Data protection information

1. What is the purpose of this privacy notice?

We, at Adalékfrei Ltd., have prepared this notice for you to summarise what we do with your personal data in the course of the services we provide. Before you use our services, we want you to know and understand exactly what happens to the data you entrust to us and what choices and rights you have in relation to it.

We do this not only because we are bound by Regulation (EU) 2016/679 of the European Parliament and of the Council on General Data Protection (hereinafter "GDPR") and Act CXII of 2011 on Freedom of Information (hereinafter "the Freedom of Information Act"), but also because we genuinely believe that it is good for both of us if you are informed and able to make a decision. This notice applies to all areas of the activities of Adalékmentesen Ltd, including the processing of data through https://woocommerce-1035327-3670311.cloudwaysapps.com and all its sub-sites. Please read this information and if you have any questions, please do not hesitate to contact us.

2. Who are we?

The Additive Free Ltd. operates a website and webshop at https://woocommerce-1035327-3670311.cloudwaysapps.com, where you can find all the necessary information about our additive free products and order them for your own use or for resale.

They guide us in our data management:

  • We take just as much care of your data as if it were our own
  • We provide full transparency about how we handle your data. We want you to know and understand what is happening with your data.
  • Your data will only be shared with our contractual partners whose cooperation is necessary to fulfil your orders.
  • We will not disclose your data to unauthorised persons, unless you or the law expressly permits or requires us to do so.
  • We want both of us to be satisfied: you get the service you want and we use your data fairly to do just that, and we are able to deliver that service to you in a way that is commercially effective and successful.

We are the controller of your personal data. This means that we determine the purposes and means of the processing of your personal data on the basis of and for the purposes described above.

3. Who do we process your data for?

For anyone who uses our service described in point 2, i.e:

  • who signs up to our newsletter service
  • who creates a password-protected account in our webshop during the purchase, to make it easier to place orders and view your previous orders
  • who places an order in the online shop without creating an account.

This information therefore applies to both registered and non-registered customers.

We do not intend to collect or record personal data from persons under the age of 14. If a legal guardian (parent or guardian) of a child under the age of 14 becomes aware that his or her child has provided data to Adalékmentesen Kft., he or she may report the deletion of such data to the addresses listed in section 11 of these terms of use. In this case, the child's data will be immediately deleted from the register.

4. For what purposes and on what legal basis do we process your personal data?

What is the purpose?

It means the specific activity or result that we use your personal data to achieve in the course of our services.

What is the legal basis?

The legal basis means the basis on which we are permitted by data protection law to process your data for this purpose.

In general, we process your data so that you can use our services described in section 2 and we can provide them to you. This is too general, we will summarise for you exactly what specific purposes and legal bases we work on within this.

If your data is necessary for the contract and the provision of a specific service within it, you cannot use that specific service without that data.

For example: if you would like to receive the latest news and promotions about our company and products, you should subscribe to our newsletter. To do this, you need your email address and first name - without these you cannot subscribe to our newsletter.

If the processing is based on law, i.e. it is necessary for the performance of a legal obligation and you do not provide it to us, you will also not be able to use our service. For example: we have to issue an invoice for your order, which we cannot do without the necessary data, so you cannot place an order.

It is important for you to know that we may process some of your data for several purposes and legal bases, for example: your email address is processed for the purpose of subscribing to our newsletter, to provide you with information about the status of your order, but also for the purpose of handling customer complaints and providing you with personalised advertising. So, you may have already received your order, you may have unsubscribed from the newsletter, but we still process some of your data because it is needed for other purposes.

4.1. to improve and personalise our website and the services we provide, to develop new products, to improve and personalise the user experience:

What is the goal?

We develop our services and products to meet our customers' and the market's expectations and to remain competitive, and we also try to tailor them to meet your personal expectations, interests and preferences. This applies to all the channels you use to reach us: website, social media, customer service.

What is our legal basis?

Legitimate interest under point 6.b).

What are the data circuits we use for this?

The data you provide to us directly:

  • The data you provide during registration, ordering or later for contact purposes (e.g. name, e-mail, address, shipping address, billing address, phone number)
  • Technical data

The data that is generated when using the Barion system:

  • Transaction data (e.g. payment transaction ID, date, content)

4.2. To provide you with personalised advertising tailored to your interests

What is the goal?

We will show you personalised ads that match your interests on the appropriate platforms (e.g. facebook, google display network, etc.) We do this so that you see ads that interest you or that you are looking for, so we want to make it easy for you to find the content that is relevant to you.

What is our legal basis?

Legitimate interest under point 6.f).

What are the data circuits we use for this?

The data you provide to us directly:

  • The information you provide during registration or later for identification and contact purposes (e.g. e-mail address)
  • Products and services ordered
  • Technical data

4.3. For invoicing, accounting purposes

What is the goal?

Under the accounting, tax and other laws that apply to us, we are required to invoice you for the products and services you order, to keep records of the invoices and receipts we receive and issue, and to comply with the accounting rules. The invoices and supporting documents on which the accounting is based may contain personal data.

What is our legal basis?

Our legal obligations

What are the data circuits we use for this?

The data you provide to us directly:

  • E-mail address, billing details

Payment by credit card, when using a Barion wallet:

  • transaction ID, date

4.4. For customer complaint handling

What is the goal?

As a webshop we are obliged to comply with the legal customer complaint handling rules. It is also in our interest that if you have a complaint, we can deal with it as efficiently as possible and in a way that is satisfactory to you. You can do this by e-mail, by telephone or in person.

What is our legal basis?

Our legal obligations

What are the data circuits we use for this?

The data you provide us directly in your complaint:

  • Your e-mail address and other personal identification details, if you provide them
  • The information you have provided in your complaint and which is necessary for the investigation of your complaint

4.5. Production of statistics

What is the goal?

Provide statistics on the use of our website and services.

What is our legal basis?

Legitimate interest under point 6.d).

What are the data circuits we use for this?

The data you provide to us directly:

  • The data you provide during registration, ordering or later for identification and contact purposes (e.g. e-mail, password, address, phone number)
  • Technical data

4.6. To enforce our rights and claims

What is the goal?

Some claims (e.g. damages) can be pursued for a limited period of time, even in court, even after the contract has ended. This is now 5 years in Hungary. So, once your contract has ended, you or we may want to claim under it. This could be, for example, if you have a claim for damages because we have messed up an order and you didn't get what you ordered or didn't get it where you wanted. We can only investigate this or prove otherwise if the information is available.

What is our legal basis?

Legitimate interest under point 6(a).

What are the data circuits we use for this?

The data you provide to us directly:

  • E-mail address, order and billing details
  • Technical data

Payment by credit card, when using a Barion wallet:

  • transaction ID, date

4.7. For direct marketing and newsletter purposes:

What is the goal?

Whether it is to promote products and services provided by our company or to promote products and services provided by third parties, we will contact you directly - including with personalised offers - by email, post or telephone. We will send you a newsletter for the same purpose. We will only do this if you have given your consent.

What is our legal basis?

Your contribution.

What are the data circuits we use for this?

The data you provide to us directly:

  • The information you provide during registration or later to identify and contact you (e.g. email, password, address, phone number)

4.8. Establishing and maintaining a relationship with the counterparty:

What is the goal?

To present and promote our products and services to potential reseller partners. To this end, we will contact you directly - even with tailor-made offers - by e-mail, post or telephone. For the same purpose, we will send you a reseller newsletter. We will only do this if you have given your consent.

What is our legal basis?

Your contribution.

What are the data circuits we use for this?

The data you provide to us directly:

  • The information you provide during the reseller registration process or later for identification and contact purposes (e.g. email, password, billing address, phone number, contact person's job title, store name and address, company website address, tax number)

4.9. Career database:

What is the goal?

Communicating with candidates when applying for positions advertised by our company, participating in the selection process. If selected, creating a contract.

What is our legal basis?

Your consent, if selected - our legal obligation

What are the data circuits we use for this?

The data you provide to us directly:

  • The information you provide during the application process or later for identification and contact purposes (e.g. e-mail, password, address, serial number of identification documents, telephone number)

5. What is a legitimate interest?

In the previous point, legitimate interest was mentioned several times. When we process data on the basis of legitimate interest, we have the following interests in mind:

  1. Enforcement of our rights and claims: any claims arising from a breach of contract will expire after 5 years, which means that a legal claim may be brought against us or by us within 5 years of the termination of the contract between us. Therefore, the retention of the data processed for the purposes of the contract for the provision and performance of the service is necessary for the purpose of pursuing such claims or for the legitimate defence against such claims for a period of 5 years after the termination of the contract between us.
  2. Improving and personalising our services, developing new products, improving and personalising the user experience: improving and personalising our services and the user experience is essential to maintain quality services, retain customers and attract new customers.
  3. Recording of customers who withdraw consent or object to processing: in order to comply with your request not to be contacted for processing activities (e.g. direct marketing, personalised advertising) that you have opted out of, we need to keep a record of this.
  4. Statistics: improving our services and the user experience is essential to maintain quality services, retain customers and attract new customers. This requires us to produce statistics on the use of our website and products.

When we claim a legitimate interest in processing your data, you have the right to object to our processing. However, if we can show that the above reasons for processing are compelling reasons that override your interests or rights, or are related to the establishment, exercise or defence of legal claims, we may continue processing. In our view, cases (a) to (d) above fall within this scope.

  1. For direct marketing and newsletters: our aim is for you to learn about and use the services and products we provide in a way that is good and useful for you. In this way we both benefit, you get the service that works for you, and we can operate effectively and provide some of our services to you and our other customers at low or no cost.
  2. Providing personalised ads that match your interests: we show you personalised ads that match your interests. This ensures that our advertising can be commercially effective and that we can offer you and our clients our other services at low or no cost. In these cases, you also have the right to object to the processing of your data and we will no longer process your data for this purpose. We may still display advertisements on social media or other third party websites, just not personalised to your interests.

6. How long do we keep your data?

We will process your personal data only for the purposes and for the time necessary to achieve the above purposes. After that, we will securely delete it.

What is the time needed?

The duration depends on the purpose and legal basis for which we process your data.

In general, we process your data for the purpose of providing our service, so we will process the data entrusted to us until we do so, at the latest until the termination of our contract.

We may only derogate from this if we need to process your data for other purposes. These are some of the cases listed in point 4:

  • We have a legal obligation: we do what the law says:

Invoicing, accounting - for 8 years after contract termination

Customer complaint handling - 5 years

  • We process on the basis of legitimate interest: we will process your data for as long as we have a legitimate interest and the purpose of the processing is fulfilled. If you successfully object to the processing, we will continue to process your personal data until you object. You can find more detailed information on this in section 5.
  • We will treat it on the basis of your consent:

You have the right to withdraw your consent at any time. If you withdraw your consent, we will delete your data.

7. Who can know your personal data?

Our staff are trained to the extent necessary to meet customer needs and legal requirements.

We will only pass on the data you entrust to us to someone else if:

  • you have contributed to
  • necessary for the performance of the contract or in our legitimate interest
  • we are legally obliged to do so.

Our data processors

Our data processors are our contracted partners who work with them to provide our services. This means that they act on our behalf, following our decisions, and we remain responsible for the processing. They cannot use your data on their own, and if our contract with them is terminated, they are obliged to ensure that the data is deleted. In all such cases, we will ensure that the relevant data processor has put in place appropriate technical and organisational measures to safeguard the security of the data.

Our data processing partners:

  • E-mail communication: Sendinblue (7 Rue de Madrid, 75008 Paris)
  • Server provider: Cloudways Ltd. (WC5G+M7 Mosta, Malta)
  • Accounting: Aurum Informatic Technology Kft. (2162 Őrbottyán, Rákóczi Ferenc utca 272.)
  • Online advertising, analysis by Facebook Inc. (Palo Alto, California, USA)
  • Online advertising, analysis by Google LLC

Information on data transfers abroad:

Google LLC and its affiliates and Facebook Inc. are included in the European Commission's Article 45 GDPR Compliance Decision and Commission Implementing Decision 2016/1260 and the US-EU Privacy Shield List established on the basis thereof, meaning that transfers to them do not constitute transfers to third countries outside the European Union and do not require the consent of the data subjects and are permitted under Article 45 GDPR. These companies have undertaken to comply with the GDPR.

To whom do we transfer your personal data?

In addition to the above processors, we transfer your personal data to the following recipients on the basis of contracts with them:

  • Delivery, transport: Hungarian Posta Zrt. (1138 Budapest, Dunavirág u. 2-6)
  • Online payment platform: Barion Payment Zrt. (1117 Budapest, Infopark sétány 1.)
  • Invoicing software: Számlázz.hu - KBOSS.hu Kft.(1031 Budapest, Záhony utca 7.)

The above recipients of the transfer are considered as independent controllers in respect of the data transferred to them.

Other partners who can access the data:

In order for them to do their job, they may need to be provided with personal data or may learn about it in the course of their work, but they are not our data processors.

  • Online marketing: Lencsés-Tóth Dávid EV (1157 Budapest, Zsókavár utca 2.)
  • Website development: HOV-9 Kft. (2310 Szigetszentmiklós, Kéktó köz 9/B.), PixlandMedia Kft. (2049 Diósd, Diófasor utca 111 A)

8. What information does our site collect about you automatically?

What tools and data do we collect about you automatically?

When you visit our website and use our services, we place small programs called cookies in your browser and HTML-based emails in accordance with this privacy policy.

In general, a cookie is a small file consisting of letters and numbers that is sent to the User's device from our server. The cookie allows us to recognize when the User last logged on to the website, the main purpose of the cookie is to allow the User to receive personalized offers, advertisements, which personalize the User's experience when using the website and express the User's personal needs.

Cookies can be used for many useful purposes.

  • Security: promoting and enabling security
  • Preferences, features and services: cookies can tell you what your communication preferences are, help you fill in forms on the website, making it easier for you to do so.
  • Advertising: cookies may be used to show the User relevant advertisements on and off the Website. Cookies may also be used to show whether Users who have seen an advertisement on the website will subsequently visit the advertiser's website.
  • Performance, analytics and research: cookies like this help us to understand how the website is performing in different places. We may also use cookies that evaluate, improve, research the website, products, features, services, including when a User accesses the website from other websites or devices such as the User's computer or mobile device.

In the context of the use of cookies, we consider Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Data Protection Directive"), Article 29. which is an independent European advisory body on data protection and privacy issues, whose opinion on EU law is the basis for the interpretation of national legislation in all Member States, on the exemption from consent to cookies (hereinafter 'Opinion 2012/4', http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2012/wp194_hu.pdf).

On the basis of the grouping in Opinion 2012/4, it is not necessary to obtain consent for the following types of cookies, but only to inform the User of their use.

8.1. Types of cookies we use based on the above

  1. Cookies necessary for the functioning of the site (Basic cookies):
  • user-input cookies: these are session cookies based on a session identifier (a random temporary identification number) which expire at the latest at the end of the session when you exit the browser. They provide user input, i.e. they are linked to the user's activity when exchanging messages with the service provider (e.g. to fill in a form or click on a button).
  • social content sharing cookies: allow social network users to share content they like with their friends. These cookies are deleted when the user "logs out" of the social networking platform or closes the browser.
  1. Cookies for "convenience services" (Functional cookies):

Cookies with such purposes are not considered "strictly necessary" to provide the services explicitly requested by the user and therefore require specific consent for their use.

  • Social content sharing tracking cookies: where members of social networks have opted-in to "tracking" in the social network setting, for example to display behavioural advertising.
  • Proprietary traffic analysers: traffic analysers are statistical tools that measure the number of visits to a website, using cookies. These tools estimate the number of unique visitors, identify the most frequently used keywords on search engines that lead to a particular website, and track certain web navigation issues. They are used solely for their own aggregate statistics purposes, to serve visitor needs more quickly and accurately.
  1. Performance cookies (Performance cookies):

Analytics cookie management (Google Analytics): this website uses Google Analytics, an analytics service provided by Google Inc. ("Google"). Google Analytics ("GA") uses "cookies" (see above), text files stored on users' computers, to analyse user interactions on the website, i.e. these cookies collect information about the use of the website, e.g. The GA service does not collect any personal data, does not store your name or address, and the data collected cannot be used to identify you. These cookies cannot - and are not intended to - specifically identify visitors (the IP address you are using is only partially recorded). The information stored in the "cookies" about your use of the website is transferred to and stored on Google's servers in the USA.

The above information is processed by Google on behalf of the operator of the websites in order to evaluate users' browsing habits, compile reports on website usage patterns and provide other services related to website usage. However, you may at any time choose to disable cookies that monitor anonymous browsing activity within the website for analytical purposes.

The storage of cookies can be prevented by setting your browser software accordingly. Click on the link for more information on how to disable cookies: http://www.google.com/analytics/learn/privacy.html

Visitors who do not want GA to report on their activities on this website may install GA's browser add-on to block their activities. This add-on instructs GA not to send visit information to Google. If you wish to block GA's web activity, please visit the Google Analytics blocking page and install the add-on to your browser. For more information on installing and uninstalling the extension, please refer to the help for your browser.

Please make sure that the disabling browser extension only runs directly on the browser and computer used to download it, do not deactivate or delete the disabling extension after downloading, otherwise your browser will restore itself and GA will be functional again. Data collection can also be prevented via Google Analytics. In this case, an "Opt-Out-Cookie" will be placed on your computer to prevent future collection of visit information.

  1. "Remarketing" cookies (advertising cookies):

To increase the number of visitors, Google uses AdWords and Facebook Pixel advertising services (so-called remarketing cookies). These are used to display targeted ads to visitors to the site. Google AdWords is Google's click-based advertising system, which displays personalised ads to internet users based on their search and browsing habits. The Facebook Pixel service requires a cookie to be set on users' devices. You can control and set this Facebook and Google data processing activity in your Facebook and Google account.

These cookies do not link the data to an individual. Advertisements are displayed by advertisers depending on your browsing habits.

8.2. Control and management of cookies

Most browsers allow Users to control the use of cookies through their settings. However, if the User restricts the website's use of the cookie, this may degrade the user experience as it is no longer personalised to the user. In addition, the User may also choose to stop saving personalized settings, such as login information.

If the User does not wish to receive cookies, the User may change the browser settings on his/her computer. If the User uses the website without changing the browser settings, the User will be deemed to have consented to the sending of any cookies on the website. The Website will not function properly without cookies.

For more information about cookies, including the types of cookies, how to manage them and how to delete them, visit www.allaboutcookies.org or www.aboutcookies.org.

Users can also control and enable cookies at the following links: https://www.aboutads.info/choices and https://www.youronlinechoices.eu.

You can also block cookies from other third party service providers at http://www.networkadvertising.org/choices/.

Browser settings:

  • Internet Explorer Tools > Internet Options > Privacy > Websites
  • Mozilla Firefox Tools > Options > Privacy
  • Safari Changes > Settings > Privacy
  • Google Chrome: Preferences > Show advanced settings... > Privacy > Content setting...Preferences area > Advanced > Cookie

9. Data security

We will ensure the security of personal data and will also take the technical and organisational measures and establish the procedural rules necessary to enforce the Infotv. and other data and confidentiality protection rules.

In particular, we protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction and against accidental destruction or accidental damage.

When transmitting data on our website, we use the so-called SSL (Secure Socket Layer) security technology, which provides encrypted data transmission and a high level of data security.

10. What rights do you have and what decisions can you make?

You have several data protection rights to know what happens to your data and to control it.

Right of access to data processing:

You can contact us at any time to request information about how we process your personal data, in particular about the scope, purpose, duration, source and with whom we share it, and your data protection rights. Requesting information is free of charge.

The right to rectify the data:

If the information we hold about you is incorrect, you can ask us to correct it.

The right to erasure:

You can ask us to delete your data if

  • the purpose of the processing has ceased
  • we have processed the data on the basis of your consent and you have withdrawn it and we have no other legal basis for processing the data
  • we have processed your data on the basis of legitimate interest and you have successfully objected
  • the processing is unlawful
  • cancellation is required by law
  • linked to the provision of an internet service for children
  • ordered by a court or the National Authority for Data Protection and Freedom of Information

Right to restriction of processing:

You can ask us to restrict processing if.

  • you dispute the accuracy of the data
  • the processing is unlawful but you oppose its erasure
  • the purpose of the processing has ceased, but you need it to assert or defend your legal claims
  • you have objected to the processing and while we are deciding whether our legitimate interests prevail

Right to withdraw consent:

If the processing was based on your consent, you can withdraw your consent at any time. Processing that took place before the withdrawal remains lawful, as your consent was still valid at that time. As we said before, we may process the same data for several purposes and on several grounds at the same time. If you withdraw your consent, we will no longer process it for the purposes for which you gave your consent. However, we may still continue to process it for other purposes (e.g. to comply with our legal obligations or for our legitimate interests).

Right to object:

When we claim a legitimate interest in processing your data, you have the right to object to our processing. However, if we can show that our reasons for processing are compelling reasons that override your interests or rights, or are related to the establishment, exercise or defence of legal claims, we may continue processing.

Right to data portability:

If we are processing your data because you have given your consent or because we need to process it for the performance of our contract and we use automated processing, you can request that we provide you with the data we process. We cannot prevent you from transferring this data to another controller. In fact, if you request it, we will transfer it to them ourselves. If you want to know more about your data protection rights, the detailed rules are set out in Articles 15 to 21 of the GDPR.

11. How can you reach us?

Official contact details:

Registered office: 3000 Hatvan Hrsz. 759/9 (Mészáros Lázár út)
E-mail address: ugyfelszolgalat@adalekmentesen.hu
Registering Court of Registration: the Commercial Court of the Metropolitan Court of Budapest
Company registration number: Cg. 01-09-306612
Tax number: 26186304-2-10
Community Tax Number: HU26186304
Represented individually by: Éva Annamária Kertész, Gábor Tóth, Managing Directors

If you have any questions, concerns or complaints about our processing of your data or our privacy notice, please contact us.

12. Where can you go with a complaint?

First, contact us using the contact details in section 11. We will do our best to reply to your request as quickly as possible, but within 1 month at the latest. If necessary, we may extend the response time by 2 months.

If you have made a complaint and you are not satisfied with our response or your request has been rejected, or you feel that your data protection rights have otherwise been infringed, you can take your complaint or request to:

  • Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu)
  • The court of your domicile or residence