 31.), as the maintainers of the computer programs used for issuing delivery notes and invoices.
Barion Payment Zrt. (address: 1117 Budapest, Infopark sétány 1.), as the bank facilitating online payments.
Other: For mailing, delivery, and parcel shipping purposes, DPD Hungária Kft. (address: 1134 Budapest, Váci út 33.), courier service, etc.

The confidentiality and data security provisions of the contracts concluded with data processors guarantee the protection of clients' personal data.

DATA PROCESSING BASED ON THE DATA SUBJECT'S CONSENT
(VOLUNTARY DATA PROVISION)

The purpose of using voluntarily provided personal data at Gepida Online Kft. is multifaceted. These purposes may include ensuring high-quality customer service, operating a quality management system (e.g., complaint handling), providing necessary information to existing and prospective customers (e.g., website browsing, newsletters, surveys, sweepstakes, community events, information sharing on social media platforms), and performing direct marketing activities (e.g., newsletters, market research). The scope of data collected, processed, and utilized in this manner is limited to the extent necessary and is determined as narrowly as possible by the Data Controller. The specific data scope varies depending on the purpose, such as: name, contact information (e.g., residential or notification address, phone number, email address, online identifier, internet profile), customer habits, image and sound recordings, photographs.

At the time of data collection, Gepida Online Kft. provides the data subject with the following information:

The identity and contact details of the Data Controller and their representative, as well as the processors;
The purpose of the intended processing of personal data and the legal basis for processing;
In specific cases, the recipients of the personal data or the categories of recipients, if applicable;
The duration of personal data storage or, if it is not possible to determine at the time, the criteria used to establish that duration;
The rights of the data subject to request access to, rectification, erasure, or restriction of processing of their personal data from the Data Controller, as well as the right to object to such processing and the right to data portability;
The right to withdraw consent at any time, which does not affect the lawfulness of data processing based on consent before its withdrawal;
The right to lodge a complaint with a supervisory authority;

The data subject may withdraw their explicit or implied consent to data processing at any time. The Data Controller also emphasizes that the withdrawal does not affect the lawfulness of data processing based on consent before its withdrawal and does not necessarily and immediately result in the deletion of personal data if the Data Controller can process the data on another legal basis that replaces consent (e.g., for legitimate interests, claims arising from a breach of contract concluded in the meantime, or claims for damages caused outside of a contract). If the provision of personal data is not voluntary, the data subject will be informed about data processing based on legal or contractual obligations or that data collection is a prerequisite for entering into a contract. Furthermore, they will be informed whether they are required to provide personal data in such cases and the potential consequences of failing to provide such data.

SOCIAL MEDIA PLATFORMS

A social media platform is a medium where messages are disseminated through community users. Social media leverages the internet and online presence opportunities to enable users to transition from content consumers to content creators. Social media platforms are online applications that feature user-generated content, such as Facebook, Google+, Twitter, etc. The forms of social media presence may include public speeches, presentations, demonstrations, or the introduction of products or services. Information shared on social media may take the form of forums, blog posts, images, videos, audio files, message boards, email messages, etc. Accordingly, the scope of processed data, in addition to personal data, may also include the user's public profile picture.

Scope of data subjects: All registered users.
Purpose of data collection: To promote the website or related webpages.
Legal basis for data processing: Voluntary consent of the data subject.
Duration of data processing: As specified by the regulations of the respective social media platform.
Deadline for data deletion: As specified by the regulations of the respective social media platform.
Authorized recipients of the data: As specified by the regulations of the respective social media platform.
Rights related to data processing: As specified by the regulations of the respective social media platform.
Method of data storage: Electronic.

It is important to note that when a user uploads or submits personal data, they grant the social media platform operator a globally valid license to store and use such content. Therefore, it is crucial to ensure that the user has full authorization to share the information they publish.

GOOGLE ANALYTICS

Our website uses Google Analytics.

When using Google Analytics:

Google Analytics generates reports for its clients about the behavior of website users based on internal cookies. On behalf of the website operator, Google uses the information to analyze how users interact with the website. Additionally, Google provides reports on website activity to the operator as a service, enabling the operator to offer additional functionalities. The data is stored on Google's servers in an encrypted format to enhance security and prevent misuse.

How to disable Google Analytics. Quoted from the page:

Website users who do not wish Google Analytics JavaScript to report their data can install the Google Analytics Opt-out Browser Add-on. This add-on prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to the Google Analytics system. The browser add-on is compatible with most modern browsers. The Google Analytics Opt-out Browser Add-on does not prevent data from being sent to the website itself or other internet analytics services. https://support.google.com/analytics/answer/6004245?hl=hu

Google Privacy Policy: https://policies.google.com/privacy?hl=hu

Detailed information about data usage and protection can be found at the links above.

GOOGLE PRIVACY IN DETAIL

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

USE OF "COOKIES" ON THE WEBSITE

Access to the website operated by Gepida Online Kft., available at https://www.gepida.hu/, is free and open to anyone without revealing their identity or providing personal data. Users can obtain unrestricted information on the website and its related pages. Gepida Online Kft. informs users that by visiting the website and accepting the Data Controller’s "Cookie Policy" on the website beforehand, they consent to the observation of their user habits, which fall within the broad scope of personal data. The website operator, as the Data Controller, uses the Google Analytics web analytics service to monitor user habits on the website automatically and without limitations and analyzes them for business purposes. Google uses the collected information to evaluate and analyze user habits, compile reports on website activities, and provide other services related to activities on the website and internet usage. Cookies are small data files (text files) placed on the user's computer by the visited website. The purpose of cookies is to facilitate and make the use of a specific internet service more convenient. There are many types of cookies, but they are generally categorized into two major groups. One is the temporary "cookie," which is placed on the user's device only for the duration of a particular session (e.g., during a secure identification process in online banking). The other type is the permanent "cookie" (e.g., a website's language setting), which remains on the computer until the user deletes it. According to the European Commission's guidelines, cookies (except those essential for the use of a given service) can only be placed on a user's device with their consent. When using the Analytics program, the service provider Google transfers the collected information to its servers in the United States, where it is stored. Google does not associate the information generated by cookies with other data and does not perform profiling according to its business policy, meaning it does not process personal data under current data protection regulations. Website visitors can reject the use of cookies by selecting the appropriate settings in their browser. By using the website, visitors consent to the processing of their data in the manner and for the purposes described above. The use of cookies and the associated data collection can only become lawful if the user explicitly activates the "Accept" button.

This website uses cookies. We use cookies to personalize content and ads, provide social media features, and analyze our website traffic. Additionally, we share information about your use of our website with our social media, advertising, and analytics partners, who may combine it with other information you have provided to them or that they have collected from your use of their services.

Cookies are small text files that a website can use to make the user experience more efficient. According to the law, we can store cookies on your device if they are strictly necessary for the operation of our website. For all other types of cookies, we need your permission. This website uses various types of cookies. Some cookies on our website are placed by third-party service providers.

You can modify or withdraw your consent to the Cookie Declaration on our website at any time.

Learn more about who we are, how to contact us, and how we process personal data in our Privacy Policy.

Please include your consent ID and date when contacting us regarding your consent.

Your consent applies to the following domains: gepida.hu

The Cookie Declaration was last updated on: 29 August 2024 by Cookiebot.

Essential (26)

Essential cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.

Name	Provider	Purpose	Maximum Storage Duration	Type
_grecaptcha	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Persistent	Local HTML storage
_GRECAPTCHA	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	180 days	HTTP cookie
1.gif	Cookiebot	Used to count the number of sessions to the website, necessary for optimizing CMP product delivery.	Session	Pixel tracker
CookieConsent	Cookiebot	Stores the user's cookie consent state for the current domain.	1 year	HTTP cookie
iv_map.local_data.letters	gepida.hu	Pending	Persistent	Local HTML storage
iv_map.local_data.points	gepida.hu	Pending	Persistent	Local HTML storage
object(#-#-##:#:#.#)	gepida.hu	Holds the user’s timezone.	Persistent	Local HTML storage
rc::a	Google	This cookie is used to distinguish between humans and bots.	Persistent	Local HTML storage
rc::b	Google	This cookie is used to distinguish between humans and bots.	Session	Local HTML storage
rc::c	Google	This cookie is used to distinguish between humans and bots.	Session	Local HTML storage
rc::f	Google	This cookie is used to distinguish between humans and bots.	Persistent	Local HTML storage
SSESS#	gepida.hu	Pending	24 days	HTTP cookie
t3D	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tADe	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tADu	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tAE	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tC	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
test_cookie	Google	Used to check if the user's browser supports cookies.	1 day	HTTP cookie
tMQ	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tnsApp	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tPL	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
TS#	Cetelem	Ensures website security and fraud detection.	Session	HTTP cookie
tTDe	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tTDu	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tTE	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage
tTf	gepida.hu	Content delivery and presentation, maintaining website state for font, blog sliders, themes, etc.	Persistent	Local HTML storage

Settings (4)

With the use of preference cookies, we can remember information that changes the behavior or appearance of the website, such as your preferred language or the region you are located in.

Name	Provider	Purpose	Maximum Storage Duration	Type
om-country	OptiMonk	This cookie is used to determine the preferred country setting selected by the visitor.	Persistent	Local HTML storage
twk_#	Tawk.to	Pending	Persistent	Local HTML storage
twk_idm_key	Tawk.to	Allows the website to recognize the visitor to optimize the chat-box functionality.	Session	HTTP cookie
twk_uuid_#	Tawk.to	Pending	180 days	HTTP cookie

Statistical (12)

Statistical cookies help the website owner understand how visitors interact with the website by collecting and reporting data in an anonymous form.

Name	Provider	Purpose	Maximum Storage Duration	Type
_ga [x3]	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP cookie
ga# [x3]	Google	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years	HTTP cookie
_gat	Google	Used by Google Analytics to throttle request rate.	1 day	HTTP cookie
_gid	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP cookie
collect	Google	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session	Pixel tracker
previousNav	Tawk.to	Registers statistical data on users' behavior on the website. Used for internal analytics by the website operator.	Session	Local HTML storage
taboola global:last-external-referrer	Taboola	Detects how the user reached the website by registering their last URL-address.	Persistent	Local HTML storage
TawkConnectionTime	Tawk.to	Allows the website to recognize the visitor to optimize the chat-box functionality.	Session	HTTP cookie

Marketing (39)

Marketing cookies are used to track visitors' website activities. The purpose is to display relevant advertisements to individual users and encourage engagement, making our website more valuable for content publishers and third-party advertisers.

Name	Provider	Purpose	Maximum Storage Duration	Type
#-#	YouTube	Used to track user’s interaction with embedded content.	Session	Local HTML storage
#:session-data	Taboola	Tracks individual sessions on the website, allowing the website to compile statistical data from multiple visits and create leads for marketing purposes.	Persistent	Local HTML storage
_fbc	Meta Platforms, Inc.	Used by Facebook to target advertisements based on user behavior and preferences across websites, containing an encrypted ID to identify the user.	3 months	HTTP cookie
_fbp	Meta Platforms, Inc.	Used by Facebook to deliver advertisement products like real-time bidding from third-party advertisers.	3 months	HTTP cookie
_gcl_au [x2]	Google	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.	3 months	HTTP cookie
eng_mt	Taboola	Tracks conversion rates between users and advertisements to optimize ad relevance on the website.	Persistent	Local HTML storage
IDE	Google	Used by Google DoubleClick to register and report user actions after viewing or clicking ads to measure ad efficacy and present targeted ads.	400 days	HTTP cookie
iU5q-!O9@$	YouTube	Registers a unique ID to keep statistics on which YouTube videos the user has watched.	Session	Local HTML storage
LAST_RESULT_ENTRY_KEY	YouTube	Used to track user’s interaction with embedded content.	Session	HTTP cookie
lastExternalReferrer	Meta Platforms, Inc.	Detects how the user reached the website by registering their last URL-address.	Persistent	Local HTML storage
lastExternalReferrerTime	Meta Platforms, Inc.	Detects how the user reached the website by registering their last URL-address.	Persistent	Local HTML storage
LogsDatabaseV2:V#		LogsRequestsStore	YouTube	Used to track user’s interaction with embedded content.
nextId	YouTube	Used to track user’s interaction with embedded content.	Session	HTTP cookie
NID	Google	Pending	6 months	HTTP cookie
optiMonkClientId	OptiMonk	Collects information on viewed products and shopping-cart content to improve conversion rates through targeted ads and promotions.	1 year	HTTP cookie
optiMonkSession	OptiMonk	Implements pop-up advertisements on the website.	Session	HTTP cookie
OptiMonkShopAttributes	OptiMonk	Implements pop-up advertisements on the website.	Persistent	Local HTML storage
OptiMonkVisitorAttributes	OptiMonk	Implements pop-up advertisements on the website.	Persistent	Local HTML storage
pagead/1p-user-list/#	Google	Tracks user interest in specific products or events and navigation between sites, facilitating ad effort measurement and referral-fee payments.	Session	Pixel tracker
receive-cookie-deprecation	Taboola	Collects information on user behavior on multiple websites to optimize advertisement relevance.	1 year	HTTP cookie
remote_sid	YouTube	Necessary for implementing and functioning YouTube video content on the website.	Session	HTTP cookie
requests	YouTube	Used to track user’s interaction with embedded content.	Session	HTTP cookie
t_gid	Taboola	Assigns a specific visitor ID to target users with similar ads or content.	1 year	HTTP cookie
t_pt_gid	Taboola	Collects data on user preferences or interactions with web campaign content for CRM campaign purposes.	1 year	HTTP cookie
taboola global:user-id	Taboola	Sets a unique ID for the visitor, enabling third-party advertisers to target the user with relevant ads.	Persistent	Local HTML storage
taboola_session_id	Taboola	Collects visitor information as an ID string for targeting users with similar preferences.	Session	HTTP cookie
TESTCOOKIESENABLED	YouTube	Used to track user’s interaction with embedded content.	1 day	HTTP cookie
VISITOR_INFO1_LIVE	YouTube	Tries to estimate user bandwidth on pages with integrated YouTube videos.	180 days	HTTP cookie
YSC	YouTube	Registers a unique ID to keep statistics of viewed YouTube videos.	Session	HTTP cookie
yt.innertube::nextId	YouTube	Registers a unique ID to keep statistics of viewed YouTube videos.	Persistent	Local HTML storage
YtIdbMeta#databases	YouTube	Used to track user’s interaction with embedded content.	Persistent	Indexed DB
yt-remote-cast-available	YouTube	Stores user preferences for embedded YouTube video players.	Session	Local HTML storage
yt-remote-cast-installed	YouTube	Stores user preferences for embedded YouTube video players.	Session	Local HTML storage
yt-remote-connected-devices	YouTube	Stores user preferences for embedded YouTube video players.	Persistent	Local HTML storage
yt-remote-device-id	YouTube	Stores user preferences for embedded YouTube video players.	Persistent	Local HTML storage
yt-remote-fast-check-period	YouTube	Stores user preferences for embedded YouTube video players.	Session	Local HTML storage
yt-remote-session-app	YouTube	Stores user preferences for embedded YouTube video players.	Session	Local HTML storage
yt-remote-session-name	YouTube	Stores user preferences for embedded YouTube video players.	Session	Local HTML storage

Unclassified (2)

Unclassified cookies are cookies that are in the process of being classified, along with the individual cookie providers.

Name	Provider	Purpose	Maximum Storage Duration	Type
optiMonkEmbedded109995	OptiMonk	Pending	1 year	HTTP cookie
twk_token_5d710e7feb1a6b0be60b25a8	Tawk.to	Pending	Persistent	Local HTML storage

Error: The domain B2BGEPIDAEXPORT.MYSHOPRENTER.HU is not authorized to show the cookie declaration for domain group ID e48fed48-7ab4-4109-9a2b-b5e0b4f7251f. Please add it to the domain group in the Cookiebot Manager to authorize the domain.

The purpose of processing the data collected in this way is to identify website visitors and make electronic services available to them. The legal basis for data processing is the consent of the data subject.
Scope of processed data: start and end time of the user's visit, and in some cases – depending on the user's computer settings – the type of browser and operating system, other recorded "cookies"; for sections of the website requiring login: name, email address, phone number.
Data storage is carried out electronically, and its retention period is until the purpose of data processing is achieved, but no more than one year without periodic user login.
Names and addresses of service providers performing data processing:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, as the owner of Cookiebot
AMORSA s.r.o., (address: SK-92901 Dunajská Streda, ul. biskupa Kondého 4577/16), as an online agency
Brainsum Kft., (address: 2836 Baj, Bem József u. 27.), as a web content provider

Further information about the types of cookies placed on the website and configuration options is available in the Data Controller’s “Cookie Policy,” which can also be found on the Gepida Online Kft. website.

Visitors to the Company's website at https://gepida.hu can register for the newsletter service. To do so, they must provide their email address explicitly and clearly, which will be stored by the Data Controller. Furthermore, to activate the newsletter, the prospective recipient must review and accept the current Privacy Policy of Gepida Online Kft. Acceptance is completed by checking the designated checkbox. The user must fill out the checkbox, ensuring that the consent is always given explicitly and directly, without implied behavior. The data subject may unsubscribe from the newsletter at any time by using the "Unsubscribe" feature in the newsletter or by submitting a written statement or email to the Company. Unsubscribing also constitutes the withdrawal of their consent to data processing. The Data Controller will promptly delete all data of the unsubscribed individual from the recipient list and its electronic system within a reasonable processing time for the deletion request, provided it is technically feasible (see the section on saved databases). The "Unsubscribe" link is located at the bottom of the newsletter, and its functionality is continuously monitored by the Data Controller. The purpose of processing personal data is to send newsletters about the Company’s products and services, as well as to distribute promotional materials and advertisements to existing and potential customers. The legal basis for data processing is the consent of the data subject. The data subject may withdraw their consent at any time, but such withdrawal does not affect the lawfulness of data processing carried out based on consent before its withdrawal. Gepida Kft. uses the Mailchimp newsletter system and conducts related analytics (e.g., determining which subpages of the website were visited by a user associated with a specific IP address). Personal (corporate contact) data required for sending newsletters is stored in the Mailchimp system, whose servers are located in the United States, operated by various local data centers.

The scope of personal data that may be processed in connection with the newsletter service includes the natural person's name (surname, first name), email address, and the subscription date.
Recipients of the personal data are Gepida Online Kft.'s employees responsible for customer service and marketing activities. Data may be transferred to data processors (the Company’s IT service provider, hosting provider, and newsletter system provider).

Names and addresses of service providers performing data processing:

 The Rocket Science Group, LLC (address: 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA, website: https://mailchimp.com) as the owner of Mailchimp;

 AMORSA s.r.o. (address: SK-92901 Dunajská Streda, ul. biskupa Kondého 4577/16) as an online agency;

 Brainsum Kft. (address: 2836 Baj, Bem Jzsef u. 27.) as a web content provider.

SOCIAL MEDIA GUIDELINES (FACEBOOK, LINKEDIN)

Gepida Online Kft. operates a Facebook page at https://www.facebook.com/GepidaBikes/ and a LinkedIn profile at https://www.linkedin.com/company/gepida-bicycles-olimpia-kerékpár-kft to introduce and promote its products, services, business policies, events, and projects. On the Facebook social media platform, Gepida Online Kft. does not process personal data posted by visitors and cannot assume responsibility for such data, as the platform is used as a free service accessible to anyone. The data controller is the operator of the Facebook website. Consequently, visitors are subject to Facebook's own privacy and service terms, available at https://www.facebook.com/privacy/explanation. Questions or notifications submitted on Gepida Online Kft.'s Facebook page do not qualify as officially filed complaints. Therefore, Gepida Online Kft. explicitly and consistently requests that such communications be made through other channels. In cases of unlawful or offensive content publication, Gepida Online Kft. reserves the right to exclude the individual from the group of members (profile followers) or delete their comment without prior notice. Gepida Online Kft. assumes no responsibility for any content or comments posted by Facebook users that violate legal regulations, as it has no influence over such posts. Upon becoming aware of such content, Gepida Online Kft. will promptly remove it from its Facebook page, provided the technical capability exists.

Gepida Online Kft. is not liable for any errors, malfunctions, or issues arising from changes in the Facebook platform’s operation, such as data loss, data theft, or similar incidents.

JOB APPLICATIONS, RESUMES

For job applications containing personal data, Gepida Online Kft. does not differentiate between the methods of submission: resumes submitted on paper and those sent electronically are treated equally. The purpose of processing the data of applicants is to evaluate the application, organize a multi-stage selection process, fill vacant positions, potentially establish future employment relationships, select a suitable candidate, and conclude an employment contract with the selected individual. The legal basis for data processing in this case is the consent of the applicant to allow their data to be reviewed and recorded. Gepida Online Kft. collects and processes the following personal data—provided voluntarily—in connection with job postings, always adhering to the principles of necessity and proportionality: name, title, date of birth (year is sufficient), home or correspondence address, qualifications, certifications, previous employment details, photo (optional), phone number, email address, and employer notes taken during the job interview. Beyond the above data, any additional personal data voluntarily provided by the applicant without being requested or against explicit employer instructions is treated confidentially by the Data Controller, and any media containing such data is destroyed as soon as possible. The recipients of the personal data are the manager exercising employer rights at Gepida Online Kft., the prospective immediate workplace supervisor, and other employees performing HR-related tasks. Personal data is stored in both paper and electronic formats until the application process concludes and the applications are evaluated. The Data Controller deletes the personal data of applicants not selected for the position from its records. Similarly, the personal data of applicants who withdraw their application before the conclusion of the process is also deleted.

ACCIDENTAL DATA PROVISION AND UNINTENTIONAL DATA DISCLOSURE

Gepida Online Kft. does not primarily aim to process or handle the personal data of individuals. If personal data is acquired without a legal basis as a result of intentional or negligent behavior, omission, error, or for any other reason, the company will destroy the data and, if possible, notify the data subject of the incident. (For example, in cases where an email is received due to incorrect addressing.)

INTERNATIONAL DATA TRANSFER

Gepida Online Kft. transfers data abroad through its chat service, ensuring the protection of personal data in accordance with the rules outlined by the service provider at https://molin.ai/terms-privacy?utm_source=chatgpt.com.

DATA TRANSFER TO BICYCLE SHOPS

By using the service, the user explicitly consents to the Data Controller transferring the necessary data to its contractual partners to enable the delivery of the selected products to the customers. (The list and contact information of contractual partners are available at https://www.molin.ai).

 Purpose of data processing: To provide the service.

 Legal basis for data processing: Consent-based data processing.

 Scope of data subjects: The service provider's commercial partners.

 Duration of data processing: Data processing is conducted based on legal requirements or until consent is withdrawn. Consent for data processing can be withdrawn at any time by sending an email to the provided contact address.

 Data deletion: Data will be deleted upon withdrawal of consent. Consent for data processing can be withdrawn at any time by sending an email to the provided contact address. Billing data deletion is performed in accordance with legal requirements.

 Authorized data recipients: The Data Controller and its employees, data processors, and partners.

 Data storage method: Electronic.

 Modification or deletion of data: Can be requested via email, phone, or letter using the contact information provided above.

Scope of Processed Data	Specific Purpose of Data Processing
Name	Identification, contact, invoicing
Company Name	Identification, contact, invoicing
Address	Identification, contact, invoicing
Email	Identification, contact
Phone	Identification, contact
Tax Number / Tax Identifier	Customer identification, invoicing

The user can provide their consent for data processing by intentionally checking the empty checkbox provided explicitly for this purpose on the website.
The data subject has the right to object to the processing of their personal data. In this regard, they are entitled to the data processing information detailed above, as well as the procedures outlined in this notice and the applicable laws referenced herein.

DATA STORAGE METHOD AND DATA PROCESSING SECURITY

Gepida Online Kft., as a responsible Data Controller, has implemented the necessary technical and organizational measures and established procedural rules to ensure the security of personal data processed for any purpose and legal basis, in compliance with the provisions of the GDPR and the Hungarian Info Act.

Gepida Online Kft. protects personal data in its possession with appropriate measures against accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure, or unauthorized access, as well as against unavailability caused by changes in the applied technology. The same level of care is required from natural or legal persons processing the data, with obligations formalized in contracts.

Gepida Online Kft.'s IT systems and other data storage locations are hosted on the servers of Shoprenter Kft. (address: 4028 Debrecen, Kassai út 129.), which acts as a web content provider.

Gepida Online Kft. selects and operates the IT tools and processes used for handling and processing personal data to ensure that the data:

is accessible only to authorized individuals;
its authenticity and verification are ensured;
its integrity is guaranteed;
is protected against unauthorized access.

The Data Controller protects the IT systems it uses to process personal data with firewalls and antivirus software. Taking into account the current state of technology, it ensures the security of data processing through technical, organizational, and structural measures that provide a level of protection appropriate to the risks associated with data processing. The components of Gepida Online Kft.'s IT system, configurations, IT equipment manufacturers, software details, security settings, and firewall types constitute business secrets and are considered confidential information. For this reason, their specific details cannot be disclosed in this Privacy Policy. In the case of a justified and reviewed request or related legal dispute, Gepida Online Kft. will provide the relevant information to the data subject or an official body. Gepida Online Kft. explicitly informs its customers and other data subjects that electronic messages transmitted via the internet—regardless of protocol (email, web, FTP, etc.)—are vulnerable to network threats that may lead to unfair activities, disputes over agreements, or the disclosure or alteration of information. The company takes all reasonable precautions to mitigate such threats. To protect personal data, Gepida Online Kft. ensures the monitoring of incoming and outgoing electronic communications (emails), as well as spam filtering. Access to personal data is restricted within the organization by assigning specific authorization levels and establishing rights to access and use data based on job roles. For instance, documents being processed during daily work are accessible only to authorized personnel. Personal data processed by Gepida Online Kft. is primarily accessible to authorized internal employees. The company does not share this data with third parties except based on a legitimate interest (e.g., debt management), legal obligations, or with the explicit prior consent of the user/data subject. Beyond physical and IT protection, the human factor is also critical. Employee awareness is cultivated and maintained through careful selection, training, information sharing, supervision, and regular updates on best practices—all in the interest of data protection. Backup Databases: Maintaining backup copies of electronic databases is both a legal obligation and a legitimate interest. It is essential for fulfilling obligations towards third parties and for restoring old data in the event of damage or data loss. Data cannot be deleted from backups, only from the active database. Access to backups is restricted to the system administrator, who may only use them for restoration purposes in case of system failure.

RIGHTS OF THE DATA SUBJECT AND THE EXERCISE OF RIGHTS

A data subject entering into a data processing relationship with Gepida Online Kft. has the right to:

 receive confirmation from the Data Controller as to whether their personal data is being processed, and if so, access their personal data and the following information;

 request that the Data Controller rectify inaccurate personal data concerning them without undue delay; considering the purposes of data processing, the data subject may also have the right to request the completion of incomplete personal data, including by means of a supplementary statement;

 request that the Data Controller erase their personal data without undue delay, and the Data Controller is obliged to erase the personal data without undue delay under certain conditions;

 request that the Data Controller restrict the processing of their data if one of the following conditions is met:

the data subject contests the accuracy of the personal data, in which case the restriction applies for a period that allows the Data Controller to verify the accuracy of the data;
the processing is unlawful, and the data subject opposes the erasure of the data and instead requests the restriction of their use;
the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims; or
the data subject has objected to processing; in this case, the restriction applies until it is determined whether the Data Controller's legitimate reasons override those of the data subject.

 receive the personal data concerning them, which they have provided to a Data Controller, in a structured, commonly used, and machine-readable format (e.g., WORD, PDF, EXCEL, etc.), and have the right to request the direct transfer of these personal data to another Data Controller, if technically feasible;

 object at any time to the processing of personal data concerning them for direct marketing purposes, including profiling to the extent that it is related to direct marketing.

The Data Controller informs all recipients to whom personal data have been disclosed of any rectification, erasure, or restriction of processing unless this proves impossible or requires disproportionate effort. Upon request, the Data Controller shall provide the data subject with information about these recipients. The data subject, in cases of consent-based data processing, may withdraw their previous consent at any time. However, this withdrawal does not affect the lawfulness of data processing carried out before the withdrawal based on the consent given. If the data subject objects to the processing of personal data for direct marketing purposes, these personal data can no longer be processed for this purpose. For requests regarding the provision of information, deletion, or rectification of personal data, the Data Controller has 30 days to respond. If the Data Controller does not fulfill such a request, it must provide the reasons for refusal in writing within 30 days. The company strives—through the establishment of physical and personnel resources—to fully comply with the deletion requests justified by the data subject. However, the data subject should note that even after the withdrawal of consent (or the termination of another legal basis), the company may retain data required for fulfilling legal obligations or asserting its legitimate interests. This retention depends on individual consideration and the feasibility of implementation. For example:

 Legal obligations include compliance with financial audits, which require payment data stored in the database.

 Legitimate interest may involve maintaining the integrity of the database. For technical reasons (due to the structure of the databases), it may not be possible to delete data that is closely tied to other data (e.g., foreign keys).

 Legal obligation and legitimate interest, as well as obligations to third parties, include retaining backup copies to ensure the database can be restored in case of damage. Data cannot be deleted from backup copies, only from the live database. Backup copies are accessible only to the system administrator and may only be used for restoration in case of a system failure.

 Legitimate interest may also include the extraction of statistical data from the database.

If the data subject disagrees with the circumstances of data processing (including its legal basis, purpose, method, etc.) or with any potential refusal, they may submit a complaint to the supervisory authority (see below). In the event of a data protection incident within the Gepida Online Kft. system that is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject about the data protection incident without undue delay.

INCIDENT MANAGEMENT

A data protection incident refers to a breach of the integrity and confidentiality of personal data. Such risky or harmful situations pose a threat to the Data Controller, just as they do to any other data owner. Gepida Online Kft. strives to minimize risks that may affect customer data. Gepida Online Kft. respectfully requests that if data subjects detect a data protection incident or an event suggesting such an incident related to the Data Controller’s operations, involving their own or others' personal data, they notify the company's management without delay.

Channels for reporting data protection incidents:

 Company's central email address: support@gepida.hu

 Company's central phone number: +36 (1) 400 6065

In the event of a data protection incident, the Managing Director of Gepida Online Kft. identifies and isolates the affected systems, individuals, and data. The next step involves collecting and preserving evidence supporting the occurrence of the incident. Following this, efforts are directed toward damage remediation and restoring lawful operations. Gepida Online Kft. maintains a record of data protection incidents. The data protection incident is reported to the supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of it, unless the incident is unlikely to pose a risk to the rights and freedoms of natural persons. Where required by law, the data subject is also clearly and comprehensibly informed about the nature of the incident, any potential harm, and the measures taken to address it.

THE DATA PROTECTION AUTHORITY

The data subject may contact the National Authority for Data Protection and Freedom of Information with any complaints: Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Mailing address: 1530 Budapest, Pf.: 5. Phone: +36 1 391 1400, Fax: +36 1 391 1410, Email: ugyfelszolgalat@naih.hu, Website: http://www.naih.hu

OTHER INFORMATION

If you have any comments, questions, or objections regarding the data processing of Gepida Online Kft. or the use of any of our services, the management of the company kindly requests that you contact a representative of Gepida Online Kft. through any of the contact details available on the website https://www.gepida.hu/. For legal compliance and customer satisfaction, Gepida Online Kft. appreciates any substantive feedback regarding data processing. The Data Protection Officer (contact person for our clients, data subjects, and authorities): György Berkes, email: recepcio@gepida.hu, phone: +36 1 402 0084.

Dear Interested Party! For data processing activities not listed in this Privacy Policy, Gepida Online Kft. provides information to the data subject at the time the data is collected—upon the establishment of the legal relationship forming the basis of the data processing—for example, in the case of processing the data of contractual partners, contact persons, or employees. Gepida Online Kft. does not always verify the personal data it receives or collects. Therefore, the responsibility for the appropriateness and accuracy of the provided personal data lies with the individual who supplies the data. By providing their email address, the data subject assumes responsibility for ensuring that only they use the provided email address to access services. If Gepida Online Kft. plans to share the personal data it lawfully possesses with recipients other than those listed in this Privacy Policy, the company will inform the data subject about the fact, legal basis, recipient's name, and other essential details of the data processing or transfer no later than the first disclosure or transfer of the personal data. Administrative bodies, investigative authorities, the National Authority for Data Protection and Freedom of Information, or other organizations authorized by law may contact Gepida Online Kft. to request information, disclose data, transfer data, or provide documents. In such cases, the company's employees act in compliance with applicable legal regulations. As the Data Controller, Gepida Online Kft. reserves the right to unilaterally modify the content of this Privacy Policy and its mandatory provisions, with simultaneous notification to the data subjects. This is particularly necessary if the range of services expands, the technical system changes, or the law requires such modifications. However, such changes cannot lead to the processing of personal data for purposes other than the original intent.

Dear Interested Party, If you did not find the necessary information regarding the data processing or data handling affecting you in this Privacy Policy, please do not hesitate to contact Gepida Online Kft. with confidence!

Budapest, 22 September 2020.

Sincerely,

György Berkes
Managing Director
Gepida Online Kft.

Privacy Policy

INTRODUCTION

COMPANY INFORMATION

DEFINITIONS

USER SCOPE

PRINCIPLES OF DATA PROCESSING

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

WEBSITE REGISTRATION

REGISTRATION FOR THE LIFETIME WARRANTY PROGRAM

REGISTRATION WITHOUT PURCHASE IN THE ONLINE STORE

REGISTRATION DURING PURCHASE

PURCHASE WITHOUT REGISTRATION

DATA PROCESSING BASED ON THE DATA SUBJECT'S CONSENT
(VOLUNTARY DATA PROVISION)

SOCIAL MEDIA PLATFORMS

GOOGLE ANALYTICS

GOOGLE PRIVACY IN DETAIL

NEWSLETTER

SOCIAL MEDIA GUIDELINES (FACEBOOK, LINKEDIN)

JOB APPLICATIONS, RESUMES

ACCIDENTAL DATA PROVISION AND UNINTENTIONAL DATA DISCLOSURE

INTERNATIONAL DATA TRANSFER

Contact Information

Information

Privacy Policy

INTRODUCTION

COMPANY INFORMATION

DEFINITIONS

USER SCOPE

PRINCIPLES OF DATA PROCESSING

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

WEBSITE REGISTRATION

REGISTRATION FOR THE LIFETIME WARRANTY PROGRAM

REGISTRATION WITHOUT PURCHASE IN THE ONLINE STORE

REGISTRATION DURING PURCHASE

PURCHASE WITHOUT REGISTRATION

DATA PROCESSING BASED ON THE DATA SUBJECT'S CONSENT (VOLUNTARY DATA PROVISION)

SOCIAL MEDIA PLATFORMS

GOOGLE ANALYTICS

GOOGLE PRIVACY IN DETAIL

NEWSLETTER

SOCIAL MEDIA GUIDELINES (FACEBOOK, LINKEDIN)

JOB APPLICATIONS, RESUMES

ACCIDENTAL DATA PROVISION AND UNINTENTIONAL DATA DISCLOSURE

INTERNATIONAL DATA TRANSFER

DATA PROCESSING BASED ON THE DATA SUBJECT'S CONSENT
(VOLUNTARY DATA PROVISION)