Terms of purchase

Please read this document carefully before finalizing your order, as by completing your order, you accept the terms of this T&C.

The General Terms and Conditions ("T&C") contain the general contractual terms for using the online store operated by STOICA MÁRK (NataShop EV, Tax Number: 49398238-2-43) as the service provider ("Service Provider"). Please use our services only if you agree with all the terms and consider them binding for yourself. This document is not archived (so no registered contract will be accessible later) and is concluded exclusively in electronic form as described below. Therefore, according to Section 6:82 of the Hungarian Civil Code (Polgári Törvénykönyv, Ptk.), it qualifies as a contract concluded electronically and is not considered a written contract. It does not refer to any code of conduct, and its language is English.

For any questions regarding the webshop’s operation, ordering, or shipping process, please contact us via the provided contact details.

Name: STOICA MÁRK (NataShop EV)

Registered Address: 1117 BUDAPEST, SZERENÁD Street 6. Building: C, Floor: 6, Door: 3.

Mailing Address: 1117 BUDAPEST, SZERENÁD Street 6. Building: C, Floor: 6, Door: 3.

Logistics Partner's Address (for returns):
Webshippy Logistics Center, 2151 Fót, East Gate Business Park, C/2

Registration Number: 59109400

Registering Authority: National Tax and Customs Administration (Nemzeti Adó- és Vámhivatal)

Tax Number: 49398238-2-43

EU tax Number: HU49398238

Bank Account Number: 10701520-75014988-51100005

IBAN: HU29107015207501498851100005

SWIFT Code: CIBHHUHBXXX

Email: info@natashop.hu

Phone: +36 30 217 4850

Website: https://www.natashop.hu/en/

Hosting Service Provider Details:

Name: UNAS Online Kft.

Registered Address: 9400 Sopron, Kőszegi road 14.

Contact: unas@unas.hu

Website: unas.hu

Professional Representative Organization:

Budapest Chamber of Commerce and Industry

Address: 1016 Budapest, Krisztina blvd. 99.

Mailing Address: 1535 Budapest, P.O. Box 903.

Central Phone Number: +36 (1) 488 2000

Email: ugyfelszolgalat@bkik.hu

2.1. Rights and Restrictions

The Service Provider reserves all rights concerning the website, its content, and its distribution. Downloading, electronically storing, processing, or selling any part of the website’s content without the Service Provider’s written consent is strictly prohibited.

2.2. Scope and Acceptance of the Terms and Conditions (T&C)

The contract established between you and us is governed by these General Terms and Conditions (hereinafter referred to as "T&C"), in addition to the applicable mandatory legal regulations. Accordingly, these T&C define the rights and obligations of both parties, the conditions of contract formation, deadlines for fulfillment, delivery and payment terms, liability rules, and the conditions for exercising the right of withdrawal.

Any technical information required for using the website that is not included in these T&C can be found in other information provided on the website.

Before finalizing your order, you are required to familiarize yourself with the provisions of these T&C. By making a purchase through our webshop, you accept these T&C, which form an integral part of the contract between you and the Service Provider.

The essential characteristics of the products available for purchase on the website are provided in the descriptions accompanying each product.

3.1. Correction of Data Entry Errors – Responsibility for Accurate Information

Before finalizing an order, you have the opportunity to modify the data you have entered at any time (by clicking the back button in your browser to return to the previous page, even if you have already proceeded to the next step). Please note that it is your responsibility to ensure that the data you provide is accurate, as orders will be invoiced and shipped based on the information you submit. By placing an order, you acknowledge that the Service Provider is entitled to pass on any damages or costs incurred due to incorrect data entry to you. The Service Provider excludes any liability for fulfilling an order based on incorrect data input. Additionally, please be aware that providing an incorrect email address or having a full inbox may prevent the confirmation email from being delivered, which could hinder the contract formation process.

3.2. Procedure in Case of Incorrect Pricing

The following cases qualify as clearly erroneous pricing:

• A product is listed at 0 HUF.
• A discount is applied incorrectly (e.g., if a product priced at 1,000 HUF is shown with a 50% discount but listed for 100 HUF instead of 500 HUF).

In the event of an incorrectly displayed price, the Service Provider will offer the option to purchase the product at its actual price. The Buyer may then decide whether to proceed with the purchase at the correct price or cancel the order without any legal consequences.

3.3. Product Images and Representations

While the Service Provider makes continuous efforts to ensure that the images displayed on the website accurately represent the products, including utilizing all available technological solutions to minimize inaccuracies, some discrepancies may still occur due to the technical characteristics and color display settings of the user’s computer. As a result, the Service Provider does not assume liability for any deviations in the graphical representation of products on the website caused by the aforementioned technical factors. Product images are for illustrative purposes only.

4.1. Registration Process

If you wish to make a purchase, you must provide the necessary information during your first order, including your name, billing and shipping details, email address, and a password for future logins. Before completing the registration, you must accept the registration terms. The system will send a confirmation email to verify your registration. Customers are responsible for keeping their passwords confidential. If an unauthorized third party gains access to customer data after correctly entering the unique identifier and password due to reasons within the customer’s control, the Data Controller assumes no liability for any resulting damages or disadvantages. By providing their email addresses, users agree to receive technical notifications from the operator/service provider. Upon request, the operator will delete registered data from the system. For security reasons, deletion requests will only be processed if the user confirms the request via email. This measure prevents accidental or intentional deletions by unauthorized parties. Each email address can only be registered once.

Registration does not entail any obligations.

5.1. Starting an Order

After registration, the user logs into the webshop or may proceed with the purchase without registration.

5.2. Selecting Products

The user selects the desired product(s) and specifies the quantity.

5.3. Adding to Cart

The selected products are placed in the cart. The user can view the cart's contents at any time by clicking the "cart" icon.

5.4. Reviewing and Modifying the Cart

If the user does not wish to add more items, they should review the product quantities. Items can be removed from the cart by clicking the "remove" icon. The user finalizes the quantity before proceeding.

5.5. Entering Shipping and Payment Details

The user provides the shipping address and selects the preferred shipping and payment method.

5.5.1. Payment Methods

• Credit Card Payment: Online payments are processed through the Barion system. The merchant does not receive credit card details. Barion Payment Zrt. is regulated by the Hungarian National Bank (License No. H-EN-I-1064/2013).
• Bank Transfer: After order confirmation, the user receives an email with the bank account number and order reference, which must be included in the transfer note. Processing starts once the payment is received.
• Cash on Delivery (COD): The total amount can be paid in cash or by card upon delivery, either to the courier, at a pickup point, or via a parcel locker. Please note that COD incurs an additional handling fee.

The total payable amount includes all costs and is confirmed in the order summary and confirmation email. Invoices are sent electronically.

Important: Upon delivery, users should check the package in the presence of the courier. If there is any damage or missing items, a report must be filed, and the package should not be accepted. Complaints without a report cannot be processed later.

5.5.2. Shipping Costs (Gross Prices):

Domestic Orders:

Cash on Delivery Fee: +990 Ft (added to the shipping cost for domestic COD orders).

International Orders:

Cash on Delivery Fee: +990 Ft (added to the shipping cost for international COD orders).

5.6. Order Summary and Confirmation

The total amount payable includes all costs and is detailed in the order summary and confirmation email. The user is responsible for verifying the quality and quantity of the delivered products upon receipt - according to Section 6:127 of the Hungarian Civil Code. Deliveries occur on weekdays between 8:00 AM and 5:00 PM.

5.7. Submitting the Order

Before finalizing the order, the user reviews all entered details and may add comments. The order is submitted by clicking the "Order" button. Additional requests can be sent via email.

5.8. Payment Obligation

By placing an order, the user acknowledges that, in accordance with Hungarian Government Decree 45/2014 (II.26.) Section 15 and Section 20, a payment obligation is incurred.

5.9. Correcting Input Errors

Users can return to previous steps to correct data before finalizing the order. This includes modifying cart contents, adjusting quantities, and removing items. Errors can also be corrected after order submission via phone or email.

5.10. Order Confirmation

An email confirmation is sent after order submission. If this confirmation is not received within 48 hours, the user is released from the order commitment. The order and confirmation are considered received when they become accessible to the user. If confirmation is not received due to an incorrect email address or a full inbox, the service provider is not responsible.

5.11. Order Processing and Contract Formation

The initial order confirmation is automated and does not constitute a contract. The contract is formed when the service provider sends a second email confirming order details and expected fulfillment.

5.12. Contractual Breach and Non-Acceptance of Orders

Failure to accept the ordered product without prior cancellation constitutes a breach of contract. 

Upon placing an order, an electronic sales contract is established between the business and the consumer. Under this contract, the Consumer (Buyer) is obligated to pay the purchase price, accept the product, and cooperate with the Business by providing any essential information related to the fulfillment of the contract (in accordance with Sections 6:215 and 6:62 (1) of the Hungarian Civil Code).

If the customer does not accept the product and does not notify the business of withdrawal, the business may:

• Immediately terminate the contract, or
• Attempt additional deliveries (e.g., third or fourth attempts if previous deliveries failed due to lack of cooperation).

The business reserves the right to charge for unsuccessful delivery and return costs as a penalty. If a customer has failed to accept an order at least twice, the business may require prepayment for future orders. The business may withhold product delivery until full payment is confirmed. If a bank transfer is made in a foreign currency and results in an insufficient amount due to conversion fees, the business will request the remaining balance before shipping.

6.1. Orders are processed during business hours. Orders may be placed outside of the designated processing times, but if an order is submitted after business hours, it will be processed on the next business day. The Service Provider will always confirm electronically when the order can be fulfilled.

6.2. The general fulfillment period is between 2 to 5 business days from the conclusion of the contract.

6.3. Under the contract of sale, the Service Provider is obligated to transfer ownership of the product, while the User is required to pay the purchase price and accept the product.

6.4. If the seller is a business and the buyer is a consumer, and the seller undertakes the delivery of the product to the buyer, the risk of damage transfers to the buyer when they, or a third party designated by them, take possession of the item. If the buyer arranges the transport and selects the carrier independently (without the seller's recommendation), the risk transfers to the buyer upon handing over the product to the carrier.

6.5. If the Service Provider is delayed in fulfillment, the User has the right to set an additional deadline for completion. If the seller does not fulfill the order within this extended deadline, the buyer may withdraw from the contract.

6.6. The User may withdraw from the contract without setting an additional deadline if:

1. The Service Provider has refused to fulfill the contract; or
2. The contract had to be fulfilled at a specific time as agreed by the parties, or according to the service's intended purpose, and it could not be fulfilled at a later time.

If the Service Provider delays fulfillment, the User may demand performance or withdraw from the contract if the delay has rendered the fulfillment of the contract irrelevant to them.

The User is not required to prove that fulfillment is no longer of interest to them if:

1. The contract had to be fulfilled at a specific time as per agreement or due to the nature of the service; or
2. The User set a reasonable extension deadline, and the Service Provider failed to meet it.

6.7. If the Service Provider cannot fulfill its contractual obligations due to unavailability of the specified product, it must promptly inform the User and immediately refund any payment made by the User. Additionally, the Service Provider must ensure that the User can exercise their legal rights related to defective performance.

6.8. The Service Provider informs Users that failure to accept the properly fulfilled ordered product(s) (regardless of the payment method) constitutes a breach of contract. According to Section 6:156 (1) of the Hungarian Civil Code, this results in a delay on the User’s part.

This means that if the Consumer does not indicate their intention to withdraw from the contract and does not declare whether they intend to accept the ordered product(s), the Service Provider is entitled to claim the usual storage costs and round-trip shipping costs for the product(s) under the rules of unauthorized agency.

The Service Provider also informs Users that in order to enforce its legal claims arising from such breaches of contract, it may engage a debt collection agency and/or legal counsel. As a result, the additional (legal) costs incurred (including fees for a payment order procedure) shall be borne by the User.

CONSUMER INFORMATION BASED ON HUNGARIAN GOVERNMENT DECREE 45/2014 (II. 26.)

7.1. Information on the Consumer's Right of Withdrawal

According to Section 8:1 (1) point 3 of the Hungarian Civil Code (Ptk.), a consumer is defined as a natural person acting outside their profession, self-employment, or business activity. Therefore, legal entities cannot exercise the right of withdrawal without justification.

The consumer is entitled to the right of withdrawal without justification under Section 20 of Government Decree 45/2014 (II. 26.). The consumer may exercise this right of withdrawal:

1. In the case of a contract for the sale of a product, from the date of receipt of the product.
2. In the case of the purchase of multiple products, where the delivery of individual products takes place at different times, from the date of receipt of the last delivered product.

The withdrawal period is 14 days from the date of receipt by the consumer or by a third party designated by the consumer, other than the carrier.

The provisions of this section do not affect the consumer’s right to withdraw between the date of contract conclusion and the date of receipt of the product.

If the contract was initiated by the consumer’s offer, they have the right to withdraw their offer before concluding the contract, thereby terminating the contractual obligation.

7.2. Withdrawal Declaration and Exercise of the Consumer’s Right of Withdrawal or Termination

The consumer may exercise their right to withdraw under Section 20 of Hungarian Government Decree 45/2014 (II. 26.) by making an explicit declaration or by using the withdrawal form available for download from the website.

7.2.1. If the Consumer wishes to exercise their right of withdrawal, they must notify the Service Provider through the available contact channels.

7.2.2. The Consumer shall exercise their right of withdrawal within the deadline if they send their withdrawal declaration before the 14-day period expires. If submitted in writing, it is sufficient to send the withdrawal declaration within the 14-day period. If sent by post, the date of mailing, and if sent by email, the date of the email's dispatch will be considered.

7.2.3. In case of withdrawal, the Consumer must return the ordered product to the Service Provider’s address without delay, but no later than 14 days from the date of the withdrawal declaration. The deadline is met if the product is sent before the expiration of the 14-day period (it does not have to arrive within 14 days). The Consumer bears the direct cost of returning the product due to the exercise of the right of withdrawal.

Please indicate your withdrawal intention via our contact details.

Ensure that the product is returned in its original condition, with original tags and paper hangtags, clean and unwashed. If the clothing is dirty, stained, covered in pet hair, missing tags or paper hangtags, has a strong odor, has been washed, or is in any way damaged or used, we cannot accept the return due to hygiene reasons.

Please send the returned product(s) and the completed Return Document (marking the "I am withdrawing from the purchase" checkbox) to our logistics partner’s address:

Webshippy Logistics Center
2151 Fót, East Gate Business Park, C/2

Important: Please clearly label the package with "natashop.hu" and the order number. Place the products and the form in a box or bag and seal it securely with strong adhesive tape to ensure safe return delivery.

Note: We cannot accept return shipments sent via cash on delivery.

For further inquiries, please contact us at info@natashop.hu.

7.3. Validity of the Consumer's Withdrawal Declaration

The withdrawal is considered valid if the consumer submits their declaration within the deadline, which is 14 days. The consumer bears the burden of proof that they exercised their right of withdrawal in accordance with these provisions.

If the Service Provider allows online withdrawal, it must confirm receipt of the declaration without delay on a durable medium.

7.4. Detailed Rules of the Right of Withdrawal

If the withdrawal is exercised within 14 days, the Service Provider will refund the cost using the same payment method the consumer used for the purchase. In the case of a warranty replacement, the product's price can be used as store credit on https://www.natashop.hu/en/

7.5. Cases Where the Right of Withdrawal Cannot Be Exercised

The Service Provider expressly informs you that you cannot exercise the right of withdrawal in the cases listed under Section 29 (1) of Hungarian Government Decree 45/2014 (II.26.):

1. If the service contract has been fully performed with the consumer’s prior express consent, and the consumer acknowledged that they would lose the right of withdrawal after full performance.
2. For products or services whose price depends on market fluctuations beyond the Service Provider’s control during the withdrawal period.
3. For non-prefabricated products manufactured based on the consumer's request or tailored specifically to the consumer.
4. For perishable products or products with a short shelf life.
5. For sealed goods that are unsuitable for return due to health protection or hygiene reasons once unsealed after delivery.
6. For products that, due to their nature, are inseparably mixed with other products after delivery.
7. For alcoholic beverages whose price was agreed upon at the time of the sales contract but whose actual value depends on market fluctuations, and delivery occurs only after 30 days.
8. If the Service Provider visits the consumer at their explicit request for urgent repair or maintenance services.
9. For sealed audio or video recordings or computer software if the packaging has been opened after delivery.
10. For newspapers, periodicals, and magazines, except for subscription contracts.
11. For contracts concluded at public auctions.
12. For contracts related to accommodation services (excluding housing), transportation, car rental, catering, or leisure activities with a fixed performance date or deadline.
13. For digital content provided on a non-tangible medium, if performance has begun with the consumer’s prior express consent and acknowledgment that they would lose their right of withdrawal once performance begins.

7.6. Exchange Policy

If the delivered product does not fit, an exchange is possible within 14 days after delivery. In case of a size exchange, the Consumer bears the cost of returning the exchanged product.

Please indicate your intention to exchange via our contact details or by emailing info@natashop.hu, specifying which product you wish to exchange and for which size.

Ensure that the product is in its original condition, with original tags and paper hangtags, clean and unwashed. If the clothing is dirty, stained, covered in pet hair, missing tags or paper hangtags, has a strong odor, has been washed, or is in any way damaged or used, we cannot exchange it due to hygiene reasons.

Please return the product to our logistics partner’s address:

Webshippy Logistics Center
2151 Fót, East Gate Business Park, C/2

Important: Clearly label the package with "natashop.hu" and the order number. Securely pack the products in a box or bag and seal it properly with strong adhesive tape to ensure safe return.

We cannot directly assist with returns, but we can recommend reliable courier services for an easier return process:

• Domestic shipping - GLS
• Domestic shipping - FOXPOST
• Domestic shipping - PACKETA
• International shipping - GLS GROUP

Note: We cannot accept cash-on-delivery return shipments.

For size exchanges, if the new product is more expensive than the original, the Consumer must pay the price difference via bank transfer. If the replacement product is cheaper, the Service Provider will refund the difference via bank transfer.

For further inquiries, please contact us at info@natashop.hu.

8.1. When can the User exercise their right to liability for defects?

If the Service Provider fails to fulfill the contract correctly, the User may enforce a liability for defects claim against the Service Provider in accordance with the rules of the Hungarian Civil Code.

8.2. What rights does the User have under a liability for defects claim?

The User may choose from the following claims under liability for defects:

• Request repair or replacement, unless the chosen remedy is impossible or would result in disproportionate additional costs for the business.
• If repair or replacement is not requested or cannot be provided, the User may request a proportional reduction of the purchase price, rectify the defect at the expense of the business or have it rectified by a third party, or—ultimately—withdraw from the contract.
• The User may switch from one chosen liability for defects claim to another; however, the cost of switching must be borne by the User unless the switch was justified or caused by the business.

8.3. What is the time limit for enforcing a liability for defects claim?

If the User qualifies as a consumer, they must report the defect immediately upon discovery but no later than two months from the date of discovery. However, please note that liability for defects claims can no longer be enforced after two years from the date of performance (or one year for businesses).

8.4. Against whom can the liability for defects claim be enforced?

The User may enforce the liability for defects claim against the Service Provider.

8.5. What other conditions must be met to enforce liability for defects claims (if the User qualifies as a consumer)?

Within six months from the date of performance, there is no additional condition for enforcing a liability for defects claim apart from reporting the defect, provided the User proves that the product or service was supplied by the business operating the webshop. After six months, however, the User must prove that the defect already existed at the time of performance.

Product Warranty

8.6. When can the User exercise their right to a product warranty claim?

If a product is defective, the User may choose to enforce either a liability for defects or a product warranty claim.

8.7. What rights does the User have under a product warranty claim?

Under a product warranty claim, the User may only request the repair or replacement of the defective product.

8.8. When is a product considered defective?

A product is considered defective if:

• It does not meet the quality requirements in effect at the time of its release to the market.
• It lacks the properties specified in the manufacturer’s description.

8.9. What is the time limit for enforcing a product warranty claim?

The User may enforce a product warranty claim within two years (or one year for businesses) from the product’s release to the market by the manufacturer. After this period, the right to enforce the claim expires.

8.10. Against whom and under what conditions can a product warranty claim be enforced?

A product warranty claim can only be enforced against the manufacturer or distributor of the movable item. The User must prove the product’s defect when enforcing a product warranty claim.

8.11. Under what conditions is the manufacturer (or distributor) exempt from the product warranty obligation?

The manufacturer (or distributor) is exempt from the product warranty obligation if they can prove that:

• They did not manufacture or distribute the product in the course of their business.
• The defect was not detectable based on the state of scientific and technical knowledge at the time of distribution.
• The defect was caused by a regulation or mandatory authority requirement.

The manufacturer (or distributor) only needs to prove one of these reasons to be exempt. Please note that a liability for defects claim and a product warranty claim cannot be enforced simultaneously for the same defect. However, if a product warranty claim is successfully enforced, the User may enforce a liability for defects claim against the manufacturer regarding the replaced or repaired product.

Complaints within 14 days, the consumer may request a replacement product or a refund. Beyond this period, warranty replacements will only be provided in exceptional cases.

For matters not regulated in these General Terms and Conditions, the provisions of the Hungarian Civil Code (Act V of 2013) shall apply. In the case of consumer contracts, the provisions of Hungarian Government Decree 45/2014 on contracts concluded between distant parties shall prevail.

(For Users Qualifying as Consumers)

10.1. Conciliation Board Procedure

The User (consumer) may request a free conciliation board procedure regarding the quality and safety of the product, the application of product liability rules, the quality of service, as well as the conclusion and performance of the contract between the parties. If the Consumer has a residence or place of stay in Hungary, the conciliation board operating alongside the county (or metropolitan) chambers of commerce and industry of the respective location is competent.

The contact details of the conciliation boards are available at: https://www.bekeltetes.hu/index.php?id=testuletek. Upon request, the consumer may designate a different conciliation board than the one specified above.

The conciliation board competent based on the Service Provider’s registered office: Budapest Conciliation Board (operating alongside the Budapest Chamber of Commerce and Industry)

Address: 1016 Budapest, Krisztina blvd. 99. III. floor. 310.

Phone: +36 1 488 2186

Fax: +36 1 488 2186

Email: bekelteto.testulet@bkik.hu

Website: http://bekeltet.hu

If the Consumer does not have a residence or place of stay in Hungary, the Budapest Conciliation Board remains the competent authority for cross-border consumer-trader disputes related to online sales or service contracts within Hungary. The Service Provider is obliged to cooperate in the conciliation board procedure. The conciliation board is an independent body operating alongside county (or metropolitan) chambers of commerce and industry. It is responsible for resolving consumer disputes related to the above-mentioned topics outside of court procedures. The board aims to facilitate a settlement between the parties and, if this is unsuccessful, to make a decision ensuring the simple, fast, effective, and cost-efficient enforcement of consumer rights. At the request of the consumer or the business, the conciliation board also provides advice on consumer rights and obligations.

11.1. Copyright Protection of the Webshop

As per Hungarian legislation, according to Section 1 (1) of Act LXXVI of 1999 on Copyright (hereinafter referred to as the Copyright Act), the website qualifies as a copyrighted work, and therefore all its parts are protected by copyright. Pursuant to Section 16 (1) of the Copyright Act, the unauthorized use of the graphical and software solutions, as well as computer programs found on the website, is prohibited.

The data processing information of the website is available on the following page: https://www.natashop.hu/en/shop_help.php?tab=privacy_policy

Budapest,

November 18, 2024

(To be completed and returned only in case of intent to withdraw from the contract)

Recipient:
Name: Stoica Márk
Mailing Address: 1117 BUDAPEST, SZERENÁD Street 6., Building: C, Floor: 6, Door: 3
Email Address: info@natashop.hu
Phone Number: +36 30 217 4850

The undersigned hereby declares the withdrawal from the purchase of the following goods:

Order Date / Receipt Date:

Consumer(s) Name:

Consumer(s) Address:

Consumer(s) Signature (only in case of written notification):

Date:

Name: STOICA MÁRK (NataShop EV)

Registered Address: 1117 BUDAPEST, SZERENÁD Street 6, Building: C, Floor: 6, Door: 3.

Mailing Address: 1117 BUDAPEST, SZERENÁD Street 6, Building: C, Floor: 6, Door: 3.

Registration Number: 59109400

Registering Authority: National Tax and Customs Administration of Hungary

Tax Number: 49398238-2-43

Email: info@natashop.hu

Website: https://www.natashop.hu/en/ (hereinafter referred to as the "Data Controller").

2.1. The Data Controller primarily processes Users' data in accordance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR);
• Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Ekertv.);
• Act XLVIII of 2008 on the fundamental conditions and certain limitations of economic advertising activities.

2.2. This Privacy Notice applies to

data processing carried out in connection with the use of the website https://www.natashop.hu/en/ (hereinafter: the "Website"), the use of services available on the Website, and the fulfillment of orders placed in the online store.

2.3. For the purposes of this Privacy Notice, a User is defined as

a natural person who browses the Website, uses the services available on the Website, or places an order with the Data Controller.

3.1. The legal basis for data processing carried out by the Data Controller

• For certain types of data processing, the legal basis is the User's consent, in accordance with Article 6(1)(a) of the GDPR.
• For data processing related to order fulfillment, the legal basis is the performance of a contract in which the User is a party, as specified in Article 6(1)(b) of the GDPR.

3.2. In cases where data processing is based on consent

The User grants their consent by checking the consent checkbox placed before the relevant data processing declaration.
The Privacy Policy can be accessed at any time by clicking the "Privacy Policy" link at the bottom of every page on the Website or via the link provided in the data processing declaration. This ensures that the Data Controller provides clear and detailed prior information to the User.
By checking the consent checkbox, the User confirms that they have read and understood the Privacy Policy and consent to the processing of their data as described in this document.

3.3. In some cases, data processing may be required by law

Certain legal obligations may require the Data Controller to carry out specific data processing activities. Additionally, legitimate interest may serve as a legal basis for data processing.
More details on these cases are provided in the respective sections of this Privacy Policy.

4.1. Use of Cookies

The Data Controller uses cookies to operate the Website, collect technical data about visitors, improve the quality of services, and facilitate the use of the Website.

Below, you can read a general overview of cookies, followed by details on how cookies are used on our Website.

4.2. General Information About Cookies

4.2.1. What Are Cookies?

A cookie is a small data file (a variable alphanumeric information package) that the server of the visited website sends to your device. The cookie is stored in the browser of your computer, phone, or tablet and can later be read by the server that placed it. Other websites cannot read these cookies—only the one that originally set them.

Cookies serve various purposes, such as measuring website traffic and making browsing easier by remembering previously opened pages.

Cookies do not contain any personal data that would allow direct identification via email, phone, or postal mail. They are only capable of recognizing the visitor's device, not the visitor themselves.

If you do not wish to accept cookies on the Website, you can adjust your browser settings to notify you about cookie placement or to prevent their storage.

4.2.2. How Can You Control the Use of Cookies?

When visiting our Website, cookies are stored on your device (computer, phone, or tablet). Upon entering the Website, a pop-up window will notify you about this.

Essential cookies required for the Website’s functionality and usability do not require your consent. Anonymous visit analytics do not involve personal data processing, so no consent is needed for that either. Since we do not use cookies for other purposes, we are only required to provide you with information.

You can choose to disable and delete cookies at any time through your browser settings. However, please note that without cookies, you may not be able to access certain features that facilitate browsing, and some of our services may not function properly.

4.2.3. Managing Cookie Settings in Browsers

You can modify your cookie settings through your browser. You may disable cookies by activating the setting that allows you to refuse all or certain cookies. These settings are usually found in the "Settings" or "Preferences" menu of your browser.

For more details, refer to the following links:

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Internet Explorer: Visit https://support.microsoft.com and search for "cookies."

Safari: Visit https://support.apple.com/en-us and search for "cookies."

Opera: http://help.opera.com/Windows/10.50/en/cookies.html

4.2.4. Types of Cookies

Cookies can be classified based on their lifespan (temporary or session cookies vs. persistent cookies) and their source (first-party or third-party cookies). Below, we explain these terms to help you better understand the cookies we use and why we use them.

4.2.5. Session Cookies (Temporary Cookies)

Session cookies are valid only during your browsing session. They allow our Website to recognize you during your visit, so any selections or modifications you make can be remembered as you navigate from page to page.

These cookies enable a smooth user experience by allowing you to browse multiple pages quickly without having to re-enter information (e.g., filling out a form repeatedly).

Session cookies are automatically deleted from your device once you close your browser.

4.2.6. Persistent Cookies (Saved Cookies)

Persistent cookies remain on your device for a predefined period (days, weeks, months, or even years) after you finish browsing.

These cookies help recall user preferences and actions for future visits (e.g., remembering a username or password for a specific website).

Persistent cookies remain stored on your device until their expiration date, but you can delete them manually at any time.

4.2.7. First-Party Cookies (Website Operator’s Cookies)

Cookies from the Browsed Website’s Server. In this case, we refer to functional cookies and convenience-enhancing cookies sent from the server hosting the website operated by the Data Controller. The general properties and functions of these cookies have been detailed above.

These cookies store the IP address of your device, the pages you visit while using the website, and, optionally (based on your choice), your username and password. This allows you to navigate the website without having to repeatedly perform the same actions—such as reloading the same pages or re-entering your login credentials when revisiting the website.

For registered users, these cookies help manage access rights: once a user logs in, they receive the necessary permissions. These cookies do not store any additional information, such as when or who logged in—they are solely used to verify login permissions.

These are so-called session cookies, meaning they are valid only while browsing. If a user starts browsing the website, the cookie is activated and remains valid for up to 15 minutes after the last recorded activity or until the user logs out.

An exception to this is the cookie that remembers login credentials, which—if you choose to enable it—is stored on your browsing device for 365 days.

4.2.8. Third-Party Cookies

Third-party cookies are not set by the Data Controller or the Website’s hosting server. Instead, they originate from external services and may be stored on your computer, phone, or tablet during your visit.

4.2.8.1. Google Cookies

The Google Analytics© files help monitor the site and collect information on how the website is used (such as the number of visitors, pages viewed, users’ geographical location, referral sources, browser type, operating system, internet service provider, and screen resolution, time spent on the website, and exit pages). We use this data to create statistics and further improve the website. The data is not collected in a way that would allow the identification of your device, meaning that we cannot identify you based on your browsing habits. No personal data is processed during visitor analysis. The collected anonymous data is also accessible to Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), the owner and operator of Google Analytics tools. For more information, please visit:

https://www.google.com/analytics
https://support.google.com/analytics/answer/2838718?hl=en

Google Analytics© cookies are considered persistent cookies, stored for a maximum of two years, but in practice, depending on the type of cookies, they remain for a duration between two hours and six months. For more details about cookies, including how to view, manage, and delete them, visit http://www.allaboutcookies.org. To disable Google Analytics tracking on all pages, visit https://tools.google.com/dlpage/gaoptout.

4.2.8.2. Barion Pixel

The Barion Pixel is a JavaScript-based tracking code embedded in the Controller’s website (similar to Google Analytics and Facebook Pixel) that tracks visitors’ activities on the website. The Barion Pixel collects various types of data about visitors, such as viewed products, clicked items, searches, items added to the cart, and completed purchases. (For more details: https://docs.barion.com/Barion_Pixel/). The data is transmitted to Barion’s servers, and the Controller does not have access to this information. The purpose of data collection via the Barion Pixel is fraud prevention. Further details can be found in the "Privacy Policy" document available on Barion Payment Zrt.'s website: https://www.barion.com/en/privacy-notice.

4.2.8.3. Facebook Pixel (Meta Pixel)

Our webshop uses Meta (Facebook) Pixel technology to measure the effectiveness of our advertisements. The Meta Pixel is a JavaScript-based code that collects information about website visitors and their activities, which is used for optimizing Facebook and Instagram ads, as well as for statistical and marketing purposes.

Data collected by the Meta Pixel:

• Activities performed on our website (e.g., product views, cart additions, purchases)
• Browser and device data
• IP addresses and other technical information

Purpose of data processing:

• Analyzing and optimizing advertisement performance
• Running remarketing campaigns on Meta platforms (Facebook, Instagram)

The data collected by the Meta Pixel is processed by Meta Platforms Ireland Ltd. and may be transferred outside the European Union in accordance with Meta's data processing policies. More information about Meta’s privacy policy is available here: https://www.facebook.com/privacy/policy.

How to disable Meta Pixel?
Visitors can limit or disable the Meta Pixel’s operation at any time through their browser settings or by using the ad preferences tools provided by Facebook: https://www.facebook.com/adpreferences/ad_settings.

For further inquiries regarding the use of the Meta Pixel, please contact us via the contact details provided in our Privacy Policy.

4.3. Data Processing Implemented by Cookies and Log Files on Our Website

4.3.1. Scope of Data Subjects

All Users who visit the website, regardless of whether they use the available services.

4.3.2. Legal Basis for Data Processing

For data processing that is technically essential for providing the service, Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Ekertv.) authorizes the Controller to process the data necessary for the proper operation of the website. Such data processing is carried out by log files and certain cookies. Detailed information on log files is available in Section 4, while relevant details about cookies are provided below.

Based on the above, the legal basis for processing these data is the Controller’s legitimate interest under Article 6(1)(f) of the GDPR.

Under this legal basis, we only process data necessary for the user-friendly operation of the website, and we retain such data only for the required period. These are technical data (e.g., IP address, browser type, screen resolution) essential for the proper display of web pages and for ensuring the website’s functions operate smoothly and conveniently for you. We do not transfer these data to third parties, nor do we process them for other purposes. Consequently, processing these data poses no risk to you, but the proper use of the website cannot be ensured without them. Our legitimate interest lies in maintaining the website’s usability, as it is the only way to provide our services electronically. Ensuring the availability of our website is a fundamental requirement for the effective operation of our business. Therefore, the processing of these data is justified by our legitimate interest, which, as it poses no risk to you, proportionally limits your right to self-determination.

Visitor analytics are conducted using anonymized data collection, meaning that no personal data is processed in this context.

4.3.3. Categories of Processed Data

For enabling user-friendly browsing:

• The webpages visited during the browsing session and their opening sequence
• The IP address of the device you use

For verifying login authorization (if stored based on your decision):

• Your email address (as a username) or your username
• Password
• The IP address of the device you use

Visitor analytics are conducted using anonymized data collection, meaning that no personal data is processed in this context.

4.3.4. Purpose of Data Processing

Ensuring the user-friendly operation of the website.

Specifically:

Necessary and Functional Data Processing (“Essential” and “Functional” Categories in the Pop-Up Window):

1. Identification of your browsing device and temporary storage of identifying data (such as the IP address) during the browsing session. This ensures seamless navigation—without this, you would need to repeatedly identify yourself or redo processes on each visited page.
2. Processing of browsing-related data: The following types of data are recorded anonymously for the purposes listed below and cannot be linked to an individual. Therefore, no personal data is processed in this case.
   1. Measuring website traffic, tracking the frequency of visits to certain pages, and measuring the duration of visits on different pages to optimize the website according to user needs and understand users' interests.
   2. Approximate location determination (regional level) of the browsing device to map the geographical distribution of interest in our services.
   3. Identifying the referring website to understand the broader interests of visitors interested in our services.

The collection of the above anonymous data allows us to measure and enhance the effectiveness of our marketing activities aimed at promoting our services.

To collect this data, we use the tools of Google Analytics (Google Ireland Ltd.). When visiting pages that utilize Google Analytics, Google cookies store your indicated preferences and information, which helps measure website traffic and analyze browsing behavior using anonymous data.

We do not conduct targeted online marketing activities for you personally.

The following data categories are processed in a way that they can be linked to your identity, but we only access them for technical purposes during your login; otherwise, they are stored on your device:

• Your email address or username and password, which can be optionally stored for easier login (this is stored on your device based on your decision).
• Verification of your login authorization, including your email address (used as a username) or username and password (in encrypted form, which we cannot access), along with the IP address of the device you use for browsing.

4.3.5. Duration of Data Processing

We process data only for the duration of the browsing session.

The data necessary for the user-friendly operation of the website (IP address, sequence of visited pages during browsing) are recorded only for the browsing session and are deleted upon its completion. Our IT system processes such data internally, and no third party has access to them.

Your username and password may be stored persistently based on your decision, using cookies saved on your device. You can manage and delete these cookies in your browser settings, thereby controlling the duration of data storage.

Visitor analytics are conducted using anonymized data collection, meaning no personal data is processed in this context.

4.3.6. Method of Data Storage

Data is stored in separate processing lists within our IT system. The data necessary for ensuring the user-friendly operation of the website (IP address, sequence of visited pages) are not permanently stored. Cookies providing such data are stored locally on your device.

4.3.7. IT Data Processing Using Google Analytics

For more information on data processing through Google Analytics tools, please visit the Google Analytics support page at: https://www.google.com/intl/hu_ALL/analytics/support. We only use the functions specified above from the available Google Analytics features.

4.3.8. IT Data Processing Using Barion Pixel

For more information on data processing through Barion Pixel tools, please visit the Barion Payment Zrt. website at: https://www.barion.com/en/cookie-notice/ 

4.4. Log File Entries

The IT system associated with our hosting service uses electronic log entries. The log files store the IP address, the type of browser used by the visitor, the internet service provider, date/time stamp, referring and exit pages, and the number of clicks made during the visit. This enables us to properly display our website on your device and allows us to trace error conditions in case of malfunctions, making browsing more stable and secure if necessary. It also helps us manage and administer the website efficiently.

These data do not directly identify individuals and are stored for 30 days. The processing of log files follows the general data processing principles outlined in Section 3. However, log files are not used for visitor analytics or any other form of data recording or utilization.

4.5. Use of Data Processors

4.5.1. Use of External Service Providers for Anonymous Visitor Analytics

Since no personal data is processed during visitor analytics, the external service provider is not considered a data processor.

4.5.2. Service Provider for Website Visitor Analytics

Google Ireland Ltd.

Company Registration Number: 11603307

VAT Number: IE 6388047V

Registered Office: Gordon House, Barrow Street, Dublin 4, Ireland

Phone: +353 1 436 1000

Website: https://www.google.ie/

5.1. Scope of Data Subjects:
Users who send messages to the Data Controller via email using the email address(es) provided on the website.

5.2. Legal Basis for Data Processing:
Based on Article 6(1)(a) of the GDPR, the User's consent.

5.3. Scope of Processed Data:
The User sending the message:

• Name,
• Email address,
• Any additional data provided by the User in the message.

Regarding any additional data voluntarily provided by the User in the message, the Data Controller processes only the data necessary for receiving and handling the message. However, the Data Controller does not request any personal data beyond what is required for communication. If unexpected personal data is shared, the Data Controller does not store it and deletes it immediately from its IT system.

5.4. Purpose of Data Processing:
To enable message exchange between the User and the Data Controller.

Related services include:

• Writing a message on the website,
• Receiving messages via email (using the email address(es) provided on the website),
• Responding to messages received through the above methods, which the Data Controller completes within 2 business days.

5.5. Duration of Data Processing:
Until the message is responded to or the User's request is fulfilled. After responding to the message or fulfilling the request, the Data Controller deletes the data processed for this purpose.

If the exchange of information involves multiple related messages, the Data Controller deletes the data once the conversation is concluded and the request is fulfilled.

If the message exchange results in a contract, and the content of the messages is relevant to the contract, then the legal basis and duration of data processing are governed by Section 8 (data processing related to orders).

5.6. Method of Data Storage:
The Data Controller stores the data in a separate data management list within its IT system.

6.1. Scope of Data Subjects:
Users who register on the website.

6.2. Legal Basis for Data Processing:
Based on Article 6(1)(a) of the GDPR, the User's consent. The User provides voluntary consent by clicking on the icon depicting a schematic human figure, then selecting the "REGISTRATION" button, filling out the displayed registration form, checking the box for the data processing statement, and finally clicking the "REGISTER" button.

6.3. Scope of Processed Data:
For registered users, data processing includes the personal data and contact details required on the above-mentioned registration form.

Processed data:

• Last name
• First name
• Phone number
• Email address
• Shipping address
• Billing address
• Tax number (for companies)
• Password

Purpose of Data Processing:
Website registration to facilitate regular purchases.

Related services:

• Creating a personal account for the User,
• Simplifying online product ordering by storing the necessary order fulfillment data and allowing the User to modify this data independently,
• Storing and providing access to previous orders within the User’s account.

6.4. Duration of Data Processing:
For registered Users, data processing continues until the User requests deletion. Data processing may also end if the User deletes their registration or if the Data Controller deletes the registration.

The User may delete their registration at any time or request its deletion from the Data Controller, who will process the request immediately, but no later than 10 business days after receiving it.

6.5. Method of Data Storage:
The Data Controller stores the data in a separate data management list within its IT system.

7.1. Scope of Data Subjects:
Users who subscribe to the newsletter by clicking the checkbox next to the newsletter subscription section on the website.

7.2. Legal Basis for Data Processing:

The legal basis for data processing is the User's consent in accordance with Article 6(1)(a) of the GDPR and Sections 6(1) and (2) of the Grt. The User provides voluntary consent by familiarizing themselves with this privacy notice and filling out the subscription fields for the newsletter, including checking the consent statement. By doing so, the User declares that they consent to the processing of their data as specified in the privacy notice and to receiving newsletters.

The newsletter service, in addition to providing useful information, also serves the purpose of direct marketing by the Data Controller. The User may subscribe to this service independently of using other services. Subscription to this service is voluntary and is based on the User's informed decision. If the User does not subscribe to the newsletter service, it will not result in any disadvantage regarding the use of the website or access to other services. The Data Controller does not make the use of direct marketing services a prerequisite for accessing any other services.

7.3. Scope of Processed Data:

• Name
• Email address

7.4. Purpose of Data Processing:
To send newsletters via email to the User. These newsletters contain information about the Data Controller’s services, updates, news, promotional offers, advertisements, and sales-related content.

7.5. Duration of Data Processing:
The Data Controller processes the data for newsletter purposes until the User withdraws their consent (unsubscribes) or requests the deletion of their data.

7.6. Method of Data Storage:
The Data Controller stores the data in a separate data management list within its IT system.

8.1. Scope of Data Subjects:
Users who place an order on the website.

8.2. Legal Basis for Data Processing:
Based on Article 6(1)(b) of the GDPR, data processing is necessary for the performance of a contract in which the User is one of the parties.

8.3. Scope of Processed Data:
The data processing involves the following personal data and contact details:

User’s:

• Last name and first name
• Shipping address
• Billing address
• Phone number
• Email address
• Ordered product(s)
• Purchase price of the ordered product(s)
• Shipping method
• Payment method
• Additional information provided by the User during the order process that is necessary for order fulfillment, such as order date and payment date.

8.4. Purpose of Data Processing:
To conclude and fulfill the contract created as a result of the order.

8.5. Duration of Data Processing:
The Data Controller retains the above data necessary for fulfilling the order for the duration required to comply with the accounting law’s record-keeping obligations.

According to the accounting law, this period is at least 8 years from the invoice issuance date, after which the Data Controller deletes the data within one year.

For order fulfillment, during shipping, the necessary data (name, shipping address, phone number) is processed until the completion of the delivery. The Data Controller imposes data processing restrictions when transferring necessary shipping details to the delivery company, ensuring that the courier only processes the data to the extent and for the time required for delivery.

However, the delivery company may have a legitimate interest in retaining part of this data for a certain period in case of complaints, claims, or legal disputes. In this case, the delivery company acts as an independent Data Controller, and the User can find more information in the privacy policy of the respective service provider. The Data Controllers used by the Data Controller are listed in the “Use of Data Processors” section of this privacy policy, along with links to their respective privacy statements.

Additional data processed during the order process—such as essential messages exchanged between the User and the Data Controller regarding the order—will be stored for 5 years from the contract conclusion, in line with the general statute of limitations for civil law claims.

8.6. Method of Data Storage:
The Data Controller stores the data in a separate data management list within its IT system. Additionally, the data required for proper accounting is stored in accounting records in compliance with the accounting law’s record-keeping obligations.

9.1. Scope of Data Subjects:
Users who choose an online payment method during the ordering process on the website, regardless of whether they use other services provided by the website.

9.2. Recipient of Data Transfer:

Barion Payment Zrt.

Company Registration Number: 01-10-048552

Tax Number: 25353192-2-43

Registered Address: 1117 Budapest, Infopark promenade 1. I. Building. 5. Floor. 5.

Mailing Address: 1117 Budapest, Infopark promenade 1. I. Building. 5. Floor. 5.

Phone: +36 1 464 70 99

Email: compliance@barion.com

Website: https://www.barion.com/en/ 

Barion Payment Zrt. is the provider of the online payment service available on the Data Controller’s website.

9.3. Legal Basis for Data Transfer:
According to Article 6(1)(f) of the GDPR, the recipient has a legitimate interest.

As required by law, the recipient must operate a fraud prevention and detection system related to payment services and is authorized to process the necessary personal data for this purpose. The recipient has established a system in compliance with legal obligations, and the data transfer by the Data Controller is necessary for its operation.

The legal provisions applicable to the recipient include:

• Section 165(5) of Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises
• Section 92/A(3)(f) of Act CCXXXV of 2013 on Certain Payment Service Providers
• Section 14(1)(v) of Act LXXXV of 2009 on the Provision of Payment Services

Both the Data Controller and the recipient have a legitimate interest in fraud prevention and ensuring the proper operation of online payments, which is also in the User's best interest, particularly in preventing misuse of bank card data.

The data transfer enables the detection and prevention of fraud and helps resolve any issues that may arise during the payment process.

The transferred data is transmitted exclusively to the recipient via an encrypted electronic channel and only in cases where an online bank card payment is made. The recipient does not use the data for any other purpose. Consequently, the data transfer does not pose a significant risk to the User and has no noticeable impact on them.

The data transfer is necessary to achieve the objectives described here and contributes to making the payment service more secure. Given the safeguards in place, the data transfer does not constitute an excessive intrusion into Users’ privacy, making it a necessary and proportionate data processing operation.

9.4. Scope of Transferred Data:

• Products added to the shopping cart and related purchase details (prices, costs)
• Last name
• First name
• Phone number
• Email address
• Address

The bank card details provided during payment are entered directly by the User into the payment service provider’s system and are not accessible to the Data Controller.

9.5. Purpose of Data Transfer:
To ensure the proper operation of the payment service, facilitate payment transactions, confirm transactions, and implement fraud monitoring to detect suspicious electronic banking transactions. The data may also be used for customer support services related to payments.

9.6. Further Information on Barion’s Data Processing:
Users can learn more about Barion’s data processing practices, including legal basis, purposes, scope of processed data, and retention periods, at:
https://www.barion.com/en/privacy-notice/ 

9.7. The Data Controller does not transfer data to third parties for business or marketing purposes.

9.8. The Data Controller transfers data to authorities only in cases where it is legally required.

9.9. Data Transfer to Meta (Facebook)

Our webshop uses Meta's (Facebook) event management feature, which allows us to transmit certain user activities on our website to Meta. This helps optimize our advertisements and improve the shopping experience.

The following personal data may be transferred:

• Last name
• First name
• Email address
• Phone number

The transferred data is processed in encrypted form and is used exclusively to improve ad performance on the Meta platform, provide targeted offers, and conduct statistical analyses.

Recipient of Data Transfer:

Meta Platforms Ireland Ltd.

Address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Website: https://www.facebook.com

Privacy Policy: https://www.facebook.com/privacy/policy

Legal Basis for Data Transfer:
According to Article 6(1)(f) of the GDPR, Meta has a legitimate interest in improving the efficiency of its advertising services and personalizing user experiences.

The transferred data is encrypted, and Meta processes it exclusively in accordance with its privacy policy. Users can modify their ad settings at any time at:
https://www.facebook.com/adpreferences/ad_settings

For more details on Meta’s data processing and privacy protection, visit the link above.

The Data Controller engages the following business entities as data processors.

10.1. Hosting Service Provider

10.1.1. Scope of Data Subjects: Users visiting the website, regardless of whether they use the services provided by the website.

10.1.2. The Data Controller engages the following data processor:

UNAS Online Kft.

Company Registration Number: 08-09-015594

Tax Number: 14114113-2-08

Registered Office: 9400 Sopron, Kőszegi road 14.

Phone: +36 99 200 200

Email: unas@unas.hu

Website: https://unas.hu/

as the web hosting service provider (hereinafter: Data Processor).

10.1.3. Scope of Processed Data:

The data processing applies to all data specified in this privacy policy.

10.1.4. Purpose of Data Processing:

Ensuring the technical operation of the website in an IT sense.

10.1.5. Duration of Data Processing:

The same as the data retention periods specified in this privacy policy for each purpose of data processing.

10.1.6. Nature of Data Processing:

Data processing is limited to providing hosting services necessary for the website's IT operation.

10.2. Website Developer

10.2.1. Scope of Data Subjects: Users visiting the website, regardless of whether they use the services provided by the website.

10.2.2. The Data Controller engages the following data processor:

Stoica Márk (NataShop EV)

Registration Number: 59109400

Tax Number: 49398238-2-43

Registered Office: 1117 Budapest, Szerenád street 6. Bldg.: C Flr.: 6 Apt.: 3

Mailing Address: 1117 Budapest, Szerenád street 6. Bldg.: C Flr.: 6 Apt.: 3

as the website developer (hereinafter: Data Processor).

10.2.3. Scope of Processed Data:

The data processing applies to all data specified in this privacy policy.

10.2.4. Purpose of Data Processing:

Ensuring the IT operation of the website through necessary technical data processing activities.

10.2.5. Duration of Data Processing:

The same as the data retention periods specified in this privacy policy for each purpose of data processing.

10.2.6. Nature of Data Processing:

Data processing is limited to the technical operations necessary for the website's IT operation.

10.3. Data Processing Related to Product Delivery

10.3.1. Scope of Data Subjects:

Users who order products for delivery to a specified address or pick-up point.

10.3.2. Data Processor: The Data Controller engages the following service providers as data processors for product delivery:

GLS General Logistics Systems Hungary Package-Logistics Limited Liability Company

Short name: GLS General Logistics Systems Hungary Kft.

Company registration number: 13-09-111755

Tax number: 12369410-2-44

Registered office: 2351 Alsónémedi, GLS Európa str. 2.

Mailing address: 2351 Alsónémedi, GLS Európa str. 2.

Phone: +36 29 886 670

Fax: +36 29 886 610

Email: info@gls-hungary.com

Website: https://gls-group.eu/HU/hu/home

DPD Hungary Kft.

Company registration number: 01-09-888141

Tax number: 13034283241

Registered office: 1134 Budapest, Váci road 33. 2nd floor

Phone: +36 1 501 6200

Email: dpd@dpd.hu

Website: www.dpd.com/hu

Magyar Posta Private Limited Company

Company registration number: 01-10-042463

Tax number: 10901232-4-44

Group identification number: 17784083-5-44

Registered office: 1138 Budapest, Dunavirág street 2-6.

Mailing address: 1540 Budapest

Phone: +36 1 767 8282

Email: ugyfelszolgalat@posta.hu

Website: https://www.posta.hu/

FoxPost Private Limited Company

Short name: Foxpost Zrt.

Company registration number: 10-10-020309

Tax number: 25034644-2-10

Registered office: 3300 Eger, Maklári road 119.

Mailing address: 1097 Budapest, Könyves Kálmán boulevard 12-14.

Phone: +36 1 999 0369

Email: info@foxpost.hu

Website: https://foxpost.hu/en/ 

These companies act as data processors (hereinafter: "Data Processor") for the fulfillment of product delivery and parcel locker services.

10.3.3. Scope of Processed Data:

For the fulfillment of the contract resulting from the User's order (delivery execution), the following User data is processed:

• Last name
• First name
• Phone number
• Shipping address

10.3.4. Purpose of Data Processing:

To fulfill the contract resulting from the User's order, ensuring the delivery of the ordered product to the specified address, including potential phone coordination regarding the time and location of delivery.

10.3.5. Duration of Data Processing:

The data is processed for the time necessary to complete the delivery and handover.

10.3.6. Nature of Data Processing:

The data is processed solely for the purpose of fulfilling delivery and handover procedures.

10.4. Data Processing Related to Invoice Generation

10.4.1. Scope of Data Subjects: Users placing orders on the website.

10.4.2. The Data Controller engages the following data processor:

Billingo Technologies Zrt.

Company Registration Number: 01 10 140802

Tax Number: 27926309241

Registered Office: 1133 Budapest, Árbóc street 6.

Phone: +36-1/500-9491

Email: hello@billingo.hu

Website: https://www.billingo.hu/

as the developer and maintainer of the invoicing software used by the Data Controller (hereinafter: Data Processor).

10.4.3. Scope of Processed Data:

Includes the name, address, ordered products/services, purchase date, price, shipping fee, and any additional charges related to the order.

10.4.4. Purpose of Data Processing:

Ensuring the IT operation of the invoicing software used by the Data Controller.

10.4.5. Duration of Data Processing:

The duration specified by the Hungarian Accounting Act, which is 8 years from the invoice issuance date.

10.4.6. Nature of Data Processing:

Data processing is limited to technical operations necessary for operating the invoicing software.

10.5. Data Processing Related to Accounting Services

10.5.1. Scope of Data Subjects: Users placing orders.

10.5.2. The Data Controller engages the following data processor:

MészÉv ACCOUNTING Bt.

Tax Number: 25406087-2-13

Registered Office: 2336 Dunavarsány, Erkel F street 53.

Phone: +36 20 394 7569

Email: m.evi@outlook.hu

as the Data Controller's accountant (hereinafter: Data Processor).

10.5.3. Scope of Processed Data

The data processing involves the name and address of the User placing the order, as well as the designation of the ordered item(s), the date of purchase, the purchase price, shipping fees, and any additional charges recorded on the corresponding receipts.

10.5.4. Purpose of Data Processing:

Ensuring compliance with statutory accounting obligations.

10.5.5. Duration of Data Processing:

Up to 8 years from the invoice issuance date.

10.5.6. Nature of Data Processing:

Data processing is limited to operations necessary to fulfill accounting obligations.

10.6. Data Processing Related to Packaging Services

10.6.1. Scope of Data Subjects: Users placing orders.

10.6.2. The Data Controller engages the following data processor:

Webshippy Magyarország Kft.

Company Registration Number: 13-09-213880

Tax Number: 25569421-2-13

Registered Office: 2151 Fót, 0221/12. (East Gate Business Park C/2.)

Phone: +36 1 99 88 099

Email: info@webshippy.com

Website: https://webshippy.com/

as an economic entity involved in the packaging of the ordered goods and their handover to delivery partners (hereinafter referred to as the Data Processor).

10.6.3. Scope of Processed Data

The Data Processor handles the following data of the User placing the order: name, billing and shipping address, designation of the ordered item(s), date of purchase and purchase price, selected shipping and payment method.

10.6.4. Purpose of Data Processing

The purpose of data processing is to fulfill the contract established based on the User's order. This includes: preparing and packaging the ordered products, handing them over to the designated delivery service for shipping to the address provided by the User.

10.6.5. Duration of Data Processing:

Same as the respective data retention periods specified in this privacy policy.

10.6.6. Nature of Data Processing:

Data processing is limited to operations necessary for fulfilling and verifying orders.

10.7. No other purposes of data processing apply.

10.8. No other data processors are engaged beyond those listed above.

11.1. Right of Access

Upon request, the Data Controller provides the User with information regarding the personal data processed by it or its authorized Data Processor. This includes the data's source, purpose, legal basis, and duration of processing, as well as details about the Data Processor’s identity, address, and processing activities. Additionally, if a data breach occurs, the Data Controller informs the User about the circumstances, effects, and corrective actions taken. If the User's personal data is transferred, the Data Controller also provides information on the legal basis and recipient.

The Data Controller responds to such requests without undue delay and within one month of receipt.

As part of this right, the Data Controller provides the User with a copy of the personal data being processed, also within one month. If the User requests additional copies, the Data Controller may charge a reasonable fee based on administrative costs (as detailed in Section 12).

11.2. Right to Data Portability

The User has the right to receive the personal data they have provided to the Data Controller in a structured, commonly used, machine-readable format. They may also request that this data be transferred directly to another data controller, provided:

a) The processing is based on the User’s consent or a contract; and
b) The processing is carried out by automated means.

If technically feasible, the User may request direct transfer of their personal data between controllers.

11.3. Right to Rectification

The User has the right to request correction of inaccurate data, which the Data Controller must carry out without undue delay and within one month of receipt. Considering the purpose of processing, the User may also request the completion of incomplete data, including through a supplementary statement.

11.4. Right to Restriction of Processing

The Data Controller marks personal data to indicate restricted processing upon the User’s request if any of the following conditions apply:

1. The User contests the accuracy of the personal data, in which case processing is restricted until accuracy is verified.
2. The processing is unlawful, but the User opposes deletion and requests restriction instead.
3. The Data Controller no longer needs the data for processing purposes, but the User requires it to establish, exercise, or defend legal claims.
4. The User objects to processing based on the Data Controller’s legitimate interests, in which case restriction applies until it is determined whether the Data Controller’s legitimate reasons override the User’s interests.

11.5. Right to Erasure ("Right to be Forgotten")

The Data Controller deletes personal data if:

1. The data is no longer necessary for the purposes for which it was collected or processed.
2. The User withdraws consent, and there is no other legal basis for processing.
3. The User objects to processing, and there are no overriding legitimate grounds for processing, or the objection relates to direct marketing purposes.
4. The data was processed unlawfully.
5. The data must be erased to comply with a legal obligation under EU or national law.
6. The data was collected in connection with offering information society services directly to children.

The Data Controller notifies the User and any third parties to whom the data was previously transferred about the rectification, restriction, or deletion of personal data. This notification may be omitted if it is impossible or requires disproportionate effort. Upon request, the User may obtain a list of such recipients.

11.6. Right to Object

The User has the right to object to the processing of their personal data based on the Data Controller’s legitimate interests. In such cases, the Data Controller ceases processing unless it demonstrates compelling legitimate grounds that override the User’s rights and freedoms or if processing is necessary for legal claims.

12.1. Free of Charge Requests and Potential Fees

The Data Controller provides the information and actions specified in Section 11 free of charge. However, if the User’s request is clearly unfounded or excessive—especially due to its repetitive nature—the Data Controller may:

1. Charge a reasonable fee considering the administrative costs of providing the requested information or action, or
2. Refuse to take action based on the request.

12.2. Response Time and Possible Extensions

The Data Controller informs the User about actions taken in response to their request without undue delay and no later than one month from receipt, including the provision of data copies. If necessary—considering the complexity and number of requests—this deadline may be extended by an additional two months.

The Data Controller informs the User of any extension within one month of receiving the request, stating the reasons for the delay. If the request was submitted electronically, the Data Controller responds electronically unless the User requests otherwise.

12.3. Rejection of Requests

If the Data Controller does not take action based on the User’s request, it informs the User without undue delay and within one month of receipt. The notification includes the reasons for refusal and informs the User of their right to file a complaint with the supervisory authority (as detailed in Section 14) or seek judicial remedies.

12.4. User Identification for Requests

Users may submit requests in any manner that allows their identification. Identification is necessary as the Data Controller can only fulfill requests for authorized individuals. If the Data Controller has reasonable doubts about the identity of the requester, it may request additional information to verify the User's identity.

12.5. Submission Methods

Users may submit their requests:

• By mail to the Data Controller’s address: 1117 Budapest, Szerenád street 6, building C, floor 6, door 3
• By email to info@natashop.hu

Email requests are considered valid only if sent from the email address registered with the Data Controller. However, using a different email address does not automatically result in the request being ignored. In the case of email submissions, the request is considered received on the next business day after sending.

13.1. The Data Controller ensures the security of data within its data management and data processing activities. It implements technical and organizational measures, as well as internal procedural rules, to enforce legal regulations and other data and confidentiality protection rules. It takes appropriate measures to protect the processed data, particularly against unauthorized access, modification, transmission, disclosure, deletion, or destruction, as well as accidental loss, damage, and inaccessibility resulting from technological changes.

13.2. The Data Controller's IT system records data used for measuring website traffic and analyzing user behavior from the outset in a manner that prevents direct association with any individual.

13.3. Data processing is carried out only for the lawful purposes defined in this notice, to the extent necessary and proportionate, in compliance with applicable laws and recommendations, and with appropriate security measures in place.

13.4. To ensure security, the Data Controller uses the "https" protocol for website access, enabling encrypted and uniquely identifiable web communication. Additionally, in line with the above, the Data Controller stores processed data in encrypted datasets, separated according to data processing purposes, in designated data processing lists. These lists are accessible only to specific employees of the Data Controller who perform tasks related to the activities outlined in this notice. These employees are responsible for protecting the data and handling it in compliance with this notice and applicable laws.

Data subjects may exercise their legal remedies before a court and may also contact the:

National Authority for Data Protection and Freedom of Information

Address: 1055 Budapest, Falk Miksa street 9-11.

Mailing address: 1363 Budapest, P.O. Box 9.

Phone: +36 1 391 1400

Fax: +36 1 391 1410

Email: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu/

If the court route is chosen, the lawsuit may be initiated—at the discretion of the affected User—before the competent court based on their place of residence or habitual residence, as the adjudication of such cases falls within the jurisdiction of the court.

Budapest,
November 18, 2024