Prosím prečítajte ešte pred nakupovaním!

The present General Terms and Conditions (hereinafter: "GTC") govern the operation of the online store (hereinafter: "Web Store") operated at the internet address HEDIT.EU and HEDIT.SK (hereinafter: "Website"), as well as the rights and obligations of the Users (hereinafter: "User(s)"). The scope of this GTC expressly extends to all electronic commerce services provided within the territory of Hungary and the European Union through the electronic store on the Website. Purchasing in the Web Store is guided, among other regulations, by Act CVIII of 2001 on Electronic Commerce Services and Certain Issues of Information Society Services, as well as the provisions of the Civil Code.

1. Essential Product Characteristics
   In the Web Store, Users can purchase branded, comfortable, and uniquely designed custom-sized women's workwear primarily, made by the Merchant, along with personal-sized textile accessories and textile products from other manufacturers. Detailed information about product characteristics can be found in the Web Store.
2. Merchant Details

Merchant operating the Web Store:

Name: HEDIT.HU Limited Liability Company

Registered Office: Hungary, 1201 Budapest, Magyarok Nagyasszonya tér 20.

Mailing Address: Hungary, 1201 Budapest, Magyarok Nagyasszonya tér 20.

Registering Authority: Company Court of the Budapest Metropolitan Court

Merchant's Company Registration Number: 01-09-373819

Merchant's Tax Number: 28786481-2-43

Merchant's Tax Number: HU28786481

Bank Account Number: 11720001-22475695

IBAN account number: BE79 9052 3336 5233

Representative: Viktória Eszes

Electronic Mail Address: hedit@hedit.eu

Phone Number: +36 70 667 9378

Website: https://hedit.eu

(hereinafter: "Merchant")

Host Service Provider for the Merchant:

Company Name: UNAS Online Ltd.

Registered Office: 9400 Sopron, Major köz 2. I/5.

Electronic Mail Address: unas@unas.hu

 

1. Definition of Terms

• Goods: In the Web Store, Users can purchase comfortable and uniquely designed private label ready-to-wear or custom-sized workwear, mainly for women, manufactured and marketed by the Merchant, as well as other accessories made from the Merchant's own textiles, and textile products from other manufacturers. Detailed information about the essential properties of the products can be found in the Web Store.
• Parties: Merchant and User collectively
• Consumer: A natural person acting for purposes outside their independent trade, business, or profession, who purchases, orders, receives, uses, or takes advantage of goods, or is the addressee of commercial communication or offers related to goods. For the purposes of rules concerning the Consumer Dispute Resolution Body—excluding the application of the European Parliament and Council Regulation (EU) No. 524/2013 of May 21, 2013, on the online resolution of consumer disputes and amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC—consumer is also considered any civil society organization, religious legal entity, condominium, or housing cooperative acting for purposes outside their independent trade, business, or profession, which purchases, orders, receives, uses, or takes advantage of goods, or is the addressee of commercial communication or offers related to goods. Within the internal market, consumer is considered to include, under the regulation of European Parliament and Council Regulation (EU) 2018/302 of February 28, 2018, regarding unjustified territorial content restrictions and other forms of discrimination, any business that qualifies as a customer under Regulation (EU) 2018/302.
• Manufacturer: The producer of the Goods, in the case of imported Goods, the importer bringing the Goods into the European Union, and any person who labels themselves as the manufacturer by marking the Goods with their name, trademark, or other distinguishing signs.
• Contract: The purchase agreement formed between the Merchant and the User through the use of the Web Store and electronic communication.
• Warranty: The warranty provided by the business for the performance of the contract in consumer contracts, as per the Civil Code, which the business voluntarily undertakes beyond its statutory obligations or, where no such obligation exists, as required by law.
• Purchase Price: The payment required for the Goods and services available in the Web Store.

 

The Contract shall be governed by Hungarian law, in particular the following legal provisions:

• Act CLV of 1997 on Consumer Protection
  • Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society
  • Act V of 2013 on the Civil Code
   • Government Decree 151/2003 (IX.22.) on mandatory warranty for durable consumer goods
   • Ministry of Justice Decree 10/2024 (VI.28.) on determining the scope of durable consumer goods subject to mandatory warranty
   • Government Decree 45/2014 (II.26.) on the detailed rules for contracts between consumers and businesses
   • Ministry of National Economy Decree 19/2014 (IV.29.) on the procedural rules for handling warranty and guarantee claims concerning goods sold under contracts between consumers and businesses
   • Act LXXVI of 1999 on Copyright
   • Act CXII of 2011 on informational self-determination and freedom of information
   • EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2018/302 (February 28, 2018) on unjustified territorial restrictions on content and other forms of discrimination based on the nationality, residence, or establishment of the customer within the internal market, and amending Regulation (EC) 2006/2004, Regulation (EU) 2017/2394, and Directive 2009/22/EC
   • EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
   • Government Decree 373/2021 (VI.30.) on the detailed rules for contracts between consumers and businesses concerning the sale of goods and the provision of digital content and digital services

1. The Purchase Process

• The purchasing process does not require user registration, but it can also be done with registration.
• Orders placed by phone or fax will not be accepted by the Merchant. Users can order products through the Web Store electronically in the manner described below.
• By submitting an order via email to the Merchant, the legal relationship between the parties shall be governed by the General Terms and Conditions of HEDIT.HU Ltd., which can be accessed and downloaded at any time on the website www.hedit.hu. Acceptance of the General Terms and Conditions is a condition for the fulfilment of the order.
• Delivery is expected within 10 (ten) working days following the receipt of the order by the Merchant, confirmation of the order, and payment of the purchase price. In the case of cash on delivery, the 10 (ten) working days are calculated from the time of order placement. For large orders (with a minimum purchase price of 100,000 HUF) or if the delivery is to a foreign country, the delivery deadline may be extended. In this case, the Merchant will notify the User of the new delivery deadline.

 

(a) Purchase Process for Users Without Registration
The User can place an order for the selected product by following the steps below:

1. By clicking on the selected product, the User will be redirected to the product page, where detailed information about the product (e.g., type of fabric, manufacturer, size chart, etc., and in the case of gift vouchers, their value and usage conditions) will be displayed. The User can then select the desired size and quantity, and add the product to the cart by clicking the "Add to Cart" button.
2. The products added to the cart can be viewed and edited (modified or deleted) at any time during the purchase process by clicking on the cart icon in the top right corner of the Website. IMPORTANT: Changes to the quantity of items in the cart will only be recorded if the User also clicks the arrow icon above the quantity. The total price will be updated according to the new quantity. The net and gross prices of the products will be displayed in the cart.
3. By clicking the "Order" button, the User will be directed to the "Enter Information" section. Here, the following details must be provided: a valid email address, name, phone number, and billing information (name, address, VAT number for businesses). On the same page, the User can check the box if the shipping details match the billing information, or if they differ, separate shipping information can be provided. After entering the data, the User can subscribe to the Web Store’s newsletter by clicking the appropriate box.
4. By clicking the "Next" button, the User will reach the "Shipping and Payment" section, where they can select the preferred payment and shipping methods. By choosing the courier service, the User declares that they have read and expressly accepted the general terms and conditions and privacy notice of the courier company, which can be accessed by clicking the embedded links. Additionally, the User can check the shipping cost for the selected product. If the User has a coupon code, they can enter it in the "Coupon Code" field to redeem it.
5. By clicking the "Next" button, the User can review the provided information and the final total price, which includes the shipping cost. The User has the option to modify any previously provided information or choose a different shipping or payment method by clicking the pencil icon next to each data group. After reviewing the total order amount, the User must confirm by checking the checkbox above the "Order" button on the right side of the screen, acknowledging that they have read and accepted the General Terms and Conditions and the Privacy Notice and are aware that placing the order will create a payment obligation. Only then can the order be submitted.
6. By clicking the "Place Order" button, the User can submit the order. The User will then receive an automatically generated order number, which they can use to track the status of their order in the future.
7. If the selected payment method is an electronic credit card payment service, the User can proceed with the payment according to the instructions provided on the page.

(b) Purchase Process for Registered Users
Users have the option to register on the Website. In addition to the data described in point (a) 3, they will also need to provide a password.
For purchases made with registration, the subsequent steps of the order process are the same as described in point (a), except that personal data will be automatically filled in.
The User will be notified of successful registration by email, and can also check it on the website. The User can request the deletion of their registration via email to the Merchant.
The User is responsible for keeping their login credentials confidential. The User is also responsible for updating their information and must notify the Merchant if they become aware that their data has been misused by a third party. In case of forgotten password, the User can request a new password to be sent to their registered email address on the website. If the User has registered previously, the order process can be continued by entering their email address and password.
Regardless of the intention to place an order, the User can log in using the "Customer Login" window or the "Login" menu item. After logging in, a "Modify Data" menu will appear, where they can update their registration details and track the status of their submitted orders.

The Merchant may initiate loyalty point campaigns, which can only be accessed by registered customers. The terms of the loyalty program can be found on the Website.

(c) Gift Voucher Purchase
Users have the option to purchase a pre-determined value gift voucher, which can later be redeemed on the full range of products available in the Web Store within the voucher's validity period.

1. Among the Web Store products, the User selects the preferred value of the gift voucher and adds it to their cart by clicking the "Add to Cart" button. Then, they proceed with the purchase process as described in point 3.2 (a) of these Terms and Conditions, with the exception that only online credit card payment or advance payment methods are available. If the User provides an incorrect email address, the Merchant cannot refund the value of the gift voucher, so the User must be especially careful when entering the email address.
2. After the payment is successfully confirmed by the electronic payment service provider, or after the advance payment has been received in the Merchant's bank account, the Merchant will send the User a coupon code for the purchased value by email within 24 hours. The User can download the gift voucher template from the Web Store.

Conditions for Using Gift Vouchers:
The value of the gift voucher will be deducted from the total order amount when placing the order by entering the voucher code in the "Coupon Code" field during checkout.
The gift voucher cannot be exchanged for cash. If the value of the product purchased with the gift voucher is lower than the voucher value, no cash will be refunded.
The gift voucher can only be used once. Once the voucher code has been used during the order, the voucher becomes invalid.
In the event of withdrawal from the purchase contract or a valid complaint under point 9 of these Terms and Conditions, where the gift voucher has been used, the refunded amount for the affected products will be returned as follows:

• If the value of the affected products is equal to or less than the value of the gift voucher used, a new gift voucher with the same value as the original purchase price of the affected products will be issued.
• If the total value of the affected products exceeds the value of the gift voucher used, the refund will be made through a combination of a new gift voucher for the same amount as the original gift voucher and a cash or bank transfer refund.

IMPORTANT: It is possible to redeem a gift voucher when placing an order for custom-sized products by entering the voucher code in the "Notes" section. However, due to the nature of the custom order, the right to withdraw is not applicable as per point 9 of the Web Store’s Terms and Conditions.
The voucher is valid for one year from the date of purchase. After the expiration date, the voucher becomes invalid, cannot be refunded, and cannot be renewed.
The gift voucher cannot be replaced if lost.
The customer who purchased the gift voucher is not authorized to resell it to third parties. Anyone who violates this restriction will be fully liable to the affected third party.

(d) Placing an Order for a Custom-Sized Tunic
 Users have the option to place an order for a custom-sized tunic based on the sample clothing products presented in the Web Store, in case they do not require standard sizing. The Merchant may limit or suspend this option indefinitely on the Web Store.

1. By clicking on the Custom-Sized Tunic product, the User will be redirected to the product page, where they can enter their measurements for the tunic: bust measurement, hip measurement, desired tunic length, and select the desired pattern. Afterward, the User adds the product to their cart by clicking the "Add to Cart" button.
2. The User proceeds with the purchase process for the desired product(s) as described above.

IMPORTANT: There is no right of withdrawal for contracts concluded at a distance for custom-made products with specific requirements and measurements, as per point 9 of these Terms and Conditions.
 Custom-sized tunics can only be ordered through advance payment or credit card payment methods.

(e) Ordering a Sample Package
 Ordering a sample package is a service provided for the purpose of viewing products. By ordering a sample package, the products included in the package will not become the property of the User! Upon purchasing the sample package, the User has 10 working days to try on, personally inspect, and then return the products to the Merchant in undamaged condition.

If the User places an order with the Web Store after ordering the sample package, the price of the sample package will be deducted from the total order amount as a discount, provided the final order amount (before the discount) reaches a gross amount of 100,000 HUF.

The User is required to return the products from the sample package in the same condition as they were received (do not remove the tags, keep the products clean and folded in the box). In the event that any product is damaged or soiled, i.e., not returned in the same condition as received, the User must notify the Merchant at the time of returning the package. Depending on the extent of the damage, the Merchant may charge the User a penalty fee, which may not exceed the purchase price of the damaged product as listed on the Web Store at the time the sample package was ordered. The User is obligated to settle this fee within the deadline specified on the invoice.

After 10 working days from the delivery of the sample package, a courier will return to collect the package from the User and return it to the Merchant. The cost of this return shipping is included in the price of the sample package.

The User can only order the sample package through advance payment in the Web Store (via prepayment based on a proforma invoice or electronic online payment via credit card).

If the User places an order with the Web Store after returning the sample package, the Merchant will provide a one-time free exchange opportunity for the User.

The Merchant may restrict the availability of the sample package service based on the User's geographic location.

 

1. Rules of Operation for the Webstore

• Change of Products:
   The Merchant reserves the right to unilaterally change the range of products available for purchase in the Webstore.
  
  
  
• Order Confirmation:
   After receiving the order, the Merchant will send an automatic confirmation email to the User within the shortest possible time, but no later than 48 hours, confirming the receipt of the User's order. The order and the contract between the Merchant and the User are deemed concluded when the order is received by the Merchant, but the Merchant is only obligated to fulfil the order once the User has paid the purchase price.
  
  
  
• Order Fulfilment:
   After confirming the order, the Merchant will provide the product within the timeframe specified in the description of each product, or the Merchant may refuse to fulfil the order and cancel the contract if:
  
  
  
• (i) The User fails to meet their payment obligation at the time of placing the order, or
• (ii) A situation arises that contradicts any provision of these Terms and Conditions.
   The Merchant will notify the User via email about whether the product will be provided or the order will be refused.
• Contract Confirmation:
   After the conclusion of the contract, but no later than when the purchased product is delivered, the Merchant will provide the User with a confirmation of the concluded contract on a durable medium. This confirmation will include the essential elements of the contract between the User and the Merchant.
  
  
  
• Language and Form of the Contract:
   The language of the contract is English. The contracts covered by these Terms and Conditions are not considered written contracts, and the Merchant does not file them.
  
  
  
• Data Provision:
   The User is obligated to provide accurate data when using the Webstore. The User declares and guarantees that the data provided during the use of the Website is accurate. The Merchant is not liable for any damages, delays in delivery, or other issues arising from inaccurate or incorrect data provided by the User.
  
  
  
• Liability:
   The Merchant is not liable for any issues arising from the User forgetting their password, unauthorized access, or issues outside the Merchant’s control.
  
  
  
• Acceptance:
   By using the Webstore, the Users accept the conditions set out in these Terms and Conditions and the Merchant's Privacy Policy, which is an integral part of these Terms and Conditions and should be interpreted in accordance with them.
  
  
  
• Webstore Availability:
   The Merchant will make every effort to ensure the continuous availability of the Webstore, but does not guarantee the continuous operation of the services available through the Webstore if affected by external circumstances.
  
  
  
• Order Cancellation:
   The Merchant has the right to cancel the order or refuse its fulfilment if the User has once unjustifiably refused to accept the delivered package or provided false data for the purpose of placing the order, delivery, or invoicing.
  
  
  

1. Purchase Price; Payment Terms

• Advance Payment Requirement:
   The purchase price of the ordered products is payable in advance, except for cash on delivery (COD) payments.
  
  
  
• Price Information:
   The price of the products in the Webstore, listed next to each item, includes the product’s price with VAT but does not include shipping costs.
  
  
  
• Currency Options:
   The listed prices are in Euros. 
•  
• Order Summary:
   The Merchant will display the total purchase price for the products placed in the cart, along with the shipping costs chosen by the User, during the checkout process.
  
  
  
• Price Changes:
   The Merchant reserves the right to change the prices of the products in the Webstore. Such price changes will take effect as soon as they appear on the Website. These changes will not negatively affect the price of products already ordered.
  
  
  
• Incorrect Price Listing:
   If the Merchant incorrectly lists a price for a product and an order is placed based on this incorrect price, but no contract has yet been concluded, the Merchant will proceed as follows:
   A price is considered to be obviously incorrect if:
  
  
  
• The listed price is 0 Euros, or
• The price is shown with an incorrect discount (e.g., a product priced at 10 Euros is mistakenly shown as 5 Euros with a 20% discount).
• In the case of an incorrect price, the Merchant will offer the product at its correct price. Upon receiving this information, the Buyer can decide whether to purchase the product at the correct price or cancel the order without any negative consequences.
  
  
  

Available Payment Methods:

• Credit Card Payment via the Simple system: The purchase price can be paid by the User electronically through the SimplePay payment service provided by OTP Bank Nyrt., via the simplepay.hu website. The Merchant is not responsible for any potential errors occurring during payment by credit card. The Merchant will send an automatic confirmation email to the User's provided email address, confirming the purchase. For more information on payment through SimplePay, please refer to the following links: SimplePay Customer Information.
  
  
  
• Prepayment via pro forma invoice: The purchase price can also be settled by bank transfer based on a pro forma invoice issued by the Merchant. If payment via SimplePay is unsuccessful for any technical reason, payment via bank transfer based on the pro forma invoice is also possible. The Merchant will send an electronic pro forma invoice to the User’s provided email address within 24 hours of the order being placed. The User must pay by the deadline indicated on the pro forma invoice. If the payment is not made by the deadline, the Merchant will cancel the unpaid order. The prepayment should be made to HEDIT.HU Ltd. to the OTP Bank account number 11720001-22475695. The User should indicate the pro forma invoice number in the communication field.
  
  
  
• Cash on Delivery: If the User wishes to pay for the order upon receiving the package, they can select the "Cash on Delivery" payment method. A payment handling fee will be charged by the Merchant for cash on delivery. The Merchant may limit the availability of this payment method based on location.
  
   ATTENTION! The Merchant may refuse to offer the cash on delivery payment method if the User has previously refused to accept at least two cash on delivery orders, regardless of whether the refusal was due to exercising the right of withdrawal. The Merchant reserves this right to ensure that cash on delivery shipments are as successful as possible. If the User has refused to accept cash on delivery packages on at least two occasions (not due to withdrawal), only online credit card payments or prepayments will be offered. The Merchant works with Utánvét Ellenőr Ltd. to determine the available payment methods for the User.
  
  
  
• Credit Card Payment via Stripe: The purchase price can be paid by the User electronically through the Stripe payment service provided by Stripe Payments Europe, Ltd., via the Stripe Checkout page. The Merchant is not responsible for any potential errors occurring during payment by credit card. The Merchant will send an automatic confirmation email to the User's provided email address. For more information on payment via Stripe, please refer to the following links: Stripe Customer Information.

The User can only receive the product if the full purchase price, including any applicable shipping costs, has been paid. The purchase price is considered paid if it has been credited to the Merchant’s bank account or, in the case of cash on delivery, paid to the courier. When using a gift voucher as payment, the value of the gift voucher will be deducted from the total amount of the order when the voucher code is entered in the appropriate "Coupon code" field.

The Merchant will send the confirmation of purchase and all related written communication, including automatic confirmation emails, to the email address provided by the User.

The Merchant will issue an electronic invoice via the Tharanis invoicing system, which will be sent to the User's provided email address in PDF format. The User irrevocably consents to receiving the invoice in this format. The Merchant is obligated to retain accounting documents for 8 years according to Section 169 (2) of Act C of 2000 on accounting.

Requests for invoice modifications will be accepted by the Merchant within 30 days from the invoice issuance date.

 

1. Receipt of the Products

The products available in the Web Store can be ordered with delivery to Hungary and certain European Union countries, which can be selected in the order details section of the Web Store.

The User bears the cost of delivery, which will be specified on the invoice. The Merchant will fulfil the orders under the conditions stated on the Website.

After the order is received by the Merchant and the payment is completed, the Merchant will notify the User via email about the details of the delivery. The courier service staff will identify the User upon delivery of the ordered product.

If the User wishes to provide additional comments or clarifications regarding the delivery time, they can do so in the comment section of the order form. IMPORTANT: The courier service will not call before delivery; however, in case of unsuccessful delivery, they will leave a notification and contact the User at the phone number provided to arrange a specific time for redelivery. Deliveries occur between 8:00 AM and 5:00 PM, Monday to Friday.

The recipient User is required to inspect the parcel upon receipt in the presence of the courier and, in the case of visible damages or defects on the external packaging of the parcel, open it and draw up a report with the courier detailing the nature, extent, and likely cause of the damage, as well as a detailed description of the damage. Additionally, the damage must be reported to the courier service immediately. The User is obligated to take all reasonable steps to mitigate the damage.

If the parcel is partially lost or damaged – when visible – this must be immediately noted on the delivery document at the time of delivery or redelivery of the parcel. Both the recipient User and the Merchant are required to allow the courier service to personally and physically verify the nature and extent of the damage.

By selecting the courier service for delivery, the User explicitly gives their prior consent in accordance with Section 29, Subsection (1)(a) of Government Decree 45/2014 (II. 26.), allowing the Merchant to start the fulfilment of the entire commercial service, including the courier order, immediately after the order is placed, but no later than the first working day, within 1 hour, and acknowledges that upon completion of the courier service, the right of withdrawal is lost.

 

GLS Courier Service

The Merchant will deliver the ordered products to the address provided by the User using the GLS General Logistics Systems Hungary Ltd. (headquarters: 2351 Alsónémedi, GLS Európa utca 2.; hereinafter: GLS) courier service, which operates under its own General Terms and Conditions, which can be accessed here (hereinafter: GLS GTC).

In the case of delivery to a GLS parcel shop, the User has 5 days to pick up the package during the parcel shop's opening hours.

Delivery should be considered unsuccessful in the following cases:

• If the recipient is not present at the provided address;
• If the recipient refuses to accept the package;
• If the recipient does not accept the package within 10 minutes after the arrival of the GLS driver.

The following situations are not considered the fault of GLS if the delivery fails: • Insufficient data on the shipment; • Incomplete or incorrect address; • Delivery remains impossible despite following the procedures for unsuccessful delivery due to reasons beyond GLS’s control; • Violation of the GLS General Terms and Conditions by the Sender; • Force majeure.

The Merchant is not responsible for any damages caused by delays; however, GLS will do everything possible to ensure the package is delivered to the recipient User within the specified delivery time. The Merchant excludes liability for the following matters, where the recipient User or another third party may directly contact GLS for claims, as defined by the Postal Services Act (2012 CLIX):

In case of loss, destruction, or damage of the parcel, GLS will reimburse the selling price directly to the claimant.

GLS is responsible for the goods it has received in accordance with the applicable provisions of the Postal Services Act (PSA).

If the entitled party does not assert their claim, the Merchant has the right to assert the claim.

GLS will only accept a damage claim if the shipment complies with the provisions of this GTC and the GLS General Terms and Conditions, and a damage report is drawn up by the recipient User and a GLS representative at the time of delivery. GLS is not liable for “internal damage,” i.e., if no external damage is visible on the packaging.

GLS is responsible for any actual damage to the parcel. Both the Merchant and the recipient User are entitled to file the damage claim directly with GLS in accordance with the GLS GTC.

Regarding GLS services, Users are entitled and required to use the customer service operated by GLS in accordance with the conditions set forth in the GLS GTC.

 

Hungarian Postal Delivery

The Merchant will deliver the ordered products to the address provided by the User using the courier service of Magyar Posta Zártkörűen Működő Részvénytársaság (headquarters: 1138 Budapest, Dunavirág utca 2-6.; hereinafter: Posta), which operates under its own applicable General Terms and Conditions, which can be accessed here (hereinafter: Posta GTC). Hungarian Postal delivery is only available for deliveries within Hungary.

Posta will attempt to deliver the parcel to the address provided once. In case of unsuccessful delivery, the parcel can be picked up at the designated post office within 10 working days as indicated in the notification.

Posta parcels are delivered in accordance with legal regulations, with an 85% delivery success rate by the second working day following the dispatch and a 95% success rate by the third working day.

By selecting Hungarian Postal delivery, you acknowledge and accept the Posta’s own General Terms and Conditions and the Data Privacy Notice contained therein.

For postal services, Users are entitled and required to use the customer service operated by Posta in accordance with the terms set forth in the Posta GTC.

 

Sales to Foreign Countries

The Merchant does not distinguish between Buyers within Hungary and those located within the European Union when using the Website. Unless otherwise stipulated in these GTC, the Merchant ensures delivery/collection of the ordered Goods within Hungary.

For purchases outside Hungary, these GTC provisions apply, with the understanding that, according to the relevant regulation, for the purposes of this section, a "consumer" is considered to be a person who is a citizen of a Member State or a resident of a Member State, or a business that is established in a Member State and buys goods or services exclusively for final consumption within the European Union or acts with this intention. A consumer is a natural person who acts for purposes outside of their commercial, industrial, artisanal, or professional activities.

The language of communication and purchasing is primarily Hungarian, and the Merchant is not obliged to communicate with the Buyer in the official language of the Buyer’s country of residence.

The Merchant is not required to comply with any non-contractual requirements set forth in the national law of the Buyer’s country regarding the Goods in question, such as labelling or sector-specific requirements, nor is the Merchant obligated to inform the Buyer about such requirements.

Unless otherwise specified by the Merchant, the VAT rate of the country indicated in the billing details will apply to all Goods.

The Buyer may exercise their legal rights under these GTC.

In the case of electronic payment solutions, the payment is made in the currency determined by the Merchant.

The Merchant may withhold the delivery of the Goods until it is confirmed that the payment for the Goods and the shipping fee has been successfully and fully completed via the electronic payment solution (this includes cases where the Buyer, in the currency of their country, transfers the purchase price (shipping fee), and the Merchant does not receive the full amount due to currency exchange or bank fees).

If the full price of the Goods has not been paid, the Merchant may request the Buyer to supplement the payment.

The Merchant ensures the delivery options for non-Hungarian Buyers similar to the delivery options available for Hungarian Buyers.

If the Buyer requests the delivery of the Goods to Hungary or any other EU member state, this request can be made by non-Hungarian Buyers using any of the delivery methods specified in these GTC.

If the Buyer is entitled to choose personal collection of the Goods at the Merchant's premises according to these GTC, the non-Hungarian Buyer may also exercise this option.

Otherwise, the Buyer may request to arrange the shipment of the Goods abroad at their own cost. This right does not apply to Hungarian Buyers.

The Merchant will fulfil the order after the shipping fee has been paid. If the Buyer does not pay the shipping fee to the Merchant, or if the Buyer does not arrange for shipping by the pre-agreed date, the Merchant may terminate the contract and refund the pre-paid purchase price to the Buyer.

 

1. Data Entry Errors

• The Merchant is not liable for delivery delays or other issues resulting from incorrect or inaccurate information provided by the User. Therefore, Users are required to carefully verify their entered data before submitting their order electronically. The Merchant will make every effort to ensure that the information displayed on the Website (such as product prices, availability, descriptions, etc.) is as accurate as possible. Clearly incorrect prices, such as 0 or 1 HUF due to system errors, do not constitute an invitation to make an offer. Exceptions to this rule are promotional gift products advertised as part of a campaign. The images displayed next to the products are for illustration purposes only, and the product description always contains the specific details of the product.
• Before submitting the order, the User can identify and correct any data entry errors by overwriting and saving the corrected information. If the Merchant has not yet begun the fulfilment process, the User can modify data related to the active order by contacting the Merchant’s customer service phone number or the email address provided for customer service purposes.

 

1. The Right of Withdrawal of the User

According to Government Decree 45/2014. (II. 26.), a User qualifying as a consumer may withdraw from the purchase without giving any reason within 14 (fourteen) calendar days from the date of receipt of the product (from the date of acceptance of the product). The User may exercise the right of withdrawal during the period between the date of conclusion of the contract and the date of receipt of the product.

The User may exercise the right of withdrawal by filling out the form found athttps://www.hedit.eu/Product-exchange-return or by using the sample statement included in the Appendix of this Terms and Conditions. In this case, the Merchant must confirm the receipt of the User’s statement without delay in a durable medium. By completing the form athttps://www.hedit.eu/Product-exchange-return and selecting the "Return (refund will be given)." option for the question "Do you wish to exchange or return the product(s)?", the User declares that they are exercising their right of withdrawal for the contract associated with the specified order number.

The date of receipt is the date the product is taken from the courier, and the courier must make a record of the date in their own log.

In case of withdrawal, the User can return the product at their own cost via courier service, and within 14 (fourteen) calendar days from the receipt of the product(s), the Merchant will refund the purchase price of the returned product(s) and any other costs that were reasonably incurred.

If the entire order is cancelled, the shipping fee will also be refunded. NOTE: the product cannot be returned by post! In case of withdrawal, only the cost of returning the product is borne by the User. The Merchant can only refund the purchase price of the product(s) and the shipping fee (or the amount paid by the User as consideration) if the User has returned the product(s) or unambiguously demonstrated that they sent the product(s) back within 14 calendar days of notifying their intention to withdraw; the Merchant will consider the earlier of the two dates. The Merchant cannot accept packages sent by cash on delivery.

If the User orders multiple products at once, the Merchant is not obligated to refund the shipping cost if the User has not exercised the right of withdrawal for all of the products.

The refund will be made using the same payment method as the original transaction, unless the User explicitly agrees to another payment method. The Merchant will contact the User by email in this regard.

The User cannot exercise the right of withdrawal in cases specified in Section 29 of Government Decree 45/2014, particularly for products that were made according to the consumer's (User's) instructions or specifically tailored to the User’s needs (i.e., custom-made products as per Section 4.4(d) of these Terms and Conditions).

The Merchant may claim compensation for damages arising from improper use of the product.

In case of withdrawal or a valid complaint under this Section 9, if a gift voucher was used during the purchase, the purchase amount of the returned or complained product will be refunded using the same payment method as the original transaction as follows:

• If the value of the returned or complained product(s) at the time of purchase is less than or equal to the value of the gift voucher used during the purchase, the refund will be made in the form of a new gift voucher with an amount equal to the original purchase price.
• If the total value of the returned or complained product(s) exceeds the value of the gift voucher used during the purchase, the refund will consist of a new gift voucher of equal value to the original gift voucher and a cash or bank transfer refund.

IMPORTANT: When placing an order for custom-sized products, the gift voucher can be redeemed by providing the voucher code in the comment section. HOWEVER, due to the nature of custom orders, the User cannot exercise the right of withdrawal according to Section 9 of these Terms and Conditions.

The Merchant may withhold the amount to be refunded to the consumer until the product is returned or the User has unambiguously proven that it has been returned; the earlier of the two dates will be considered. The Merchant cannot accept cash on delivery or postage-paid packages.

Responsibility for Depreciation: The consumer is responsible for any depreciation resulting from use of the product beyond what is necessary to determine its nature, characteristics, and functioning.

If the relevant legislation does not allow the right of withdrawal or only allows it under certain conditions, the User is not entitled to use the product for trial purposes.

Exchange Option: The User may indicate an exchange request through this link:https://www.hedit.eu/Product-exchange-return

In interpreting this contract, a breach occurs if the User does not accept the product they ordered or fails to notify the Merchant of their intention to withdraw.

An electronic purchase agreement is concluded between the Merchant and the Consumer (User) once the order is placed on the website. Based on this agreement, the Consumer (User) is obligated to pay the purchase price and accept the product, and they must cooperate with the Merchant and inform them of any essential details related to the fulfilment of the contract (Civil Code, Section 6:215 and Section 6:62(1)).

If the User does not accept the ordered product, the Merchant may, at its discretion:

1. Terminate the contract with immediate effect, or
2. Attempt delivery for a third or fourth time, if the second delivery attempt also fails and/or the User did not cooperate.

The Merchant reserves the right to charge a penalty for the unsuccessful delivery and return costs outlined above.

If the User has previously failed to accept the ordered product (at least twice) – except in cases of withdrawal – or the product was returned with a "non-delivery" notice, the Merchant may require full prepayment of the purchase price and shipping costs before fulfilling the order. The Merchant has the right to withhold the delivery of the product(s) until it is satisfied that the User has successfully paid the price using the electronic payment method (including cases where the User paid by bank transfer in their local currency and the Merchant did not receive the full amount due to exchange rates or bank fees). The Merchant will request the User to make up the difference if the full payment for the product has not been received.

 

1. Consumer Complaints; Warranty for Goods, Product Warranty

The User may file any complaints arising during the purchase with the Merchant using the following contact details:

• Postal address: 1201 Budapest, Magyarok Nagyasszonya tér 20.
• Email address: hedit@hedit.eu
• Complaint handling location: the Merchant’s headquarters listed above.

The User may submit complaints in writing (by post or email) regarding the Merchant's or any individual acting on behalf of the Merchant in connection with the marketing or sale of goods to consumers, or the Merchant’s conduct, activities, or omissions.

The Merchant is obliged to respond in writing to the complaint and take action to address it within 30 (thirty) calendar days of its receipt. If the complaint is rejected, the Merchant must provide justification for the rejection.

Verbal complaints must be investigated immediately by the Merchant and resolved if necessary. If the User disagrees with the handling of the complaint, or if the complaint cannot be resolved immediately, the Merchant must immediately record the complaint and the position taken, and provide a copy of the record to the User if the verbal complaint was communicated in person. If the verbal complaint was made by phone or other electronic communication, the Merchant must send the response in writing, in compliance with the regulations for written complaints, within 30 days.

If the complaint is rejected, the Merchant must inform the User in writing about the authority or the mediation body where the complaint can be submitted, based on the nature of the complaint. The information must also include the contact details (address, phone number, and website) of the competent authority or mediation body located in the User’s place of residence or stay. Furthermore, the Merchant must inform the User whether the business intends to use the mediation body’s procedure for resolving the consumer dispute.

If the User finds the Merchant’s response unsatisfactory, especially in the following cases, they can seek legal remedies by contacting the relevant authorities:

• A User qualifying as a consumer—if acting for purposes outside of their independent profession or business activities—may turn to the independent mediation body that operates alongside the local chambers of commerce, which is competent in the User’s place of residence or stay, or according to the User’s request. This body is responsible for the out-of-court resolution of consumer disputes related to the product's quality, safety, product liability, service quality, and issues related to the conclusion and fulfilment of the contract between the parties (hereinafter referred to as a "consumer dispute"). The mediation body aims to attempt to reach a settlement and, if that fails, to make a decision in the case, ensuring the simple, quick, effective, and cost-effective enforcement of consumer rights. The detailed rules of procedure are contained in Act CLV of 1997 on Consumer Protection.

Contact Information for the Territorial Arbitration Boards:

 

Budapest Arbitration Board

• Jurisdiction: Budapest
• Address: 1016 Budapest, Krisztina krt. 99. I. em. 111.
• Mailing Address: 1253 Budapest, Pf.:10.
• Phone: +36-1-488-2131
• Email: bekelteto.testulet@bkik.hu
• Website: bekeltet.bkik.hu

Baranya County Arbitration Board

• Jurisdiction: Baranya, Somogy, Tolna Counties
• Address: 7625 Pécs, Majorossy I. u. 36.
• Phone: +36-72-507-154
• Email: info@baranyabekeltetes.hu
• Website: baranyabekeltetes.hu

Borsod-Abaúj-Zemplén County Arbitration Board

• Jurisdiction: Borsod-Abaúj-Zemplén, Heves, Nógrád Counties
• Address: 3525 Miskolc, Szentpáli u. 1.
• Phone: +36-46-501-090
• Email: bekeltetes@bokik.hu
• Website: bekeltetes.borsodmegye.hu

Csongrád-Csanád County Arbitration Board

• Jurisdiction: Békés, Bács-Kiskun, Csongrád-Csanád Counties
• Address: 6721 Szeged, Párizsi krt. 8-12.
• Phone: +36-62-554-250/118
• Email: bekelteto.testulet@cskik.hu
• Website: bekeltetes-csongrad.hu

Fejér County Arbitration Board

• Jurisdiction: Fejér, Komárom-Esztergom, Veszprém Counties
• Address: 8000 Székesfehérvár, Hosszúsétatér 4-6.
• Phone: +36-22-510-310
• Email: bekeltetes@fmkik.hu
• Website: www.bekeltetesfejer.hu

Győr-Moson-Sopron County Arbitration Board

• Jurisdiction: Győr-Moson-Sopron, Vas, Zala Counties
• Address: 9021 Győr, Szent István út 10/a.
• Phone: +36-96-520-217
• Email: bekeltetotestulet@gymskik.hu
• Website: bekeltetesgyor.hu

 

 

 

 

 

Hajdú-Bihar County Arbitration Board

• Jurisdiction: Jász-Nagykun-Szolnok, Hajdú-Bihar, Szabolcs-Szatmár-Bereg Counties
• Address: 4025 Debrecen, Vörösmarty u. 13-15.
• Phone: +36-52-500-710
• Email: bekelteto@hbkik.hu
• Website: hbmbekeltetes.hu

Pest County Arbitration Board

• Jurisdiction: Pest County
• Address: 1055 Budapest, Balassi Bálint u. 25. IV/2.
• Phone: +36-1-792-7881
• Email: pmbekelteto@pmkik.hu
• Website: panaszrendezes.hu

 

 

The procedure of the Conciliation Board for persons who are not considered consumers: According to the Consumer Protection Act, a person acting for purposes outside their independent occupation and economic activity is considered a consumer, including non-governmental organizations, religious legal entities, housing cooperatives, and residential associations that purchase, order, receive, use, or utilize a product, or are the addressees of commercial communications related to the product.

The Conciliation Board is authorized to verify and examine whether the person has the status of a consumer. The rules for the procedure of the Conciliation Board are applicable as written under the Conciliation Board.

• Persons not considered consumers may turn to the consumer protection authorities, specifically the locally competent district offices. The detailed rules for the procedure can be found in Act CLV of 1997 on consumer protection, Act XLVII of 2008, and Act CXL of 2004. The consumer may approach the district office of their place of residence at the contact details found at the following link: http://jarasinfo.gov.hu/.
• In case of defects with ordered products, the user may assert a warranty claim against the seller under the Civil Code, Act V of 2013. During the warranty process, the user can request the defective product to be repaired or replaced, unless the repair or replacement is impossible or would cause disproportionate additional costs for the seller. If the user did not request or could not request the repair or replacement, they can request a proportionate price reduction or may have the product repaired at the seller’s expense, or they may cancel the contract if the seller did not undertake or could not perform the repair or replacement, or if the user's interest in repair or replacement has ceased. The user is responsible for proving the cessation of interest. No cancellation is allowed for insignificant defects. The user may switch from one warranty right to another, but they must bear the cost of switching unless it was justified or caused by the seller. The user is required to notify the defect without delay, but no later than within 2 months of discovering the defect. Warranty claims cannot be enforced after the 2-year limitation period following the completion of the contract. Within 6 months of performance, the user may assert warranty claims based solely on the notification of the defect and the presentation or submission of the invoice or its copy. However, after 6 months from the performance, the user is required to prove that the defect existed at the time of delivery.

Instead of warranty claims, the user may assert a product warranty claim against the manufacturer or distributor. In the case of product warranty, the user can only request the defective product to be replaced (repaired). The product is considered defective if it does not meet the applicable quality requirements at the time of its release or if it does not have the properties stated by the manufacturer in its description. The user must prove the defect of the product. A product warranty claim can be asserted within 2 years from the release of the product. The manufacturer/distributor is only exempt from the product warranty obligation if they prove that they did not manufacture or place the product on the market within their business activity, or if the defect could not be detected at the time of release according to the state of science and technology, or if the defect arises from the application of a law or mandatory regulatory requirement. The manufacturer/distributor only needs to prove one cause.

Warranty and product warranty claims cannot be asserted simultaneously or in parallel.

 

1. Data Management
   In connection with the operation of the Website, the handling of personal data is carried out by the Trader according to the Privacy Policy set out in Appendix 3 of these Terms and Conditions.
2. 
   Copyrights
   12.1. According to Section 1(1) of Act LXXVI of 1999 on Copyright (hereinafter referred to as the "Copyright Act"), the website is considered a work protected by copyright, and as such, every part of it is under copyright protection. Based on Section 16(1) of the Copyright Act, any use of an application that modifies the website or any of its parts is prohibited. Any material taken from the website or its database may only be used with the written consent of the copyright holder, and even then, only with a reference to the website and the source indicated. The copyright holder is: HEDIT.HU Ltd.
   
   
   
3. Final Provisions

 The effective date of this GTC is March 07, 2025 and its provisions apply only to contracts concluded after its effective date.
 The Trader reserves the right to modify this GTC. The Trader will publish the modified terms and conditions on the Website.
 This GTC is governed by the provisions of Act CVIII of 2001 on electronic commerce services, the provisions of the Government Decree 45/2014 (II. 26.) on the detailed rules of contracts between consumers and businesses.
 The parties agree on the exclusive jurisdiction of the Budapest District Court to settle any disputes.
 The Trader does not have a code of conduct in accordance with the prohibition of unfair commercial practices towards Consumers under Act XLVII of 2008.
 There is no usage fee for the means of communication used to conclude the contract at a distance.
 The Trader has implemented and maintains the necessary protective measures regarding the information technology infrastructure used for the operation of the Web Store and continuously updates it. The Trader ensures the proper placement and physical protection of the devices, and provides data protection through the available IT tools. The use of the Web Store presupposes that the User is familiar with the technical and technological limitations of the internet and accepts the possible errors associated with the technology.
 The Website operates independently of the browser and is compatible with all operating systems, and can also be displayed on mobile applications (mobile phones, tablets).
 The dispute resolution body is responsible for the out-of-court resolution of disputes between the consumer and the business regarding the quality, safety, product liability regulations, service quality, and the conclusion and performance of the contract between the parties (hereinafter: consumer dispute): attempting to reach an agreement for this purpose, and if unsuccessful, making a decision in the matter to ensure the simple, fast, efficient, and cost-effective enforcement of consumer rights. The dispute resolution body provides advice at the request of the consumer or the business regarding the rights of the consumer and the obligations of the consumer. The condition for starting the procedure of the dispute resolution body is that the consumer attempts to resolve the dispute directly with the business concerned. The procedure of the dispute resolution body is initiated upon the request of the consumer, and the request must be submitted in writing to the president of the dispute resolution body. The competent dispute resolution body based on the Trader's registered office:
 Budapest Conciliation Body, 1016 Budapest, Krisztina krt. 99.
 Mailing address: 1253 Budapest, Pf.: 10. Email address: bekelteto.testulet@bkik.hu Fax: 06 (1) 488 21 86
 Phone: 06 (1) 488 21 31
 Users who wish to file a complaint about the product they purchased may also submit their complaints through the following online platform of the European Commission:
 https://webgate.ec.europa.eu/odr/main/?event=main.home.show

1. Appendix
    Sample Withdrawal/Cancellation Notice

Withdrawal/Cancellation Right
 You are entitled to withdraw from this contract without providing any reason within 14 calendar days. Similarly, if the contract is for the provision of services and the performance of the contract has started, you are entitled to cancel the contract without providing any reason within 14 days.
 The withdrawal/cancellation period expires 14 calendar days after the day on which you or a third party designated by you, who is not the carrier, takes possession of the product.
 If you wish to exercise your withdrawal/cancellation right, you must send an unambiguous statement of your intention to withdraw/cancel (for example, by post, fax, or electronically) to the following address:
 Trader's name: HEDIT.HU Ltd.
 Registered office: Hungary, 1201 Budapest, Magyarok Nagyasszonya tér 20.
 Email address: hedit@hedit.eu
 For this purpose, you may also use the attached withdrawal/cancellation form template.
 You can also exercise your withdrawal right via this page:https://www.hedit.eu/Product-exchange-return
 You will have exercised your withdrawal/cancellation right in time if you send your withdrawal/cancellation statement before the above-mentioned deadline expires.

Consequences of Withdrawal/Cancellation
 If you withdraw from this contract, we will refund all payments received from you, including the cost of delivery (except for the additional costs arising from your choice of a delivery method other than the least expensive standard delivery method offered by us), without undue delay, and no later than 14 days from the receipt of your withdrawal statement. We will use the same payment method for the refund as the one you used for the original transaction, unless you expressly agree to a different payment method; you will not incur any additional costs as a result of this refund method.
 We may withhold the refund until we have received the product or you have provided evidence that you have returned it; the earlier of the two events will be considered.
 You are required to return the product to us without undue delay, but no later than 14 days from the submission of your withdrawal statement. The deadline will be considered met if you send the product before the 14-day period expires.
 You will bear the direct cost of returning the product.

 

1. Appendix to Government Decree 45/2014 (II. 26.)

Sample Withdrawal/Cancellation Statement
 (Only to be completed and returned if you intend to withdraw/cancel the contract)

Recipient:

I/we, the undersigned, hereby declare that I/we am/are exercising my/our right to withdraw/cancel the contract concerning the following service:

Date of contract conclusion / Date of receipt:

Name of the consumer(s):
 Address of the consumer(s):
 Signature of the consumer(s): (only if the statement is made on paper)

Date:

 

Privacy Notice
 Effective from March 07, 2025

This privacy notice (hereinafter: "Notice") is in accordance with the European Parliament and Council Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: "GDPR") and Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: "Infotv.") and outlines the circumstances under which HEDIT.HU Korlátolt Felelősségű Társaság (headquarters: 1201 Budapest, Magyarok Nagyasszonya tér 20.; email: hedit@hedit.eu; phone: +3670 667 9378; company registration number: 01-09-373819; tax number: 28786481-2-43; hereinafter: "Trader" or "Data Controller") processes personal data in connection with the operation of its online store (hereinafter: “Web Store") on the website HEDIT.HU (hereinafter: "Website").

The purpose of this Notice is to properly inform both visitors browsing the Website and users (hereinafter: "Users") of the commercial services provided by the Trader through the Website/Web Store about how their personal data is handled, including the conditions under which personal data will be processed by the Trader, the mode, purpose, legal basis, duration, and scope of the processed data, any data transfers, the identity of persons authorized to process or handle the data, and the rights and legal remedies available to the data subject.

If any User feels that they have further questions or concerns beyond what is outlined in this Notice regarding the personal data processing processes that take place via the Website, or if they have any remarks or objections, they may contact the Trader at hedit@hedit.eu.

Users, after reading and understanding the Notice, will decide whether to provide their personal data for the use of the Website and/or Web Store. Providing personal data is voluntary, but we draw Users' attention to the fact that the commercial services of the Web Store cannot be used without providing personal data. These cases will be indicated on the relevant forms for using the specific commercial service.

The proper use of the Website and the access to the individual commercial services is contingent upon the User's acceptance of the terms outlined in this Notice regarding the processing of personal data. When visiting the Website or using the Web Store services, the User is required to read and accept the provisions of this Notice. If the User does not agree with any data processing operation outlined in this Notice, please refrain from using the Website or the specific Web Store service in question.

 

1. The Data Controller and Contact Information of the Data Controller
   Regarding the personal data processing carried out through the Website, the Data Controller is the Trader, whose key details are as follows:

Name: HEDIT.HU Korlátolt Felelősségű Társaság
 Headquarters: Hungary, 1201 Budapest, Magyarok Nagyasszonya tér 20.
 Electronic contact address: hedit@hedit.eu
 Phone contact: +3670 667 9378
 Company registration number: 01-09-373819
 Tax number: 28786481-2-43

Additionally, the essential information of the joint data controller is as follows:

Name: Utánvét Ellenőr Ltd.
 Headquarters: Hungary, 8640 Fonyód, Szigligeti utca 10.
 Electronic contact address: hello@utanvet-ellenor.hu
 Phone contact: +3620 923 8883
 Company registration number: 14-09-320385
 Tax number: 32393640-2-14

Detailed information about the joint data processing and the services provided by Utánvét Ellenőr Ltd. can be found in Appendix 1.

In all cases of data processing where the Trader, as the data controller, is involved, along with other third parties participating in the personal data processing—whether as joint controllers, separate controllers, or data processors—the Trader will include the relevant information in this Notice.
 This Notice also applies when the User contacts the Data Controller or when the Data Controller contacts the User in relation to the commercial services provided through the Web Store.

In some cases, the Website may contain links to third-party websites or services, which are governed by the privacy policies defined by the third party (e.g., a partner company offering courier services acts as an independent data controller regarding the delivery service, or a financial service provider offering a selected electronic payment method). In such cases, we ask that you carefully read both the relevant terms and conditions and the corresponding privacy notice before ordering these services or providing your personal data to the third party. Please note that since the Trader does not control these terms, operations, and content, the Trader does not accept any responsibility for them.

 

1. Definitions for the Interpretation of this Notice

Personal Data: Any information that can directly or indirectly identify a natural person. Specifically, during the use of the Website, such data includes full name, address, billing information, phone number, email address, IP address, device identifier, and the personal interests of the individual as reflected by their searches on the Website.

Data Subject: The natural person whose personal data is the subject of a particular data processing activity. The Trader provides its commercial services through the Website and Web Store primarily to natural persons over 18 years of age. As such, the data processing procedures have been designed accordingly. Since consent from the legal representative is required for individuals under the age of 14 and, in some cases, for minors over the age of 14, the Trader will obtain the legal representative's consent when processing data for these individuals. An exception is made for minors over 14 who, with the consent of their legal representatives, possess their own bank card and are thus authorized to make online purchases for ordinary, everyday needs.

Data Controller: The person who determines the purposes and means of personal data processing. For personal data processing carried out through the Website, the Trader is the Data Controller, but in certain processes where specified, other Data Controllers may also perform data processing activities. The Trader is considered the Data Controller for all information and data provided to the Trader by the Users during their visits to the Website, use of the Website, and the commercial services offered through the Web Store.

Data Processor: A natural or legal person, or any other body that processes personal data on behalf of the Data Controller and carries out data processing operations related to the personal data. The Trader employs several Data Processors in its data processing activities, and the identity of the Data Processors is indicated for each specific data processing process or reference is made to the categories of the Data Processors.

Data Processing: Any operation or set of operations performed on personal data, whether by automated means or not, such as collection, storage, recording, communication, transmission, or use. Any process during which personal data is provided to or gathered by the Trader through the Website is considered data processing.

Legal Basis for Data Processing: The Trader processes personal data primarily for the purpose of contract formation or performance and legal obligations. Where the collection of personal data is explicitly indicated, the Trader processes personal data based on the data subject's consent. The Trader provides information on the legal basis for data processing for each specific data processing operation.

Consent: Permission granted by the data subject to the Data Controller for the processing of their personal data for specific purposes.

Purpose of Data Processing: The specific purpose for which personal data is processed, such as the creation or performance of a contract between the Trader and the User.

Scope of Processed Data: The specific personal data processed by the Trader is provided for each data processing operation.

Duration of Data Processing: The period during which the Trader is authorized to process personal data, as specified for each data processing operation.

Non-identifiable Data: Data collected about the Website’s Users that does not allow identification of a natural person, either directly or indirectly.

Services: All services available to the Users through the Website. This Notice applies to data processing activities related to the browsing of products available for purchase on the Web Store, the purchasing process, order fulfilment, product delivery, billing for purchases, subscription to electronic direct marketing communications (newsletters), providing opportunities for contact, and personal data processing in market research or participation in sweepstakes related to the products and services provided through the Web Store.

 

1. Personal Data Collected by the Data Controller and Data Processing Activities

3.1 Personal Data Collected by the Data Controller and Data Processing Activities

Below is an overview of the personal data the Data Controller collects from Users, as well as in certain cases, what personal data may be received from other sources regarding the User:

Data Processing Name	Personal Data Subject to Processing
Ordering Products, Using the Webstore’s Commercial Services	- Email address, phone number, billing name, billing address, as well as additional information provided in the Remarks section.
	- If the shipping details differ from the billing details: shipping name and shipping address.
	- Information about online browsing behaviour, services used, transaction data.
	- Information about the device used for accessing the webstore, such as IP address, device identifier, access date and time, mobile device identifier.
Utilization of Delivery Services	- Shipping name, shipping address and time, phone number, email address, and all other information provided to the shipping company in advance.
Utilization of Electronic Direct Marketing Services (Newsletter), System Messages	- Identification and contact details needed for direct outreach (name, email address, IP address, device identifier).
Participation in Promotions, Sweepstakes	- Identification data needed for conducting the promotion, and personal data used for prize delivery and contact (name, shipping address, email address, phone number).
Contacting and Communication	- Personal data provided by the user during any contact, including via email, postal mail, or social media platforms (Facebook, Instagram), as well as identification data.
	- When using a form on the website, user’s name, email address, phone number, custom clothing size requests, message content.
Placing Custom Orders	- User’s name, email address, phone number, custom clothing size requests, message content, shipping and billing address when using a form on the website.
Personal Data Received from Other Sources	- Data necessary for determining the completion of a payment transaction and accounting purposes related to payment transactions.
	- Data related to the completion of package deliveries.
In collaboration with Utánvét Ellenőr Ltd., for the successful delivery of the maximum number of packages purchased in the webstore, HEDIT.HU Ltd. may receive notification from Utánvét Ellenőr Ltd. if the User has not accepted multiple (at least two) previous COD (Cash on Delivery) purchases. This information helps determine which payment methods should be available for the User during future webstore purchases.	- User's email address, anonymized (hashed) format.

 

3.2. Purchasing Products in the Web Store, Payment of the Purchase Price

3.2.1. Ordering Products
Creating a user account (registration) is not required for making a purchase in the Web Store. However, the following personal information must be provided for the purchase: email address, phone number, billing name and address, shipping name and address.

The purpose of data processing is to fulfil the contract regarding the ordered product, to exercise the rights arising from it, including billing the purchase price, collecting the payment, facilitating the payment process, enforcing claims related to the purchase, fulfilling accounting obligations, and delivering the product.

The legal basis for the data processing is the performance of the contract between the Merchant and the User regarding the product, exercising rights and fulfilling obligations arising from it.

The duration of data processing is until the fulfilment of the User's order, except in cases where the law or the User's separate consent (e.g., newsletter subscription) requires the retention of data beyond the completion of the order.

3.2.2. Payment of the Purchase Price and Invoicing
For payment of the product's purchase price, the Merchant transfers the following User data to the payment service provider (which is an independent data controller, as specified in section 5.7), in accordance with the European Parliament and Council Directive (EU) 2015/2366 (Payment Services Directive - PSD2) and Act LXXXV of 2009 on payment services: name, phone number, email address, transaction amount, IP address, transaction date and time, shipping address, and billing address.

The scope of data transferred to the payment service provider is determined by the card company rules based on the EMV (Europay-MasterCard-Visa) standard, which aims to ensure more secure customer authentication.

For fulfilling the Merchant's invoicing obligation in the event of payment, the User provides the necessary personal information, including their name and billing address, for the creation of the invoice.

The legal basis for this data transfer is the performance of the contract between the Merchant and the User regarding the ordered product, enabling the fulfilment of obligations arising from the contract, ensuring payment via the online payment service, facilitating the Merchant's involvement in the payment process as part of the commercial service, and enforcing any related claims.

The duration of data processing is until the completion of the online payment transaction.

SimplePay Service
In the provision of the payment service, OTP Mobil Ltd. participates as a data processor under the service contract with the Merchant. However, when handling the card data of Users using the payment service, OTP Bank Nyrt. (head office: 1051 Budapest, Nádor u. 16.; its privacy policy can be found here) and B-Payment Zrt., part of the Borgun hf. group (head office: 1132 Budapest, Váci út 4.; Borgun Privacy Policy can be found here) act as independent data controllers, not as data processors engaged by the Merchant. They are responsible for data processing according to their own data protection regulations. OTP Mobil Ltd.'s data processing related to SimplePay service is governed by the SimplePay Service User Terms and Conditions, which can be found here.

The purpose of data transfer is to ensure that the payment service provider can carry out the payment transactions according to the legal requirements. The data is provided to the payment service provider solely for validation purposes at the card-issuing bank's site. The payment service provider only intermediates the necessary data and does not use or store it in any way.
OTP Mobil Ltd. does not handle the card data; the data is processed by OTP Bank Nyrt. and Borgun hf., which provide the payment card acceptance infrastructure behind the SimplePay service. The card data is entered directly into the OTP Bank Nyrt. or Borgun hf. systems. OTP Mobil Ltd. acts as a data processor on behalf of these financial institutions based on a contract and processes the data according to their instructions. The Merchant does not have access to the User’s card data.

Bank Transfer
In the case of advance bank transfer, the Merchant’s bank, OTP Nyrt., acts as an independent data controller concerning the User’s banking data. The Merchant uses the User's bank data solely to identify the transaction related to the given order and does not store it separately.

Stripe Service
The Merchant also uses Stripe Payments Europe, Limited (head office: The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland) as a third-party payment service provider. Stripe provides the payment service as an independent data controller based on its privacy policy, which can be found at Stripe Privacy Policy. The Merchant does not have access to the User’s card data, which is handled solely by Stripe Payments Europe, Limited.
The purpose of data transfer is to facilitate online purchases and ensure secure financial processing, track transactions, and ensure payment security via the Stripe card acceptance network.
Transferred data includes: last name, first name, shipping address, billing address, phone number, email address, and transaction-related payment information.

Invoicing
The legal basis for processing the data necessary for invoicing is the Merchant's legal obligation to comply with the Hungarian Accounting Act (2000, C. Act), specifically Section 169(2) of the Accounting Act.
Data processing duration is tied to the duration of the contract, with the Merchant obligated to retain accounting documents and invoices for 8 years following the invoice issuance to comply with accounting obligations.
Providing billing data is a condition for the creation of the contract, as required by the Merchant's obligations under the Hungarian Accounting Act.

3.2.3. Product Home Delivery
The delivery of ordered products is carried out by the Merchant in cooperation with a contracted shipping partner (except for Magyar Posta, which is not a contracted partner). The Merchant shares the necessary personal data for the fulfilment of the delivery with the shipping partner, including:

• Delivery name
• Delivery address
• Any message provided by the User for the courier
• In case of courier delivery, the User’s phone number (mobile phone number) and email address.

Purpose of Data Processing
The purpose of data processing is to fulfil the delivery of the ordered products, which is part of the commercial service provided by the Merchant.

Legal Basis for Data Processing
The legal basis for data processing is the fulfilment of the contract between the Merchant and the User regarding the purchase of the product and the associated delivery service. To ensure the fulfilment of the delivery service by the shipping partner, the Merchant provides the necessary data to the shipping partner, and the shipping fee is invoiced.

Legal Basis for Invoicing the Delivery Service Fee
The legal basis for processing data related to invoicing the delivery service fee is the Merchant's legal obligation, as prescribed by Section 169(2) of the Hungarian Accounting Act (2000, C. Act).

Data Retention Duration
The data processing duration is linked to the duration of the contract, with the Merchant required to retain accounting documents and invoices for 8 years after the invoice is issued to comply with the legal obligations under the Hungarian Accounting Act (2000, C. Act).

Shipping Partners
The shipping service is provided by the following companies:

• GLS (General Logistics Systems Hungary Ltd.)
  Head office: 2351 Alsónémedi, GLS Európa utca 2.
  The service provider's privacy policy can be found [here].
• Magyar Posta
  Head office: 1138 Budapest, Dunavirág utca 2-6.
  The terms and conditions of the courier service can be found [here].

The shipping partner processes the personal data of the User necessary for the fulfilment of the delivery service of the ordered products. The data processing is governed by the shipping partner’s own privacy policy, which will be made available to the User before the order of the shipping service.

Data Retention Duration for Shipping Services
The data will be processed until the delivery is completed.

 

3.3. Continuation of Surveys Among Users
The Merchant periodically initiates surveys among Users on the Website by announcing the survey on the Website, in which Users can participate voluntarily and, upon giving their explicit consent to the data processing principles set forth in the survey, or anonymously. The aim of the surveys is to measure the compliance of the Products and related commercial services, and to determine steps for improving the effectiveness of the commercial services provided through the Web Store. When announcing the surveys, the Merchant publishes a specific privacy notice, and for matters not specified there, the provisions of this Notice apply.
The Merchant may invite Users who have subscribed to the newsletter to participate in a survey regarding the Merchant’s Products, services, and their assessment. The purpose of such data processing is to improve and measure the operation of the Merchant’s Products and services, as well as to measure User satisfaction. The duration of the data processing is 2 weeks after the User has responded.

3.4. Marketing Purpose Data Processing
3.4.1. Newsletter
The Merchant, in order to promote the Products offered through the Web Store and its own brand, sends direct marketing (commercial purposes) electronic advertisements, as well as information and content deemed interesting for Users, to Users who have given their prior, explicit, and voluntary consent via email.
The legal basis for data processing is the voluntary, prior, explicit consent of the data subject. The consent can be revoked at any time, free of charge, without limitation or justification via the customer service contacts (see point 3.5). The duration of the data processing is as long as the User's consent is not revoked ("unsubscribe"), unless the Merchant continues the newsletter service.
The User may object to the processing of their personal data for direct marketing purposes at any time via the contacts provided in point 3.5, either in writing or by email. In such case, their data cannot be processed further for this purpose. The User may also express this objection by clicking on the “Click here to unsubscribe” button in the Merchant’s emails/newsletters, which will prevent the Merchant from sending newsletters or marketing emails to the User in the future.
The Merchant draws attention to the fact that communications related to the commercial services provided through the Web Store are not part of this point, which include necessary system messages sent to the User, such as information regarding the use of the service, technical messages, or notifications regarding essential elements of the legal relationship.

3.4.2. Sweepstakes
The Merchant occasionally organizes sweepstakes for Users to promote the Products offered through the Web Store and its own brand. The Merchant provides separate information on data processing related to the sweepstakes, with the understanding that the provisions of this Notice apply to matters not specified in the specific information.

3.5. Complaint Handling and Customer Service Data Processing, Social Media Fan Pages
3.5.1. Customer Service
The Merchant accepts customer service-related inquiries and questions about the Products and services provided through the Web Store through the following contact details. In certain cases, the Merchant may initiate communication with Users through the following contact points:
Email: hedit@hedit.eu
Through the message system on the Web Store’s contact page, where the name and email address are mandatory (and the phone number is optional): http://www.hedit.eu/shop_contact.php
Requests to exercise the rights listed in point 6 are accepted by the Merchant via email at hedit@hedit.eu.

3.5.2. Consumer Complaints
The Merchant processes the details of complaints and inquiries from Users in accordance with the provisions of the Consumer Protection Act (1997. CLV. Act) for persons qualifying as consumers, based on the legal obligations of the Merchant. For other Users, the processing is based on the performance of the contract, and in certain cases on the legitimate interest of the Merchant. The data processed includes:

1. a) Name, address, and any other information provided at the time of the complaint or inquiry.
2. b) Place, time, and method of submitting the complaint or inquiry.
3. c) A detailed description of the complaint or inquiry.
4. d) Any other evidence presented by the User, with a list of these.
5. e) The response letter sent to the User.
6. f) The User's phone number.
   The Merchant records the inquiries and responses to investigate, address, and respond to the complaints, ensuring compliance with the Merchant's legal obligations and documenting the facts necessary to protect the legitimate interests of the Merchant or third parties.
   Complaint records and data created during the complaint process are stored for 5 years in accordance with the Consumer Protection Act (Fgytv. 17/A. § (7)), and other non-consumer related inquiries are stored for 2 years after resolution.

3.5.3. Social Media Fan Pages
The Merchant operates fan pages on social media platforms (e.g., Facebook, Instagram, YouTube, etc.) to promote its brand and Web Store. Users can interact with the Merchant through these fan pages.
When Users contact the Merchant via one of the Merchant's social media fan pages, the following data is processed by the Merchant: the User’s registered name on the social media platform, profile picture, and any additional personal information shared with the Merchant through that platform, subject to the platform's own data processing rules.
The data processing goal is to promote the content, products, actions, or the Website itself via social media, including the sharing or "liking" of content.
The legal basis for this data processing is the voluntary consent of the User for the processing of their personal data on the social media platform.

3.6. Official Data Disclosure
The Merchant discloses personal data in compliance with valid and lawful requests from authorities and courts, which are related to the commercial services provided through the Web Store or to data processing carried out through the Website.
The Merchant provides the requested personal data to authorities or courts involved in criminal proceedings, in compliance with relevant legal provisions requiring such disclosure.
The legal basis for this data processing is the Merchant’s compliance with legal obligations, as well as the legitimate interests of the Merchant or a third party, ensuring the legitimacy of the data disclosure in official proceedings. The duration of this data processing is 5 years after the disclosure.

3.7. User Activity
The Merchant processes data regarding User activity on the Website and use of the commercial services provided through the Web Store to improve the services and measure their success. The Merchant uses cookies and similar technologies to collect data about the User’s browsing behaviour and interaction with the services provided. A cookie is a small file placed on the User’s device that allows the Merchant to interact with the technical processes of the Website.
The legal basis for this data processing is the Merchant's legitimate interest in recording User cookie settings and processing User personal data accordingly, as well as ensuring the basic functioning of the Website and Web Store.
The duration of data processing for these activities is described in point 3.8 of this Notice.

3.8. Cookie Policy
Cookies collect data when the User visits the Website. In some cases, these data files may be considered personal data according to applicable privacy laws. Cookies are necessary for the proper functioning of the Website and Web Store, and to optimize the user experience. They provide the Merchant with information about the User's browser settings and the device used.
Automatically collected data is logged by the system during the User's visit to the Website, and can only be accessed by the Merchant and data processors managing the cookies. Such data is typically not used to identify the User and is only associated with other identifiable data if necessary for the performance of the contract with the User or to ensure the secure operation of the Website and Web Store.
The following information is collected and processed during the use of the Website or Web Store:
Device Information
When the User browses the Website, the Merchant gathers information about the device being used, such as model, operating system, and device ID. The Merchant also receives information about the internet connection, mobile carrier, language settings, time zone, and IP address.
Activity (Behavioural) Data
The Merchant tracks and records the User’s activities on the Website, such as which content is viewed, which links are clicked, and which areas are browsed.
Location Data
When the User uses the commercial services via the Web Store, the Merchant collects information about the User's geographical location, estimated via their IP address.
User Rights Regarding Cookies
The User may refuse cookies on a case-by-case basis or fully disable them via browser settings. However, if all cookies are blocked, the User may have limited access to certain services on the Website.
Cookie settings can be adjusted via the browser, or further information on how to enable or disable cookies can be found via the links below:
• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Edge
• Safari
Other rights of the Users are outlined in this Notice.

Purpose of Cookie Usage
Essential Cookies for Website and Web Store Services
These cookies are essential for delivering the commercial services of the Web Store and Website to Users. The cookies are necessary for the basic functioning of the Website. Without these cookies, certain Website functionalities may not be available.

Purpose of Data Processing	Data Processing Activity	Scope of Processed Data
Ensuring the proper functioning of the Website and Web Store, identifying Users, identifying the current session of Users, storing data provided during the session, preventing data loss. The Merchant processes data on the type of devices used by Users to adjust the pages displayed to the respective device. The Merchant also processes User data to prevent or detect potential abuses related to the services.	When the User uses the Website or the Web Store services, the Merchant records personal data in the browser.	·         Activity on the Website ·         Location data ·         Device identifier ·         Personal data provided by non-registered users ·         IP address

 

Legal Basis for Data Processing: The Merchant has a legitimate interest in identifying the Users. Preventing and detecting fraud is an essential element for the reliable provision of commercial services via the Web Store by the Merchant and its contractual partners.

Duration of Data Processing: As specified in the table at the end of this Cookie Policy.

Handling of Statistical Cookies: With the help of Google Analytics cookies, the Merchant collects data for analysis and measurement purposes in order to understand how Users utilize the commercial services, what pages Users view on the Website, how many view each page and for how long, the Users' age groups, their internet behaviour, which pages they come from, which advertisements they interact with, as well as gathering conversion data necessary for optimal display on various devices. When a User visits a website that uses Google Analytics cookies, the actions taken on that website can be linked with the actions on other websites that also use Google Analytics or other Google solutions, as well as third-party cookies, including to optimize product offerings, better customize advertisements, and analyse website traffic. Google Analytics also collects internet protocol (IP) addresses for security purposes, as well as to help the Merchant understand from which city or country the Website is being accessed. Under the contract between the Merchant and Google LLC, Google acts as a data processor and handles the data based on the Merchant's instructions.

Purpose of Data Processing		Data Processing Activity	Scope of Processed Data
With the help of Google Analytics cookies, the Merchant collects data for analysis and measurement purposes in order to understand how Users utilize the commercial services, which pages Users view on the Website, how many view each page and for how long, the Users' age groups, their internet behaviour, which pages they come from, which advertisements they interact with, as well as gathering conversion data necessary for optimal display on various devices.	When the User uses the Website or accesses the Web Store services, the Merchant records personal data in the browser.		• Activity on the Website • Location data • Device identifier • Personal data provided by non-registered users • IP address • Demographic data • Interests • Geographical location • Behaviour

Legal Basis for Data Processing: The User's consent.
Duration of Data Processing: As per the table at the end of this Cookie Policy.

Cookies for Marketing and Advertisement Personalization

Google Ads Cookie: When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as the NID and SID cookies, to customize ads shown in Google products, such as Google Search. These cookies are used, for example, to remember your recent searches, previous interactions with ads or search results, and visits to advertisers' websites. The AdWords conversion tracking feature uses cookies to track sales and other conversions resulting from advertisements. Cookies are stored on the user's computer when they click on an ad. Common uses of cookies include selecting ads based on what is relevant to the user, optimizing reports on campaign performance, and preventing the display of ads the user has already seen.

Remarketing Cookies: Remarketing cookies allow previous visitors or users to see ads while browsing other websites in the Google Display Network or when searching for phrases related to products or services.

Facebook Pixel (Facebook Cookie): The Facebook pixel is a code that helps generate conversion reports, create audiences, and provide detailed analysis on visitor interactions with the website. Through the Facebook pixel, personalized offers and ads can be shown to website visitors on the Facebook platform. You can read Facebook's data processing policy here: https://www.facebook.com/privacy/explanation

You can find more information about deleting cookies at the following links: • Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Legal Basis for Data Processing: The User's consent.
Duration of Data Processing: As per the table at the end of this Cookie Policy.

Third-Party Cookies
The Merchant does not use third-party cookies on the Website for serving targeted ads.

Summary of Cookies Used on the Website (Tabular Overview)

Category: Cookies necessary for basic functionality
Legal Basis for Data Processing: The Merchant's legitimate interest

Name	Expiration Time	Domain	Description
UN_never_logout_id	90 days	unas	Stay logged in
UN_never_logout_auth	90 days	unas	Stay logged in
UN_cart_...	365 days	unas	Cookie-based cart storage
UN_geoip	session	unas	GeoIP-based redirection
UN_design_popup_...	session	unas	Modifiable popup element
UN_design_page	365 days	unas	List view switch
UN_design_mobile	365 days	unas	Switch to mobile version
UN_vote_...	365 days	unas	Record voting activity
UN_explicit	session	unas	Explicit content popup
UN_cookie_allow	365 days	unas	Cookie acceptance status
UN_cookie_close	365 days	unas	Cookie acceptance status
UN_admin_view	session	unas	Admin view in "closed" state
UnasID UnasServiceProxyID	session	unas	Process identifier

 

Category: Marketing Cookies
Legal basis for data processing: User's consent

Name	Expiration Time	Domain	Description
_ga (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	This cookie is used to distinguish individual users by assigning a randomly generated number code.
_gid (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	This cookie enables the measurement and improvement of the website's performance through Google Analytics services, allowing the counting of website visits and traffic sources.
_gat (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	This cookie is used to control requests on websites with high traffic.
gac (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	A cookie related to advertisements, such as measuring interactions with ads displayed on the domain, and preventing the same ads from showing too often to the same user.

 

The data storage duration for the given cookie can be found in more detail at the following links:

• Google General Cookie Information: https://www.google.com/policies/technologies/types/
• Google Analytics Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
• Facebook Information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

 

1. Calls to Users

4.1. Under 18s
The Merchant generally provides the commercial services of the Web Store to natural persons with full legal capacity who are over 18 years of age and to non-natural persons. If any data processing activity of the Company involves the personal data of minors under 18, the Company will obtain the prior and voluntary consent of the minor's legal representative for data processing. An exception applies to natural persons who are over the age of 14 and have their legal representative's consent to own a bank card and are thus entitled to use online purchasing services, provided the services do not exceed the usual needs of everyday life.

4.2. Persons Providing Data of Others
The use of the commercial services offered through the Web Store is only possible by providing valid, accurate, and personal data. The User is solely responsible for any damage or claim arising from providing incorrect, false, or non-personal data during the use of the services.

4.3. Accuracy
If any changes or modifications occur in the personal data held by the Merchant during the data processing period (except for data processing activities required by law), the User is obliged to immediately notify the Merchant of the changes to ensure that the data held by the Merchant is accurate and up-to-date.

4.4. Access to Personal Data
Only those employees or contractors under the direct control of the Merchant who require access to personal data to perform their job duties may access the User's personal data. These persons handle the data in accordance with the contractual relationship with the Merchant.

4.5. Publicly Disclosed Personal Data
This Privacy Notice only applies to data processing activities related to personal data provided by the Users to the Merchant during the use of the Website. If the User voluntarily discloses any personal data, such disclosures are not covered by this Notice.

 

1. Data Transfers

The Merchant transfers Users' personal data to third parties, as described in this Privacy Notice, to provide, use, and ensure the fulfilment of the commercial services offered by the Web Store. Furthermore, the Merchant, with the User's notification, shares personal data with data processors based on an agreement. In certain cases, partners act as data processors on the Merchant's behalf, processing data according to the Merchant's instructions, and no additional consent is required. In other cases, partners use the transferred personal data to make decisions about data processing in relation to their own services. These partners are data controllers, and the legal basis for data transfer to them corresponds to the legal basis for data processing by the Merchant. The Merchant enters into contracts with both data processors and data controllers in which these partners undertake to handle the transferred personal data in compliance with relevant laws and confidentiality requirements.

5.1. Server Services
The website operator is UNAS Online Ltd. (registered office: 9400 Sopron, Kőszegi út 14.), which acts as a data processor in the course of IT operations related to the Website. UNAS Online Ltd. provides server services for hosting the content of the Website as well as the User’s personal data.

5.2. Newsletter Sending and System Messages Service Provider
UNAS Online Ltd., as a data processor, cooperates with the Data Controller under a contract to send newsletters and system messages related to the use of the Web Store’s commercial services, as described in this Privacy Notice.

5.3. Invoice Issuance Data Processor
In cases where the Merchant issues an invoice for paid commercial services in accordance with applicable accounting and tax laws, the Merchant uses an invoice issuance service provider. Currently, the Merchant uses the services of THARANIS Ügyvitel Ltd. (1124 Budapest, Németvölgyi út 41-45) for invoice issuance.

5.4. Administrative Systems
For contact, quotation, customer service, complaint handling, contract preparation, and contract fulfilment, the Merchant uses the services of UNAS Online Ltd. (registered office: 9400 Sopron, Kőszegi út 14.) and THARANIS Ügyvitel Ltd. (1124 Budapest, Németvölgyi út 41-45) as data processors.

5.5. Delivery of Ordered Products
For the delivery of products, the Merchant shares the necessary data with third-party parcel delivery partners, insurance providers, and for settlement purposes. These partners' employees have access to personal data and, in certain cases, may communicate with the Users. These employees only access personal data for administrative purposes, handling changes, and completing parcel deliveries. During this process, unless specifically requested by the User, they do not modify or delete personal data.
For the delivery of products, the Merchant uses the following data controllers:

• GLS General Logistics Systems Hungary Parcel Logistics Ltd. (registered office: 2351 Alsónémedi, GLS Európa utca 2.). Data shared: name, phone number, email address, postal code, delivery address, and name, along with a message of up to 30 characters for the courier.
• Magyar Posta Zrt. (registered office: 1138 Budapest, Dunavirág utca 2-6.). Data shared: name, phone number, email address, postal code, delivery address, and name, along with a message of up to 30 characters for the courier.

5.6. Payment Systems Service Provider on the Website
In cases where the Merchant offers the payment of the prices of products through online payment services provided by third parties via credit card, the relevant data processing follows the terms set forth in the data processing notices of these service providers.
For online payments on the Website, the Merchant uses the services of OTP Mobil Ltd. (company registration number: Cg. 01-09-174466; registered office: 1143 Budapest, Hungária krt. 17-19.) SimplePay application and Stripe Payments Europe, Limited (registered office: The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland). For more information, refer to section 3.2.2 of this Privacy Notice.

5.7. Data Transfers to Third Countries
The Merchant does not transfer personal data to third countries.

5.8. Data Transfer Records, Changes to Data Processor Contractual Partners
The Merchant keeps a record of personal data transfers, which includes the date of transfer, the legal basis for the transfer, the recipient, and the scope of personal data transferred. The Merchant is required to retain the data in the transfer record for 5 years, after which the data will be destroyed.
If authorized authorities request personal data from the Merchant as required by law, the Merchant will comply with its legal obligation and provide the requested data.
The Merchant reserves the right to periodically review its data processing partnerships and, if necessary, enter into new agreements with service providers who conduct data processing activities. The Merchant will update the Privacy Notice to reflect these changes and will provide the User with information about the current data processors upon request.

 

1. Rights of Data Subjects Regarding Data Processing
   The Merchant provides the mandatory information and the necessary responses based on the rights of data subjects in a concise, transparent, and easily understandable manner.

The Merchant will inform data subjects of the actions taken in response to their requests without undue delay, and in any case, within one month of receiving the request. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by an additional two months. In such cases, the Merchant will inform the data subject of the reason for the delay within one month of receiving the request.

For requests submitted electronically, the Merchant will provide information electronically, unless the data subject requests otherwise.

If the Merchant takes no action following the data subject's request, it will inform the data subject of the reasons for not taking action without undue delay, but no later than one month after receiving the request, along with information on what remedies the data subject can pursue.

6.1. Right to Information/Access
The User can request information from the Company through the contact details provided in point 1, either by letter or email, regarding whether their personal data is being processed by the Merchant.
If such processing is underway, the User has the right to request information from the Merchant regarding which personal data is being processed, on what legal basis, for what purpose, from which source, and for how long, as well as to whom, when, on what legal basis, and which personal data has been made accessible or transferred to, including, in particular, recipients in third countries or international organizations.
The User has the right to access their personal data by requesting that the Merchant send the relevant personal data in writing or by email.

6.2. Right to Rectification
The User can request, via the contact details provided in point 1, by letter or email, that the Company promptly correct any inaccurate personal data, or request the completion of incomplete personal data.

6.3. Right to Erasure/Right to be Forgotten
The User can request the Merchant, via the contact details provided in point 1, to erase their personal data without undue delay if any of the following grounds apply:
a) the personal data is no longer necessary for the purposes for which it was processed by the Merchant;
b) the User withdraws their consent, which forms the basis for the data processing, and there is no other legal basis for the processing;
c) the User objects to the data processing, and there are no other legitimate grounds for the processing;
d) the personal data has been unlawfully processed by the Merchant;
e) the personal data must be erased to comply with a legal obligation to which the Merchant is subject;
f) the personal data was collected in relation to the offering of information society services to children.

If the Merchant transfers the User's personal data to third-party recipients as described in this Notice, it will inform those further recipients/data processors (e.g., all data processors, etc.) about the User's request for erasure of their personal data.

6.4. Right to Restriction of Processing
The User can request the Merchant, via the contact details provided in point 1, in writing or by email, to restrict the processing of their personal data if any of the following conditions apply:
a) the User disputes the accuracy of the personal data, in which case the restriction will apply for a period that allows the Merchant to verify the accuracy of the personal data;
b) the processing is unlawful, and the User opposes the erasure of the data and instead requests the restriction of its use;
c) the Merchant no longer needs the personal data for processing purposes, but the User requires it for the establishment, exercise, or defence of legal claims; or
d) the User has objected to the processing of personal data; in this case, the restriction will apply until it is determined whether the Merchant’s legitimate grounds override the User's interests, rights, and freedoms.

In the case of restriction of processing, the personal data can only be processed with the User’s consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest.
The restriction will last as long as the User’s indicated reason for storage requires the data to be kept.

6.5. Right to Data Portability
The User can request the Merchant, via the contact details provided in point 1, in writing or by email, to receive the personal data provided to the Merchant by the User in a structured, commonly used, and machine-readable format, and the User is also entitled to transmit those data to another company without hindrance from the company to which the personal data was provided, where the processing is based on the User's consent or a contract and is carried out in an automated manner.

In exercising the right to data portability, the User is entitled to request, where technically feasible, that their personal data be transmitted directly from one company to another.

6.6. Right to Object
The User can object at any time, via the contact details provided in point 1, in writing or by email, to the processing of their personal data based on the legitimate interests of the Merchant or a third party. In this case, the Merchant must stop processing the personal data, unless the Merchant demonstrates compelling legitimate grounds for the processing that override the User's interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defence of legal claims.

6.7. Automated Decision-Making in Individual Cases, Including Profiling
The Merchant does not apply decision-making based solely on automated data processing as defined in Article 22 of the GDPR.

If in the future, the Merchant introduces decision-making based on such processing, the User will be adequately informed in advance by email about the applied logic, methods, and the essence of the process. The User will also be given the opportunity to request human intervention, express their point of view, or contest the decision.

6.8. Legal Remedies for Data Processing
If the User experiences unlawful data processing, it is advisable to first send a complaint in writing to the Merchant, using the contact details provided in point 1, as this allows the Merchant the opportunity to restore the lawful status of the data processing.

The User can initiate an investigation by submitting a complaint to the supervisory authority, citing that their personal data has been processed unlawfully or that there is a direct risk of such unlawful processing.

The name and contact details of the supervisory authority are as follows:
National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa Street 9-11. Postal address: 1374 Budapest, P.O. Box 603.
Email: ugyfelszolgalat@naih.hu Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: www.naih.hu

In the case of unlawful data processing experienced by the User, they may initiate a civil lawsuit before the courts. The case will be examined by the regional court. The lawsuit – at the User's choice – may also be filed before the court in the User's place of residence. The list and contact details of the courts can be found at the following link:
http://birosag.hu/torvenyszekek.

1. Data Security Measures
   The Merchant ensures the security of the User's data by applying technical and organizational measures appropriate to the level of risk, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage of the data, including ensuring the confidentiality, integrity, availability, and resilience of the IT systems and tools used to process personal data.

The Merchant is obliged to protect the data with appropriate measures, especially against unauthorized or unlawful access, alteration, transmission, disclosure, loss, deletion, or destruction, as well as against accidental destruction, alteration, and damage, and against the unavailability arising from changes in the technology used. The Merchant’s contracted partners and data processors process the data using the best industry practices, in compliance with the GDPR, applicable Hungarian laws, relevant contracts, and any other privacy or data security regulations.

 

1. Review and Modification of the Notice
   The circumstances surrounding data processing may change from time to time, or the Merchant may decide to supplement its ongoing data processing with a new purpose. Therefore, the Merchant reserves the right to modify this Notice at any time. The Merchant will notify the User of any modifications to this Notice by email to the email address provided by the User and will also provide notice of the changes on the Website.

 

Appendix 1

General Information on Joint Data Processing
The purpose of this notice is to inform you about the processing of personal data during the use of the Cash on Delivery Checker service.
The Joint Data Controllers have jointly prepared the provisions of their notices for informing data subjects and have defined the distribution of responsibilities for fulfilling the obligations under the GDPR in the agreement between them.

Ensuring Data Subject Rights
The Joint Data Controllers have designated HEDIT.HU Ltd. as the contact person (hereinafter: "data controller contact," "Webstore") in the Joint Data Controller Agreement for handling requests related to data protection, such as data protection-related requests and complaints.
Data subjects may contact any of the Data Controllers regarding activities related to joint data processing. If the request specifically concerns the data processing of one Data Controller, that Data Controller will handle the request in relation to the specific case.

Use of the Cash on Delivery Checker Service by Data Controllers
Description of Data Processing: The Webstore sends the pseudonymized email address (hashed with SHA256), phone number, and shipping address of the Data Subject, as well as the information regarding the success of the product delivery (whether the order was accepted or not), to the Cash on Delivery Checker service, where the Provider stores the data and makes it available to other webstores that use the service for manual or automated queries.
Scope of Processed Data: The email address, phone number, shipping address of the Data Subject, the number of purchases made by the Data Subject at the Webstore, the number of successfully delivered packages, and the number of attempted but unsuccessful deliveries.
Purpose of Data Processing: To prevent or minimize the potential damages caused by the Data Subject’s breach of contract, by automatically offering payment options based on the Data Subject’s actual receipt of previous orders (whether they accepted the order, rejected delivery, or the order was not placed by the Data Subject, etc.) using the encrypted data available in the Cash on Delivery Checker.
Legal Basis for Data Processing: According to Article 6(1)(f) of the Regulation, the Data Controllers' legitimate interest in reducing damages caused by the customer's breach of contract.
Duration of Data Processing: The Data Controllers will process this data for 8 years from the date of data collection.

Storage of Data and Data Security Measures
The Data Controllers will implement appropriate technical and organizational measures to ensure and demonstrate that personal data processing complies with the GDPR, considering the nature, scope, circumstances, and objectives of the processing, as well as the risks to the rights and freedoms of natural persons, as outlined in Article 24 of the GDPR.
The Webstore, as a Data Controller, will present its data security measures in this notice. The data security measures of the Cash on Delivery Checker service can be found in the Data Processing Notice of the Cash on Delivery Checker under the "Data Security" section.

How Does the Cash on Delivery Checker Work?
The Cash on Delivery Checker:
• Stores the submitted user habits (order outcomes), pseudonymized email addresses (hashed SHA256 email addresses), phone numbers, and shipping addresses,
• Combines these with the data received from other webstores in response to manual or automated queries and provides this data in return.
The contact details of the Cash on Delivery Checker Ltd. are:
Headquarters: 8640 Fonyód, Szigligeti Street 10
Tax Number: 32393640-2-14
Company Registration Number: 14-09-320385
Email: hello@utanvet-ellenor.hu

Result of the Balancing Test
The Data Controller has conducted a balancing test due to the legitimate interest as the legal basis for processing, and it has been assessed that the Data Controller’s legitimate interest proportionally limits the rights of the data subjects. The processing of personal data is essential for safeguarding the Webstore's assets as a legitimate interest, and it is also necessary to ensure the data subject's related rights. Currently, there is no alternative method of processing personal data with fewer personal data or using another approach available.
The Data Controller, as the Merchant, uses the personal data already processed to reduce damages caused by the Data Subject's breach of contract when the Cash on Delivery Checker service is used. Therefore, as the Webstore's customer, the Data Subject can anticipate the use of the Cash on Delivery Checker service in relation to them based on these notices. The use of the Cash on Delivery Checker service by the Webstore does not involve processing any additional data beyond what the Data Subject has already provided to the Webstore during the order process.
The Data Controllers' legitimate interest in using the Cash on Delivery Checker service is legally and socially recognized and is also an essential economic interest. The processing of personal data is purpose-bound, and the Data Controllers handle personal data with regard to the principle of data minimization. The Webstore has no access to any additional data (e.g., the Data Subject’s name, types of ordered goods, etc.) via the Cash on Delivery Checker.
Data processing is carried out in accordance with applicable laws. The Data Controller does not collect any sensitive data under any circumstances during the data processing.
The Data Controllers provide all necessary and expected support for the exercise of the Data Subject's rights.
In summary, the Data Controllers conduct data processing lawfully, fairly, and transparently.

 

Excerpt of the LEGITIMATE INTEREST ASSESSMENT under Article 6(1)(f) of the General Data Protection Regulation (GDPR) regarding the data processing of the Cash on Delivery Checker technology solution developed by Utánvét Ellenőr Ltd.

Introduction
The "Utánvét Ellenőr Ltd." (headquarters: 8640 Fonyód, Szigligeti Street 10, company registration number: 14-09-320385, tax number: 32393640-2-14, hereinafter referred to as the "Operator") operates the Cash on Delivery Checker technology solution with the intention to help customers of legally operating web stores strengthen their obligations regarding cash-on-delivery package acceptance. This legitimate interest assessment is based on the joint data processing between Utánvét Ellenőr Ltd. and the Web Store using the service, and the Parties document the application of the legitimate interest legal basis in writing, in accordance with Article 5(2) of the GDPR, to ensure compliance with the accountability principle.

During the verification of the buyer's purchase history and the saving of related order outcomes, the email address provided by the buyer is used as the starting point in the Cash on Delivery Checker system, with a hash generated from the email address using the SHA256 method, along with the phone number and shipping address.

Based on the above, the system sends a calculated indicator back to the Web Store from the buyer’s package receipt data, which, according to its own settings, decides whether to allow or – if the received indicator does not reach the set threshold – hide the cash-on-delivery payment method from the buyer and mark the order as one where there is a risk that the customer will not accept the dispatched package.

In the case of a cash-on-delivery purchase, the buyer will only pay the cost of the online ordered product upon receipt, generally to the courier or at the pickup point, such as a parcel locker. Depending on the agreement between the Web Store and the courier service, the "cash-on-delivery handling fee" arising from the cash-on-delivery payment may be part of the shipping costs or may be charged to the Web Store as a separate cost element, thus partially paid by the buyer upon receipt of the product.

In recent years, there has been a steady increase in the number of packages ordered by customers with cash-on-delivery that are subsequently refused or not collected: in such cases, the customer does not exercise their right of withdrawal, nor does the customer notify the Web Store of this intention but simply fails to accept the package. This results in continuous financial losses for businesses operating web stores, and the widespread use of parcel lockers further exacerbates the situation.

Indicator: A number between -1 and +1 that represents the buyer's reliability. The formula and calculation for the reputation can be found here.

Threshold: A number representing the sensitivity of the Web Store, which indicates the minimum indicator value a buyer must have for a positive assessment.

Data Controllers:

Operator:

• Data Controller Name: Utánvét Ellenőr Ltd.
• Tax Number: 32393640-2-14
• Company Registration Number: 14-09-320385
• Registered Address: 8640 Fonyód, Szigligeti utca 10.
• Email: hello@utanvet-ellenor.hu
• Website: https://utanvet-ellenor.hu

Web Store:

• Data Controller Name: HEDIT.HU Ltd.
• Tax Number: 28786481-2-43
• Company Registration Number: 01-09-373819
• Registered Address: 1201 Budapest, Magyarok Nagyasszonya tér 20.
• Email: hedit@hedit.eu
• Website: https://hedit.eu

Legal Basis for Data Processing: The data controller processes data based on the legitimate interest as per Article 6(1)(f) of the General Data Protection Regulation (GDPR), during the performance of a task prescribed by law.

Identification of the Data Controller's Legitimate Interest and Purpose of Data Processing: The data is processed by the Data Controllers based on Article 6(1)(f) of the GDPR, which stipulates that the data processing is necessary for the legitimate interests pursued by the data controller. These legitimate interests are:

• For the Operator: Operating the "Utánvét Ellenőr" service.
• For the Web Store: Preventing or minimizing potential damages caused by contractual violations by customers.

The purpose of the service is to prevent or minimize potential damages caused by contractual violations by the customers of web stores.

The legitimate interest of the Operator is composed of two elements:

• Exercising the business’s freedom and right to property.
• The economic interest in developing the "Utánvét Ellenőr" service, retaining web stores as subscribers, and eliminating additional costs caused by customers' breach of contract.

Identification of the Affected Person’s Rights and Freedoms: The identified personal rights are based on Article 2:43 (c); (d), (e) points of the Civil Code, which concern the right to respect for privacy and the right to freely choose services. In relation to these rights, the data processing limits the affected person's right to personal data protection in the sense that, as a result of the service, the option for cash on delivery (COD) payment may not be available at the Web Store using the service.

Balancing Test: Based on the impact assessment, it is concluded that there is a balance between the legitimate interest of the data controllers (economic interest in service development, retention of subscribers, and prevention of damage) and the rights and freedoms of the customers (right to privacy, personality rights, particularly the right to personal data protection). This balance is achieved as long as the data controllers fully implement and ensure the following guarantees:

• Transparency and proper notification
• Facilitation of objection and exercise of other data subject rights
• Hashing of data
• Offering alternative payment options instead of cash on delivery (COD) (not excluding customers from online purchases or banning them)

Furthermore, the personal data processing is purpose-bound, conducted with data minimization and limited storage considerations.

Data Subjects Affected: Consumers purchasing products from the Web Store. Typically, the consumer has an online shopping cart to which products intended for purchase are virtually added.

Scope of Processed Data:

Data Category	Data Name
System-generated unique identifier	Hash generated from email address
Purchase qualification	Outcome (+/-) of the specific order
Contact data	Phone number
Shipping data	Shipping address

 

Duration of Data Processing: 8 years following the creation of the data.
Realization of Proper Notification and Documentation of the Balancing of Interests:
This excerpt of the balancing of interests test is available on both the Utánvét Ellenőr and the relevant online store's website, accessible to all affected parties.

Privacy Notice
 Effective from March 07, 2025

This privacy notice (hereinafter: "Notice") is in accordance with the European Parliament and Council Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: "GDPR") and Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: "Infotv.") and outlines the circumstances under which HEDIT.HU Korlátolt Felelősségű Társaság (headquarters: 1201 Budapest, Magyarok Nagyasszonya tér 20.; email: hedit@hedit.eu; phone: +3670 667 9378; company registration number: 01-09-373819; tax number: 28786481-2-43; hereinafter: "Trader" or "Data Controller") processes personal data in connection with the operation of its online store (hereinafter: “Web Store") on the website HEDIT.EU and HEDIT.SK (hereinafter: "Website").

The purpose of this Notice is to properly inform both visitors browsing the Website and users (hereinafter: "Users") of the commercial services provided by the Trader through the Website/Web Store about how their personal data is handled, including the conditions under which personal data will be processed by the Trader, the mode, purpose, legal basis, duration, and scope of the processed data, any data transfers, the identity of persons authorized to process or handle the data, and the rights and legal remedies available to the data subject.

If any User feels that they have further questions or concerns beyond what is outlined in this Notice regarding the personal data processing processes that take place via the Website, or if they have any remarks or objections, they may contact the Trader at hedit@hedit.eu.

Users, after reading and understanding the Notice, will decide whether to provide their personal data for the use of the Website and/or Web Store. Providing personal data is voluntary, but we draw Users' attention to the fact that the commercial services of the Web Store cannot be used without providing personal data. These cases will be indicated on the relevant forms for using the specific commercial service.

The proper use of the Website and the access to the individual commercial services is contingent upon the User's acceptance of the terms outlined in this Notice regarding the processing of personal data. When visiting the Website or using the Web Store services, the User is required to read and accept the provisions of this Notice. If the User does not agree with any data processing operation outlined in this Notice, please refrain from using the Website or the specific Web Store service in question.

 

1. The Data Controller and Contact Information of the Data Controller
   Regarding the personal data processing carried out through the Website, the Data Controller is the Trader, whose key details are as follows:

Name: HEDIT.HU Korlátolt Felelősségű Társaság
 Headquarters: Hungary, 1201 Budapest, Magyarok Nagyasszonya tér 20.
 Electronic contact address: hedit@hedit.eu
 Phone contact: +3670 667 9378
 Company registration number: 01-09-373819
 Tax number: 28786481-2-43

Additionally, the essential information of the joint data controller is as follows:

Name: Utánvét Ellenőr Ltd.
 Headquarters: Hungary, 8640 Fonyód, Szigligeti utca 10.
 Electronic contact address: hello@utanvet-ellenor.hu
 Phone contact: +3620 923 8883
 Company registration number: 14-09-320385
 Tax number: 32393640-2-14

Detailed information about the joint data processing and the services provided by Utánvét Ellenőr Ltd. can be found in Appendix 1.

In all cases of data processing where the Trader, as the data controller, is involved, along with other third parties participating in the personal data processing—whether as joint controllers, separate controllers, or data processors—the Trader will include the relevant information in this Notice.
 This Notice also applies when the User contacts the Data Controller or when the Data Controller contacts the User in relation to the commercial services provided through the Web Store.

In some cases, the Website may contain links to third-party websites or services, which are governed by the privacy policies defined by the third party (e.g., a partner company offering courier services acts as an independent data controller regarding the delivery service, or a financial service provider offering a selected electronic payment method). In such cases, we ask that you carefully read both the relevant terms and conditions and the corresponding privacy notice before ordering these services or providing your personal data to the third party. Please note that since the Trader does not control these terms, operations, and content, the Trader does not accept any responsibility for them.

 

1. Definitions for the Interpretation of this Notice

Personal Data: Any information that can directly or indirectly identify a natural person. Specifically, during the use of the Website, such data includes full name, address, billing information, phone number, email address, IP address, device identifier, and the personal interests of the individual as reflected by their searches on the Website.

Data Subject: The natural person whose personal data is the subject of a particular data processing activity. The Trader provides its commercial services through the Website and Web Store primarily to natural persons over 18 years of age. As such, the data processing procedures have been designed accordingly. Since consent from the legal representative is required for individuals under the age of 14 and, in some cases, for minors over the age of 14, the Trader will obtain the legal representative's consent when processing data for these individuals. An exception is made for minors over 14 who, with the consent of their legal representatives, possess their own bank card and are thus authorized to make online purchases for ordinary, everyday needs.

Data Controller: The person who determines the purposes and means of personal data processing. For personal data processing carried out through the Website, the Trader is the Data Controller, but in certain processes where specified, other Data Controllers may also perform data processing activities. The Trader is considered the Data Controller for all information and data provided to the Trader by the Users during their visits to the Website, use of the Website, and the commercial services offered through the Web Store.

Data Processor: A natural or legal person, or any other body that processes personal data on behalf of the Data Controller and carries out data processing operations related to the personal data. The Trader employs several Data Processors in its data processing activities, and the identity of the Data Processors is indicated for each specific data processing process or reference is made to the categories of the Data Processors.

Data Processing: Any operation or set of operations performed on personal data, whether by automated means or not, such as collection, storage, recording, communication, transmission, or use. Any process during which personal data is provided to or gathered by the Trader through the Website is considered data processing.

Legal Basis for Data Processing: The Trader processes personal data primarily for the purpose of contract formation or performance and legal obligations. Where the collection of personal data is explicitly indicated, the Trader processes personal data based on the data subject's consent. The Trader provides information on the legal basis for data processing for each specific data processing operation.

Consent: Permission granted by the data subject to the Data Controller for the processing of their personal data for specific purposes.

Purpose of Data Processing: The specific purpose for which personal data is processed, such as the creation or performance of a contract between the Trader and the User.

Scope of Processed Data: The specific personal data processed by the Trader is provided for each data processing operation.

Duration of Data Processing: The period during which the Trader is authorized to process personal data, as specified for each data processing operation.

Non-identifiable Data: Data collected about the Website’s Users that does not allow identification of a natural person, either directly or indirectly.

Services: All services available to the Users through the Website. This Notice applies to data processing activities related to the browsing of products available for purchase on the Web Store, the purchasing process, order fulfilment, product delivery, billing for purchases, subscription to electronic direct marketing communications (newsletters), providing opportunities for contact, and personal data processing in market research or participation in sweepstakes related to the products and services provided through the Web Store.

 

1. Personal Data Collected by the Data Controller and Data Processing Activities

3.1 Personal Data Collected by the Data Controller and Data Processing Activities

Below is an overview of the personal data the Data Controller collects from Users, as well as in certain cases, what personal data may be received from other sources regarding the User:

Data Processing Name	Personal Data Subject to Processing
Ordering Products, Using the Webstore’s Commercial Services	- Email address, phone number, billing name, billing address, as well as additional information provided in the Remarks section.
	- If the shipping details differ from the billing details: shipping name and shipping address.
	- Information about online browsing behaviour, services used, transaction data.
	- Information about the device used for accessing the webstore, such as IP address, device identifier, access date and time, mobile device identifier.
Utilization of Delivery Services	- Shipping name, shipping address and time, phone number, email address, and all other information provided to the shipping company in advance.
Utilization of Electronic Direct Marketing Services (Newsletter), System Messages	- Identification and contact details needed for direct outreach (name, email address, IP address, device identifier).
Participation in Promotions, Sweepstakes	- Identification data needed for conducting the promotion, and personal data used for prize delivery and contact (name, shipping address, email address, phone number).
Contacting and Communication	- Personal data provided by the user during any contact, including via email, postal mail, or social media platforms (Facebook, Instagram), as well as identification data.
	- When using a form on the website, user’s name, email address, phone number, custom clothing size requests, message content.
Placing Custom Orders	- User’s name, email address, phone number, custom clothing size requests, message content, shipping and billing address when using a form on the website.
Personal Data Received from Other Sources	- Data necessary for determining the completion of a payment transaction and accounting purposes related to payment transactions.
	- Data related to the completion of package deliveries.
In collaboration with Utánvét Ellenőr Ltd., for the successful delivery of the maximum number of packages purchased in the webstore, HEDIT.HU Ltd. may receive notification from Utánvét Ellenőr Ltd. if the User has not accepted multiple (at least two) previous COD (Cash on Delivery) purchases. This information helps determine which payment methods should be available for the User during future webstore purchases.	- User's email address, anonymized (hashed) format.

 

3.2. Purchasing Products in the Web Store, Payment of the Purchase Price

3.2.1. Ordering Products
Creating a user account (registration) is not required for making a purchase in the Web Store. However, the following personal information must be provided for the purchase: email address, phone number, billing name and address, shipping name and address.

The purpose of data processing is to fulfil the contract regarding the ordered product, to exercise the rights arising from it, including billing the purchase price, collecting the payment, facilitating the payment process, enforcing claims related to the purchase, fulfilling accounting obligations, and delivering the product.

The legal basis for the data processing is the performance of the contract between the Merchant and the User regarding the product, exercising rights and fulfilling obligations arising from it.

The duration of data processing is until the fulfilment of the User's order, except in cases where the law or the User's separate consent (e.g., newsletter subscription) requires the retention of data beyond the completion of the order.

3.2.2. Payment of the Purchase Price and Invoicing
For payment of the product's purchase price, the Merchant transfers the following User data to the payment service provider (which is an independent data controller, as specified in section 5.7), in accordance with the European Parliament and Council Directive (EU) 2015/2366 (Payment Services Directive - PSD2) and Act LXXXV of 2009 on payment services: name, phone number, email address, transaction amount, IP address, transaction date and time, shipping address, and billing address.

The scope of data transferred to the payment service provider is determined by the card company rules based on the EMV (Europay-MasterCard-Visa) standard, which aims to ensure more secure customer authentication.

For fulfilling the Merchant's invoicing obligation in the event of payment, the User provides the necessary personal information, including their name and billing address, for the creation of the invoice.

The legal basis for this data transfer is the performance of the contract between the Merchant and the User regarding the ordered product, enabling the fulfilment of obligations arising from the contract, ensuring payment via the online payment service, facilitating the Merchant's involvement in the payment process as part of the commercial service, and enforcing any related claims.

The duration of data processing is until the completion of the online payment transaction.

SimplePay Service
In the provision of the payment service, OTP Mobil Ltd. participates as a data processor under the service contract with the Merchant. However, when handling the card data of Users using the payment service, OTP Bank Nyrt. (head office: 1051 Budapest, Nádor u. 16.; its privacy policy can be found here) and B-Payment Zrt., part of the Borgun hf. group (head office: 1132 Budapest, Váci út 4.; Borgun Privacy Policy can be found here) act as independent data controllers, not as data processors engaged by the Merchant. They are responsible for data processing according to their own data protection regulations. OTP Mobil Ltd.'s data processing related to SimplePay service is governed by the SimplePay Service User Terms and Conditions, which can be found here.

The purpose of data transfer is to ensure that the payment service provider can carry out the payment transactions according to the legal requirements. The data is provided to the payment service provider solely for validation purposes at the card-issuing bank's site. The payment service provider only intermediates the necessary data and does not use or store it in any way.
OTP Mobil Ltd. does not handle the card data; the data is processed by OTP Bank Nyrt. and Borgun hf., which provide the payment card acceptance infrastructure behind the SimplePay service. The card data is entered directly into the OTP Bank Nyrt. or Borgun hf. systems. OTP Mobil Ltd. acts as a data processor on behalf of these financial institutions based on a contract and processes the data according to their instructions. The Merchant does not have access to the User’s card data.

Bank Transfer
In the case of advance bank transfer, the Merchant’s bank, OTP Nyrt., acts as an independent data controller concerning the User’s banking data. The Merchant uses the User's bank data solely to identify the transaction related to the given order and does not store it separately.

Stripe Service
The Merchant also uses Stripe Payments Europe, Limited (head office: The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland) as a third-party payment service provider. Stripe provides the payment service as an independent data controller based on its privacy policy, which can be found at Stripe Privacy Policy. The Merchant does not have access to the User’s card data, which is handled solely by Stripe Payments Europe, Limited.
The purpose of data transfer is to facilitate online purchases and ensure secure financial processing, track transactions, and ensure payment security via the Stripe card acceptance network.
Transferred data includes: last name, first name, shipping address, billing address, phone number, email address, and transaction-related payment information.

Invoicing
The legal basis for processing the data necessary for invoicing is the Merchant's legal obligation to comply with the Hungarian Accounting Act (2000, C. Act), specifically Section 169(2) of the Accounting Act.
Data processing duration is tied to the duration of the contract, with the Merchant obligated to retain accounting documents and invoices for 8 years following the invoice issuance to comply with accounting obligations.
Providing billing data is a condition for the creation of the contract, as required by the Merchant's obligations under the Hungarian Accounting Act.

3.2.3. Product Home Delivery
The delivery of ordered products is carried out by the Merchant in cooperation with a contracted shipping partner (except for Magyar Posta, which is not a contracted partner). The Merchant shares the necessary personal data for the fulfilment of the delivery with the shipping partner, including:

• Delivery name
• Delivery address
• Any message provided by the User for the courier
• In case of courier delivery, the User’s phone number (mobile phone number) and email address.

Purpose of Data Processing
The purpose of data processing is to fulfil the delivery of the ordered products, which is part of the commercial service provided by the Merchant.

Legal Basis for Data Processing
The legal basis for data processing is the fulfilment of the contract between the Merchant and the User regarding the purchase of the product and the associated delivery service. To ensure the fulfilment of the delivery service by the shipping partner, the Merchant provides the necessary data to the shipping partner, and the shipping fee is invoiced.

Legal Basis for Invoicing the Delivery Service Fee
The legal basis for processing data related to invoicing the delivery service fee is the Merchant's legal obligation, as prescribed by Section 169(2) of the Hungarian Accounting Act (2000, C. Act).

Data Retention Duration
The data processing duration is linked to the duration of the contract, with the Merchant required to retain accounting documents and invoices for 8 years after the invoice is issued to comply with the legal obligations under the Hungarian Accounting Act (2000, C. Act).

Shipping Partners
The shipping service is provided by the following companies:

• GLS (General Logistics Systems Hungary Ltd.)
  Head office: 2351 Alsónémedi, GLS Európa utca 2.
  The service provider's privacy policy can be found [here].
• Magyar Posta
  Head office: 1138 Budapest, Dunavirág utca 2-6.
  The terms and conditions of the courier service can be found [here].

The shipping partner processes the personal data of the User necessary for the fulfilment of the delivery service of the ordered products. The data processing is governed by the shipping partner’s own privacy policy, which will be made available to the User before the order of the shipping service.

Data Retention Duration for Shipping Services
The data will be processed until the delivery is completed.

 

3.3. Continuation of Surveys Among Users
The Merchant periodically initiates surveys among Users on the Website by announcing the survey on the Website, in which Users can participate voluntarily and, upon giving their explicit consent to the data processing principles set forth in the survey, or anonymously. The aim of the surveys is to measure the compliance of the Products and related commercial services, and to determine steps for improving the effectiveness of the commercial services provided through the Web Store. When announcing the surveys, the Merchant publishes a specific privacy notice, and for matters not specified there, the provisions of this Notice apply.
The Merchant may invite Users who have subscribed to the newsletter to participate in a survey regarding the Merchant’s Products, services, and their assessment. The purpose of such data processing is to improve and measure the operation of the Merchant’s Products and services, as well as to measure User satisfaction. The duration of the data processing is 2 weeks after the User has responded.

3.4. Marketing Purpose Data Processing
3.4.1. Newsletter
The Merchant, in order to promote the Products offered through the Web Store and its own brand, sends direct marketing (commercial purposes) electronic advertisements, as well as information and content deemed interesting for Users, to Users who have given their prior, explicit, and voluntary consent via email.
The legal basis for data processing is the voluntary, prior, explicit consent of the data subject. The consent can be revoked at any time, free of charge, without limitation or justification via the customer service contacts (see point 3.5). The duration of the data processing is as long as the User's consent is not revoked ("unsubscribe"), unless the Merchant continues the newsletter service.
The User may object to the processing of their personal data for direct marketing purposes at any time via the contacts provided in point 3.5, either in writing or by email. In such case, their data cannot be processed further for this purpose. The User may also express this objection by clicking on the “Click here to unsubscribe” button in the Merchant’s emails/newsletters, which will prevent the Merchant from sending newsletters or marketing emails to the User in the future.
The Merchant draws attention to the fact that communications related to the commercial services provided through the Web Store are not part of this point, which include necessary system messages sent to the User, such as information regarding the use of the service, technical messages, or notifications regarding essential elements of the legal relationship.

3.4.2. Sweepstakes
The Merchant occasionally organizes sweepstakes for Users to promote the Products offered through the Web Store and its own brand. The Merchant provides separate information on data processing related to the sweepstakes, with the understanding that the provisions of this Notice apply to matters not specified in the specific information.

3.5. Complaint Handling and Customer Service Data Processing, Social Media Fan Pages
3.5.1. Customer Service
The Merchant accepts customer service-related inquiries and questions about the Products and services provided through the Web Store through the following contact details. In certain cases, the Merchant may initiate communication with Users through the following contact points:
Email: hedit@hedit.eu
Through the message system on the Web Store’s contact page, where the name and email address are mandatory (and the phone number is optional): http://www.hedit.eu/shop_contact.php
Requests to exercise the rights listed in point 6 are accepted by the Merchant via email at hedit@hedit.eu.

3.5.2. Consumer Complaints
The Merchant processes the details of complaints and inquiries from Users in accordance with the provisions of the Consumer Protection Act (1997. CLV. Act) for persons qualifying as consumers, based on the legal obligations of the Merchant. For other Users, the processing is based on the performance of the contract, and in certain cases on the legitimate interest of the Merchant. The data processed includes:

1. a) Name, address, and any other information provided at the time of the complaint or inquiry.
2. b) Place, time, and method of submitting the complaint or inquiry.
3. c) A detailed description of the complaint or inquiry.
4. d) Any other evidence presented by the User, with a list of these.
5. e) The response letter sent to the User.
6. f) The User's phone number.
   The Merchant records the inquiries and responses to investigate, address, and respond to the complaints, ensuring compliance with the Merchant's legal obligations and documenting the facts necessary to protect the legitimate interests of the Merchant or third parties.
   Complaint records and data created during the complaint process are stored for 5 years in accordance with the Consumer Protection Act (Fgytv. 17/A. § (7)), and other non-consumer related inquiries are stored for 2 years after resolution.

3.5.3. Social Media Fan Pages
The Merchant operates fan pages on social media platforms (e.g., Facebook, Instagram, YouTube, etc.) to promote its brand and Web Store. Users can interact with the Merchant through these fan pages.
When Users contact the Merchant via one of the Merchant's social media fan pages, the following data is processed by the Merchant: the User’s registered name on the social media platform, profile picture, and any additional personal information shared with the Merchant through that platform, subject to the platform's own data processing rules.
The data processing goal is to promote the content, products, actions, or the Website itself via social media, including the sharing or "liking" of content.
The legal basis for this data processing is the voluntary consent of the User for the processing of their personal data on the social media platform.

3.6. Official Data Disclosure
The Merchant discloses personal data in compliance with valid and lawful requests from authorities and courts, which are related to the commercial services provided through the Web Store or to data processing carried out through the Website.
The Merchant provides the requested personal data to authorities or courts involved in criminal proceedings, in compliance with relevant legal provisions requiring such disclosure.
The legal basis for this data processing is the Merchant’s compliance with legal obligations, as well as the legitimate interests of the Merchant or a third party, ensuring the legitimacy of the data disclosure in official proceedings. The duration of this data processing is 5 years after the disclosure.

3.7. User Activity
The Merchant processes data regarding User activity on the Website and use of the commercial services provided through the Web Store to improve the services and measure their success. The Merchant uses cookies and similar technologies to collect data about the User’s browsing behaviour and interaction with the services provided. A cookie is a small file placed on the User’s device that allows the Merchant to interact with the technical processes of the Website.
The legal basis for this data processing is the Merchant's legitimate interest in recording User cookie settings and processing User personal data accordingly, as well as ensuring the basic functioning of the Website and Web Store.
The duration of data processing for these activities is described in point 3.8 of this Notice.

3.8. Cookie Policy
Cookies collect data when the User visits the Website. In some cases, these data files may be considered personal data according to applicable privacy laws. Cookies are necessary for the proper functioning of the Website and Web Store, and to optimize the user experience. They provide the Merchant with information about the User's browser settings and the device used.
Automatically collected data is logged by the system during the User's visit to the Website, and can only be accessed by the Merchant and data processors managing the cookies. Such data is typically not used to identify the User and is only associated with other identifiable data if necessary for the performance of the contract with the User or to ensure the secure operation of the Website and Web Store.
The following information is collected and processed during the use of the Website or Web Store:
Device Information
When the User browses the Website, the Merchant gathers information about the device being used, such as model, operating system, and device ID. The Merchant also receives information about the internet connection, mobile carrier, language settings, time zone, and IP address.
Activity (Behavioural) Data
The Merchant tracks and records the User’s activities on the Website, such as which content is viewed, which links are clicked, and which areas are browsed.
Location Data
When the User uses the commercial services via the Web Store, the Merchant collects information about the User's geographical location, estimated via their IP address.
User Rights Regarding Cookies
The User may refuse cookies on a case-by-case basis or fully disable them via browser settings. However, if all cookies are blocked, the User may have limited access to certain services on the Website.
Cookie settings can be adjusted via the browser, or further information on how to enable or disable cookies can be found via the links below:
• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Edge
• Safari
Other rights of the Users are outlined in this Notice.

Purpose of Cookie Usage
Essential Cookies for Website and Web Store Services
These cookies are essential for delivering the commercial services of the Web Store and Website to Users. The cookies are necessary for the basic functioning of the Website. Without these cookies, certain Website functionalities may not be available.

Purpose of Data Processing	Data Processing Activity	Scope of Processed Data
Ensuring the proper functioning of the Website and Web Store, identifying Users, identifying the current session of Users, storing data provided during the session, preventing data loss. The Merchant processes data on the type of devices used by Users to adjust the pages displayed to the respective device. The Merchant also processes User data to prevent or detect potential abuses related to the services.	When the User uses the Website or the Web Store services, the Merchant records personal data in the browser.	·         Activity on the Website ·         Location data ·         Device identifier ·         Personal data provided by non-registered users ·         IP address

 

Legal Basis for Data Processing: The Merchant has a legitimate interest in identifying the Users. Preventing and detecting fraud is an essential element for the reliable provision of commercial services via the Web Store by the Merchant and its contractual partners.

Duration of Data Processing: As specified in the table at the end of this Cookie Policy.

Handling of Statistical Cookies: With the help of Google Analytics cookies, the Merchant collects data for analysis and measurement purposes in order to understand how Users utilize the commercial services, what pages Users view on the Website, how many view each page and for how long, the Users' age groups, their internet behaviour, which pages they come from, which advertisements they interact with, as well as gathering conversion data necessary for optimal display on various devices. When a User visits a website that uses Google Analytics cookies, the actions taken on that website can be linked with the actions on other websites that also use Google Analytics or other Google solutions, as well as third-party cookies, including to optimize product offerings, better customize advertisements, and analyse website traffic. Google Analytics also collects internet protocol (IP) addresses for security purposes, as well as to help the Merchant understand from which city or country the Website is being accessed. Under the contract between the Merchant and Google LLC, Google acts as a data processor and handles the data based on the Merchant's instructions.

Purpose of Data Processing		Data Processing Activity	Scope of Processed Data
With the help of Google Analytics cookies, the Merchant collects data for analysis and measurement purposes in order to understand how Users utilize the commercial services, which pages Users view on the Website, how many view each page and for how long, the Users' age groups, their internet behaviour, which pages they come from, which advertisements they interact with, as well as gathering conversion data necessary for optimal display on various devices.	When the User uses the Website or accesses the Web Store services, the Merchant records personal data in the browser.		• Activity on the Website • Location data • Device identifier • Personal data provided by non-registered users • IP address • Demographic data • Interests • Geographical location • Behaviour

Legal Basis for Data Processing: The User's consent.
Duration of Data Processing: As per the table at the end of this Cookie Policy.

Cookies for Marketing and Advertisement Personalization

Google Ads Cookie: When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies, such as the NID and SID cookies, to customize ads shown in Google products, such as Google Search. These cookies are used, for example, to remember your recent searches, previous interactions with ads or search results, and visits to advertisers' websites. The AdWords conversion tracking feature uses cookies to track sales and other conversions resulting from advertisements. Cookies are stored on the user's computer when they click on an ad. Common uses of cookies include selecting ads based on what is relevant to the user, optimizing reports on campaign performance, and preventing the display of ads the user has already seen.

Remarketing Cookies: Remarketing cookies allow previous visitors or users to see ads while browsing other websites in the Google Display Network or when searching for phrases related to products or services.

Facebook Pixel (Facebook Cookie): The Facebook pixel is a code that helps generate conversion reports, create audiences, and provide detailed analysis on visitor interactions with the website. Through the Facebook pixel, personalized offers and ads can be shown to website visitors on the Facebook platform. You can read Facebook's data processing policy here: https://www.facebook.com/privacy/explanation

You can find more information about deleting cookies at the following links: • Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Legal Basis for Data Processing: The User's consent.
Duration of Data Processing: As per the table at the end of this Cookie Policy.

Third-Party Cookies
The Merchant does not use third-party cookies on the Website for serving targeted ads.

Summary of Cookies Used on the Website (Tabular Overview)

Category: Cookies necessary for basic functionality
Legal Basis for Data Processing: The Merchant's legitimate interest

Name	Expiration Time	Domain	Description
UN_never_logout_id	90 days	unas	Stay logged in
UN_never_logout_auth	90 days	unas	Stay logged in
UN_cart_...	365 days	unas	Cookie-based cart storage
UN_geoip	session	unas	GeoIP-based redirection
UN_design_popup_...	session	unas	Modifiable popup element
UN_design_page	365 days	unas	List view switch
UN_design_mobile	365 days	unas	Switch to mobile version
UN_vote_...	365 days	unas	Record voting activity
UN_explicit	session	unas	Explicit content popup
UN_cookie_allow	365 days	unas	Cookie acceptance status
UN_cookie_close	365 days	unas	Cookie acceptance status
UN_admin_view	session	unas	Admin view in "closed" state
UnasID UnasServiceProxyID	session	unas	Process identifier

 

Category: Marketing Cookies
Legal basis for data processing: User's consent

Name	Expiration Time	Domain	Description
_ga (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	This cookie is used to distinguish individual users by assigning a randomly generated number code.
_gid (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	This cookie enables the measurement and improvement of the website's performance through Google Analytics services, allowing the counting of website visits and traffic sources.
_gat (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	This cookie is used to control requests on websites with high traffic.
gac (Google Analytics)	Depends on the cookie, but max 365 days	analytics.google	A cookie related to advertisements, such as measuring interactions with ads displayed on the domain, and preventing the same ads from showing too often to the same user.

 

The data storage duration for the given cookie can be found in more detail at the following links:

• Google General Cookie Information: https://www.google.com/policies/technologies/types/
• Google Analytics Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu
• Facebook Information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

 

1. Calls to Users

4.1. Under 18s
The Merchant generally provides the commercial services of the Web Store to natural persons with full legal capacity who are over 18 years of age and to non-natural persons. If any data processing activity of the Company involves the personal data of minors under 18, the Company will obtain the prior and voluntary consent of the minor's legal representative for data processing. An exception applies to natural persons who are over the age of 14 and have their legal representative's consent to own a bank card and are thus entitled to use online purchasing services, provided the services do not exceed the usual needs of everyday life.

4.2. Persons Providing Data of Others
The use of the commercial services offered through the Web Store is only possible by providing valid, accurate, and personal data. The User is solely responsible for any damage or claim arising from providing incorrect, false, or non-personal data during the use of the services.

4.3. Accuracy
If any changes or modifications occur in the personal data held by the Merchant during the data processing period (except for data processing activities required by law), the User is obliged to immediately notify the Merchant of the changes to ensure that the data held by the Merchant is accurate and up-to-date.

4.4. Access to Personal Data
Only those employees or contractors under the direct control of the Merchant who require access to personal data to perform their job duties may access the User's personal data. These persons handle the data in accordance with the contractual relationship with the Merchant.

4.5. Publicly Disclosed Personal Data
This Privacy Notice only applies to data processing activities related to personal data provided by the Users to the Merchant during the use of the Website. If the User voluntarily discloses any personal data, such disclosures are not covered by this Notice.

 

1. Data Transfers

The Merchant transfers Users' personal data to third parties, as described in this Privacy Notice, to provide, use, and ensure the fulfilment of the commercial services offered by the Web Store. Furthermore, the Merchant, with the User's notification, shares personal data with data processors based on an agreement. In certain cases, partners act as data processors on the Merchant's behalf, processing data according to the Merchant's instructions, and no additional consent is required. In other cases, partners use the transferred personal data to make decisions about data processing in relation to their own services. These partners are data controllers, and the legal basis for data transfer to them corresponds to the legal basis for data processing by the Merchant. The Merchant enters into contracts with both data processors and data controllers in which these partners undertake to handle the transferred personal data in compliance with relevant laws and confidentiality requirements.

5.1. Server Services
The website operator is UNAS Online Ltd. (registered office: 9400 Sopron, Kőszegi út 14.), which acts as a data processor in the course of IT operations related to the Website. UNAS Online Ltd. provides server services for hosting the content of the Website as well as the User’s personal data.

5.2. Newsletter Sending and System Messages Service Provider
UNAS Online Ltd., as a data processor, cooperates with the Data Controller under a contract to send newsletters and system messages related to the use of the Web Store’s commercial services, as described in this Privacy Notice.

5.3. Invoice Issuance Data Processor
In cases where the Merchant issues an invoice for paid commercial services in accordance with applicable accounting and tax laws, the Merchant uses an invoice issuance service provider. Currently, the Merchant uses the services of THARANIS Ügyvitel Ltd. (1124 Budapest, Németvölgyi út 41-45) for invoice issuance.

5.4. Administrative Systems
For contact, quotation, customer service, complaint handling, contract preparation, and contract fulfilment, the Merchant uses the services of UNAS Online Ltd. (registered office: 9400 Sopron, Kőszegi út 14.) and THARANIS Ügyvitel Ltd. (1124 Budapest, Németvölgyi út 41-45) as data processors.

5.5. Delivery of Ordered Products
For the delivery of products, the Merchant shares the necessary data with third-party parcel delivery partners, insurance providers, and for settlement purposes. These partners' employees have access to personal data and, in certain cases, may communicate with the Users. These employees only access personal data for administrative purposes, handling changes, and completing parcel deliveries. During this process, unless specifically requested by the User, they do not modify or delete personal data.
For the delivery of products, the Merchant uses the following data controllers:

• GLS General Logistics Systems Hungary Parcel Logistics Ltd. (registered office: 2351 Alsónémedi, GLS Európa utca 2.). Data shared: name, phone number, email address, postal code, delivery address, and name, along with a message of up to 30 characters for the courier.
• Magyar Posta Zrt. (registered office: 1138 Budapest, Dunavirág utca 2-6.). Data shared: name, phone number, email address, postal code, delivery address, and name, along with a message of up to 30 characters for the courier.

5.6. Payment Systems Service Provider on the Website
In cases where the Merchant offers the payment of the prices of products through online payment services provided by third parties via credit card, the relevant data processing follows the terms set forth in the data processing notices of these service providers.
For online payments on the Website, the Merchant uses the services of OTP Mobil Ltd. (company registration number: Cg. 01-09-174466; registered office: 1143 Budapest, Hungária krt. 17-19.) SimplePay application and Stripe Payments Europe, Limited (registered office: The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland). For more information, refer to section 3.2.2 of this Privacy Notice.

5.7. Data Transfers to Third Countries
The Merchant does not transfer personal data to third countries.

5.8. Data Transfer Records, Changes to Data Processor Contractual Partners
The Merchant keeps a record of personal data transfers, which includes the date of transfer, the legal basis for the transfer, the recipient, and the scope of personal data transferred. The Merchant is required to retain the data in the transfer record for 5 years, after which the data will be destroyed.
If authorized authorities request personal data from the Merchant as required by law, the Merchant will comply with its legal obligation and provide the requested data.
The Merchant reserves the right to periodically review its data processing partnerships and, if necessary, enter into new agreements with service providers who conduct data processing activities. The Merchant will update the Privacy Notice to reflect these changes and will provide the User with information about the current data processors upon request.

 

1. Rights of Data Subjects Regarding Data Processing
   The Merchant provides the mandatory information and the necessary responses based on the rights of data subjects in a concise, transparent, and easily understandable manner.

The Merchant will inform data subjects of the actions taken in response to their requests without undue delay, and in any case, within one month of receiving the request. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by an additional two months. In such cases, the Merchant will inform the data subject of the reason for the delay within one month of receiving the request.

For requests submitted electronically, the Merchant will provide information electronically, unless the data subject requests otherwise.

If the Merchant takes no action following the data subject's request, it will inform the data subject of the reasons for not taking action without undue delay, but no later than one month after receiving the request, along with information on what remedies the data subject can pursue.

6.1. Right to Information/Access
The User can request information from the Company through the contact details provided in point 1, either by letter or email, regarding whether their personal data is being processed by the Merchant.
If such processing is underway, the User has the right to request information from the Merchant regarding which personal data is being processed, on what legal basis, for what purpose, from which source, and for how long, as well as to whom, when, on what legal basis, and which personal data has been made accessible or transferred to, including, in particular, recipients in third countries or international organizations.
The User has the right to access their personal data by requesting that the Merchant send the relevant personal data in writing or by email.

6.2. Right to Rectification
The User can request, via the contact details provided in point 1, by letter or email, that the Company promptly correct any inaccurate personal data, or request the completion of incomplete personal data.

6.3. Right to Erasure/Right to be Forgotten
The User can request the Merchant, via the contact details provided in point 1, to erase their personal data without undue delay if any of the following grounds apply:
a) the personal data is no longer necessary for the purposes for which it was processed by the Merchant;
b) the User withdraws their consent, which forms the basis for the data processing, and there is no other legal basis for the processing;
c) the User objects to the data processing, and there are no other legitimate grounds for the processing;
d) the personal data has been unlawfully processed by the Merchant;
e) the personal data must be erased to comply with a legal obligation to which the Merchant is subject;
f) the personal data was collected in relation to the offering of information society services to children.

If the Merchant transfers the User's personal data to third-party recipients as described in this Notice, it will inform those further recipients/data processors (e.g., all data processors, etc.) about the User's request for erasure of their personal data.

6.4. Right to Restriction of Processing
The User can request the Merchant, via the contact details provided in point 1, in writing or by email, to restrict the processing of their personal data if any of the following conditions apply:
a) the User disputes the accuracy of the personal data, in which case the restriction will apply for a period that allows the Merchant to verify the accuracy of the personal data;
b) the processing is unlawful, and the User opposes the erasure of the data and instead requests the restriction of its use;
c) the Merchant no longer needs the personal data for processing purposes, but the User requires it for the establishment, exercise, or defence of legal claims; or
d) the User has objected to the processing of personal data; in this case, the restriction will apply until it is determined whether the Merchant’s legitimate grounds override the User's interests, rights, and freedoms.

In the case of restriction of processing, the personal data can only be processed with the User’s consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest.
The restriction will last as long as the User’s indicated reason for storage requires the data to be kept.

6.5. Right to Data Portability
The User can request the Merchant, via the contact details provided in point 1, in writing or by email, to receive the personal data provided to the Merchant by the User in a structured, commonly used, and machine-readable format, and the User is also entitled to transmit those data to another company without hindrance from the company to which the personal data was provided, where the processing is based on the User's consent or a contract and is carried out in an automated manner.

In exercising the right to data portability, the User is entitled to request, where technically feasible, that their personal data be transmitted directly from one company to another.

6.6. Right to Object
The User can object at any time, via the contact details provided in point 1, in writing or by email, to the processing of their personal data based on the legitimate interests of the Merchant or a third party. In this case, the Merchant must stop processing the personal data, unless the Merchant demonstrates compelling legitimate grounds for the processing that override the User's interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defence of legal claims.

6.7. Automated Decision-Making in Individual Cases, Including Profiling
The Merchant does not apply decision-making based solely on automated data processing as defined in Article 22 of the GDPR.

If in the future, the Merchant introduces decision-making based on such processing, the User will be adequately informed in advance by email about the applied logic, methods, and the essence of the process. The User will also be given the opportunity to request human intervention, express their point of view, or contest the decision.

6.8. Legal Remedies for Data Processing
If the User experiences unlawful data processing, it is advisable to first send a complaint in writing to the Merchant, using the contact details provided in point 1, as this allows the Merchant the opportunity to restore the lawful status of the data processing.

The User can initiate an investigation by submitting a complaint to the supervisory authority, citing that their personal data has been processed unlawfully or that there is a direct risk of such unlawful processing.

The name and contact details of the supervisory authority are as follows:
National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa Street 9-11. Postal address: 1374 Budapest, P.O. Box 603.
Email: ugyfelszolgalat@naih.hu Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: www.naih.hu

In the case of unlawful data processing experienced by the User, they may initiate a civil lawsuit before the courts. The case will be examined by the regional court. The lawsuit – at the User's choice – may also be filed before the court in the User's place of residence. The list and contact details of the courts can be found at the following link:
http://birosag.hu/torvenyszekek.

1. Data Security Measures
   The Merchant ensures the security of the User's data by applying technical and organizational measures appropriate to the level of risk, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage of the data, including ensuring the confidentiality, integrity, availability, and resilience of the IT systems and tools used to process personal data.

The Merchant is obliged to protect the data with appropriate measures, especially against unauthorized or unlawful access, alteration, transmission, disclosure, loss, deletion, or destruction, as well as against accidental destruction, alteration, and damage, and against the unavailability arising from changes in the technology used. The Merchant’s contracted partners and data processors process the data using the best industry practices, in compliance with the GDPR, applicable Hungarian laws, relevant contracts, and any other privacy or data security regulations.

 

1. Review and Modification of the Notice
   The circumstances surrounding data processing may change from time to time, or the Merchant may decide to supplement its ongoing data processing with a new purpose. Therefore, the Merchant reserves the right to modify this Notice at any time. The Merchant will notify the User of any modifications to this Notice by email to the email address provided by the User and will also provide notice of the changes on the Website.

 

Appendix 1

General Information on Joint Data Processing
The purpose of this notice is to inform you about the processing of personal data during the use of the Cash on Delivery Checker service.
The Joint Data Controllers have jointly prepared the provisions of their notices for informing data subjects and have defined the distribution of responsibilities for fulfilling the obligations under the GDPR in the agreement between them.

Ensuring Data Subject Rights
The Joint Data Controllers have designated HEDIT.HU Ltd. as the contact person (hereinafter: "data controller contact," "Webstore") in the Joint Data Controller Agreement for handling requests related to data protection, such as data protection-related requests and complaints.
Data subjects may contact any of the Data Controllers regarding activities related to joint data processing. If the request specifically concerns the data processing of one Data Controller, that Data Controller will handle the request in relation to the specific case.

Use of the Cash on Delivery Checker Service by Data Controllers
Description of Data Processing: The Webstore sends the pseudonymized email address (hashed with SHA256), phone number, and shipping address of the Data Subject, as well as the information regarding the success of the product delivery (whether the order was accepted or not), to the Cash on Delivery Checker service, where the Provider stores the data and makes it available to other webstores that use the service for manual or automated queries.
Scope of Processed Data: The email address, phone number, shipping address of the Data Subject, the number of purchases made by the Data Subject at the Webstore, the number of successfully delivered packages, and the number of attempted but unsuccessful deliveries.
Purpose of Data Processing: To prevent or minimize the potential damages caused by the Data Subject’s breach of contract, by automatically offering payment options based on the Data Subject’s actual receipt of previous orders (whether they accepted the order, rejected delivery, or the order was not placed by the Data Subject, etc.) using the encrypted data available in the Cash on Delivery Checker.
Legal Basis for Data Processing: According to Article 6(1)(f) of the Regulation, the Data Controllers' legitimate interest in reducing damages caused by the customer's breach of contract.
Duration of Data Processing: The Data Controllers will process this data for 8 years from the date of data collection.

Storage of Data and Data Security Measures
The Data Controllers will implement appropriate technical and organizational measures to ensure and demonstrate that personal data processing complies with the GDPR, considering the nature, scope, circumstances, and objectives of the processing, as well as the risks to the rights and freedoms of natural persons, as outlined in Article 24 of the GDPR.
The Webstore, as a Data Controller, will present its data security measures in this notice. The data security measures of the Cash on Delivery Checker service can be found in the Data Processing Notice of the Cash on Delivery Checker under the "Data Security" section.

How Does the Cash on Delivery Checker Work?
The Cash on Delivery Checker:
• Stores the submitted user habits (order outcomes), pseudonymized email addresses (hashed SHA256 email addresses), phone numbers, and shipping addresses,
• Combines these with the data received from other webstores in response to manual or automated queries and provides this data in return.
The contact details of the Cash on Delivery Checker Ltd. are:
Headquarters: 8640 Fonyód, Szigligeti Street 10
Tax Number: 32393640-2-14
Company Registration Number: 14-09-320385
Email: hello@utanvet-ellenor.hu

Result of the Balancing Test
The Data Controller has conducted a balancing test due to the legitimate interest as the legal basis for processing, and it has been assessed that the Data Controller’s legitimate interest proportionally limits the rights of the data subjects. The processing of personal data is essential for safeguarding the Webstore's assets as a legitimate interest, and it is also necessary to ensure the data subject's related rights. Currently, there is no alternative method of processing personal data with fewer personal data or using another approach available.
The Data Controller, as the Merchant, uses the personal data already processed to reduce damages caused by the Data Subject's breach of contract when the Cash on Delivery Checker service is used. Therefore, as the Webstore's customer, the Data Subject can anticipate the use of the Cash on Delivery Checker service in relation to them based on these notices. The use of the Cash on Delivery Checker service by the Webstore does not involve processing any additional data beyond what the Data Subject has already provided to the Webstore during the order process.
The Data Controllers' legitimate interest in using the Cash on Delivery Checker service is legally and socially recognized and is also an essential economic interest. The processing of personal data is purpose-bound, and the Data Controllers handle personal data with regard to the principle of data minimization. The Webstore has no access to any additional data (e.g., the Data Subject’s name, types of ordered goods, etc.) via the Cash on Delivery Checker.
Data processing is carried out in accordance with applicable laws. The Data Controller does not collect any sensitive data under any circumstances during the data processing.
The Data Controllers provide all necessary and expected support for the exercise of the Data Subject's rights.
In summary, the Data Controllers conduct data processing lawfully, fairly, and transparently.

 

Excerpt of the LEGITIMATE INTEREST ASSESSMENT under Article 6(1)(f) of the General Data Protection Regulation (GDPR) regarding the data processing of the Cash on Delivery Checker technology solution developed by Utánvét Ellenőr Ltd.

Introduction
The "Utánvét Ellenőr Ltd." (headquarters: 8640 Fonyód, Szigligeti Street 10, company registration number: 14-09-320385, tax number: 32393640-2-14, hereinafter referred to as the "Operator") operates the Cash on Delivery Checker technology solution with the intention to help customers of legally operating web stores strengthen their obligations regarding cash-on-delivery package acceptance. This legitimate interest assessment is based on the joint data processing between Utánvét Ellenőr Ltd. and the Web Store using the service, and the Parties document the application of the legitimate interest legal basis in writing, in accordance with Article 5(2) of the GDPR, to ensure compliance with the accountability principle.

During the verification of the buyer's purchase history and the saving of related order outcomes, the email address provided by the buyer is used as the starting point in the Cash on Delivery Checker system, with a hash generated from the email address using the SHA256 method, along with the phone number and shipping address.

Based on the above, the system sends a calculated indicator back to the Web Store from the buyer’s package receipt data, which, according to its own settings, decides whether to allow or – if the received indicator does not reach the set threshold – hide the cash-on-delivery payment method from the buyer and mark the order as one where there is a risk that the customer will not accept the dispatched package.

In the case of a cash-on-delivery purchase, the buyer will only pay the cost of the online ordered product upon receipt, generally to the courier or at the pickup point, such as a parcel locker. Depending on the agreement between the Web Store and the courier service, the "cash-on-delivery handling fee" arising from the cash-on-delivery payment may be part of the shipping costs or may be charged to the Web Store as a separate cost element, thus partially paid by the buyer upon receipt of the product.

In recent years, there has been a steady increase in the number of packages ordered by customers with cash-on-delivery that are subsequently refused or not collected: in such cases, the customer does not exercise their right of withdrawal, nor does the customer notify the Web Store of this intention but simply fails to accept the package. This results in continuous financial losses for businesses operating web stores, and the widespread use of parcel lockers further exacerbates the situation.

Indicator: A number between -1 and +1 that represents the buyer's reliability. The formula and calculation for the reputation can be found here.

Threshold: A number representing the sensitivity of the Web Store, which indicates the minimum indicator value a buyer must have for a positive assessment.

Data Controllers:

Operator:

• Data Controller Name: Utánvét Ellenőr Ltd.
• Tax Number: 32393640-2-14
• Company Registration Number: 14-09-320385
• Registered Address: 8640 Fonyód, Szigligeti utca 10.
• Email: hello@utanvet-ellenor.hu
• Website: https://utanvet-ellenor.hu

Web Store:

• Data Controller Name: HEDIT.HU Ltd.
• Tax Number: 28786481-2-43
• Company Registration Number: 01-09-373819
• Registered Address: 1201 Budapest, Magyarok Nagyasszonya tér 20.
• Email: hedit@hedit.eu
• Website: https://hedit.eu

Legal Basis for Data Processing: The data controller processes data based on the legitimate interest as per Article 6(1)(f) of the General Data Protection Regulation (GDPR), during the performance of a task prescribed by law.

Identification of the Data Controller's Legitimate Interest and Purpose of Data Processing: The data is processed by the Data Controllers based on Article 6(1)(f) of the GDPR, which stipulates that the data processing is necessary for the legitimate interests pursued by the data controller. These legitimate interests are:

• For the Operator: Operating the "Utánvét Ellenőr" service.
• For the Web Store: Preventing or minimizing potential damages caused by contractual violations by customers.

The purpose of the service is to prevent or minimize potential damages caused by contractual violations by the customers of web stores.

The legitimate interest of the Operator is composed of two elements:

• Exercising the business’s freedom and right to property.
• The economic interest in developing the "Utánvét Ellenőr" service, retaining web stores as subscribers, and eliminating additional costs caused by customers' breach of contract.

Identification of the Affected Person’s Rights and Freedoms: The identified personal rights are based on Article 2:43 (c); (d), (e) points of the Civil Code, which concern the right to respect for privacy and the right to freely choose services. In relation to these rights, the data processing limits the affected person's right to personal data protection in the sense that, as a result of the service, the option for cash on delivery (COD) payment may not be available at the Web Store using the service.

Balancing Test: Based on the impact assessment, it is concluded that there is a balance between the legitimate interest of the data controllers (economic interest in service development, retention of subscribers, and prevention of damage) and the rights and freedoms of the customers (right to privacy, personality rights, particularly the right to personal data protection). This balance is achieved as long as the data controllers fully implement and ensure the following guarantees:

• Transparency and proper notification
• Facilitation of objection and exercise of other data subject rights
• Hashing of data
• Offering alternative payment options instead of cash on delivery (COD) (not excluding customers from online purchases or banning them)

Furthermore, the personal data processing is purpose-bound, conducted with data minimization and limited storage considerations.

Data Subjects Affected: Consumers purchasing products from the Web Store. Typically, the consumer has an online shopping cart to which products intended for purchase are virtually added.

Scope of Processed Data:

Data Category	Data Name
System-generated unique identifier	Hash generated from email address
Purchase qualification	Outcome (+/-) of the specific order
Contact data	Phone number
Shipping data	Shipping address

 

Duration of Data Processing: 8 years following the creation of the data.
Realization of Proper Notification and Documentation of the Balancing of Interests:
This excerpt of the balancing of interests test is available on both the Utánvét Ellenőr and the relevant online store's website, accessible to all affected parties.