Privacy Policy – s-o-r-d-e-o.com

Introduction

Sordeo Group Kft. (hereinafter referred to as: Service Provider, Data Controller) adheres to the following notice.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.

This privacy notice regulates the processing of data for the following website: https://s-o-r-d-e-o.com

The privacy notice is available at: https://s-o-r-d-e-o.com Any amendments to this notice shall take effect upon publication at the above address.

Data Controller and Contact Details:
Name: Sordeo Group Kft.
Registered office: 1123 Budapest, Győri út 2. B. building 2./10.
Email: tomitrunk@dablty.hu
Phone: +36 30 9645970

Definitions

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles relating to processing of personal data

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject; collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; adequate, relevant and limited to what is necessary in relation to the purposes; accurate and, where necessary, kept up to date; kept in a form which permits identification of data subjects for no longer than necessary; processed in a manner that ensures appropriate security.

The controller shall be responsible for, and be able to demonstrate compliance with, these principles.

Processing related to webshop operation

This section contains the purposes of processing, categories of personal data, data retention periods, recipients, and legal bases in relation to user registration, order processing, invoicing, delivery, and related customer service functions. Data subjects include all individuals who register on or purchase from the webshop. Retention periods comply with the Accounting Act (8 years for invoices) and GDPR requirements.

Processors

Delivery: Magyar Posta (3512 Miskolc, Customer Service Directorate) – processes name, address, phone number, and email for the purpose of delivery until completion.

Hosting: Schreiter Solutions Kft. (2473 Vál, 0161/18) – processes all personal data provided via the website for hosting purposes until contract termination or deletion request.

Cookie Management

The webshop uses session cookies, shopping cart cookies, and security cookies without requiring prior consent as they are necessary for service provision. Cookies store identifiers, dates, and times, and are used for user identification, shopping cart tracking, and visitor tracking. Users can delete cookies in their browser settings.

Data Subject Rights

Data subjects have the right to request access to, rectification or erasure of, restriction of processing concerning personal data, to object to processing, and to data portability. Consent can be withdrawn at any time. Requests can be made via postal mail, email, or phone as provided in the contact section.

Complaint Handling

For quality complaints related to purchased products, personal data such as name, email, billing address are processed for identification and communication purposes. Records must be kept for 5 years according to the Consumer Protection Act.

Customer Relations and Miscellaneous Processing

When contacting the Service Provider via phone, email, or social media, voluntarily provided personal data will be processed for up to 2 years after receipt. For official authority requests, data will be disclosed only to the extent necessary for the stated purpose.

Incident Response

If a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Service Provider shall notify the affected data subjects without undue delay, describing the nature of the breach, consequences, and measures taken. Notification to the competent supervisory authority will be made within 72 hours unless the breach is unlikely to result in a risk.

Right to Lodge a Complaint

Complaints regarding unlawful processing may be lodged with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), 1125 Budapest, Szilágyi Erzsébet fasor 22/C, email: ugyfelszolgalat@naih.hu

Applicable Laws

This notice has been prepared in consideration of GDPR (Regulation (EU) 2016/679), Hungarian Information Act (CXII/2011), Electronic Commerce Act (CVIII/2001), Consumer Protection Act (CLV/1997), and other relevant legislation.