Data Management and Privacy Policy
Content
- Type of personal data, purpose, legal basis and duration of data processing. 3
- General Rules and Concepts. 4
- Scope of personal data management 4
- Retention period of personal data and deletion practices. 5
- Cookies, web analytics services and social media. 6
- Contact Us. 8
- Transfer of data through sales agent(s) 8
- Data transfer to service partners. 9
- Transfer of data to other third parties for the fulfilment of a legal obligation and legitimate interest (Article 6(1)(c) and (f) of the GDPR) 10
- Data transfer to third countries. 11
- Rights of the natural person concerned. 12
- Your rights. 12
- Data security. 14
- Changes to the Privacy Policy. 15
- Language versions and priority of interpretation. 15
PET Spare Parts Kft. (Company registration number: 03 09 132820; Tax number: 26775540-2-03; Registered office: 6000 Kecskemét, Máriahegy tanya 124.), as data controller (hereinafter: “Data Controller“), acknowledges the content of this Privacy Policy as binding on itself. It undertakes to ensure that all data processing of its activities complies with the requirements set out in this Policy and in the applicable national and EU legislation.
Please, read the following summary of the operation of the website carefully, in which we try to do everything we can to ensure that data processing is transparent and fair, and we do everything we can to handle your data carefully and responsibly!
Data Controller reserves the right to amend this Data Management Policy from time to time. The Policy available on www.petspareparts.eu or www.petspareparts.com site (hereinafter referred to as “www.petspareparts.eu” for simplicity) is effective as of the date of the most current Policy and the date of publication. In the event of significant changes to the Policy, the Data Controllers shall ensure that the visitors of the website can easily be informed about the changes.
The Data Controller handles the personal data confidentially and takes all technical and organizational measures that guarantee the security of the data.
1. Type of personal data, purpose, legal basis and duration of data processing
The Data Controller describes its data management principles below. Its data processing principles are in accordance with the applicable legislation on data protection, and in particular with the following:
- Act CXII of 2011 – on the Hungarian Right of Informational Self-Determination and on Freedom of Information (Privacy Act);
- Act V of 2013 – on the Hungarian Civil Code (Civil Code);
- Act CLV of 1997 – on the Hungarian Consumer Protection Act (Consumer Protection Act);
- Act C of 2000 – on Hungarian Accounting (Accounting Act);
- Act CVIII of 2001 – on certain issues of electronic commerce services and information society services (Electoric Commerce Act);
- Act C of 2003 – on Electronic Communications;
- Act CXXXIII of 2005 – on the Rules of Personal and Property Protection and Private Detective Activities;
- Act CLXIV of 2005 – on Commerce (Commercial Act);
- Act XLVIII of 2008 – on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities (Commercial Advertising Act),
- Act II of 2012 – on Infraction Procedure and the Misdemeanour Registration System;
- Act CLIX of 2012 – ont he Hungarian Postal Services (Postal Act.)
- Act XC of 2017 – ont he Hungarian Criminal Procedure;
- 19/2014. (IV.29.) Decree of the Ministry of National Economy on the procedural rules for the management of warranty and guarantee claims for goods sold within the framework of a contract between a consumer and a business;
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR Regulation);
2. General Rules and Concepts
Personal data: Personal data is any information relating to an identified or identifiable natural person (data subject). A natural person can be identified directly or indirectly, in particular by an identifier – for example name, number, location data, online identifier – or one or more of the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity. can be identified based on a factor.
Data processor: the natural or legal person, public authority, agency or any other body who processes personal data on behalf of the data controller.
Limitations of the data processor:
- cannot make a substantive decision regarding data management,
- may process the personal data obtained only in accordance with the provisions of the data controller,
- may not process data for your own purposes, furthermore
- must store personal data in accordance with the regulations of the data controller.
Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.
3. Scope of personal data management
We collect and use your personal data only to the extent that is necessary for the operation of the website and the provision of our content and services. We collect and use your personal data exclusively in accordance with the legal bases and principles defined in the GDPR regulation.
The security of your personal data is extremely important to us. Therefore, we have implemented specific technical and organizational measures in order to protect the data we manage, thus preventing their loss or their misuse by third parties.
Our employees performing data management tasks are subject to mandatory confidentiality rules. The security of your personal data is also guaranteed by the fact that they are transmitted encrypted; for example, we use SSL (Secure Sockets Layer) to communicate with your browser. A lock symbol will appear in your browser to let you know when the SSL connection is established.
– the secure connection between the server(s) of PETSpareParts.eu and the user’s computer or browser guarantees that the password entered during the login and the personal data entered during the order cannot be extracted by a third party in the communication
– due to the security settings of the browsers, if any element of PETSpareParts.eu (images, scripts, external scripts) wants to be loaded online via a non-secure connection, the browsers will not load it (however, the user can override this)
In order to ensure that your data is always protected, we regularly review the technical security measures and, if necessary, modify them according to new technological requirements. These principles also apply to companies that manage and use data on our behalf and according to our instructions.
4. Retention period of personal data and deletion practices
We process and store personal data only as long as they are necessary for the purpose of data management, or as long as we are required to do so by law or other provisions. As soon as the purpose ceases or is fulfilled, your personal data will be deleted or its access restricted. Limited access means that the data will be deleted as soon as the retention periods specified in the legislation, articles of incorporation or contracts allow this, unless there is otherwise a reason based on which we can assume that the deletion would endanger your legitimate interest and provided that the deletion does not require a disproportionately heavy resource expenditure due to the unique conditions of storage.
In the following, we are to explain the specific processes during which your personal data is processed. In doing so, we also explain the legal basis, purpose and duration of the processing of personal data.
Hosting provider of www.petspareparts.eu:
| Company: | Tárhely.Eu Service Ltd. |
| Seat: | 1054 Budapest, Bajcsy-Zsilinszky út 58. 2. em. 1. |
| Tax number: | 14571332-2-42 |
| Company registration number: | 01-09-909968 |
The technical operation of our website is provided by Tárhely.Eu Service Ltd., which acts as a data processor with regard to the data collected by the website. The hosting provider processes the data only in accordance with the instructions of the data controller and does not use it for its own purposes. For more information about your hosting provider’s privacy policy, visit https://tarhely.eu/dokumentumok/adatvedelmi_szabalyzat.pdf .
Log files | |
| Purpose of data processing: | Our web server collects log files for the operation and security of the website, which may include your IP address, time of visit, browser type and information about the pages visited. The purpose of data processing is to ensure the smooth operation of the website and to investigate security incidents. |
| Legal basis of data processing: | legitimate interest within the meaning of Article 6(1)(f) of the GDPR |
| Duration of data processing: | Log files are stored for a maximum of [7-30 days] after which they are deleted, unless longer storage is required due to legal or incident investigations. |
| Data Processor: | Tárhely.Eu Service Ltd. |
The data generated during the statistical analysis of the log files are not linked to any other information. The Data Controller and the Data Processor do not seek to identify the user personally.
5. Cookies, web analytics services and social media
As a data controller, we are committed to providing you with the highest possible level of service. Our goal is to maintain your trust in us. Accordingly, we want to provide you with clear information on how cookies on our www.petspareparts.eu website are used and stored.
5.1 Cookies are small text, image or software files that are placed and stored on your computer, smartphone or other devices you use to access the internet when browsing websites. Cookies are very useful tools that allow the website to recognise you and to log the times when you visit a particular page. They also enable you to establish a secure connection to the website and enhance the user experience by improving your experience with the website, providing the connection and/or tailoring the content of a particular page to your interests.
| Session cookies | |
| Purpose of data processing: | They are necessary for the basic functioning of the website, such as maintaining the user session (e.g. retention of form filling, navigation functions, etc.). |
| Legal basis of data processing: | performance of a contract pursuant to Article 6(1)(b) of the GDPR and legitimate interest within the meaning of Article 6(1)(f) of the GDPR |
| Duration of data processing: | They are automatically deleted after the session expires or the browser is closed. |
| Data Processor: | Tárhely.Eu Service Ltd. |
5.2 The independent measurement and auditing of the website’s traffic and other web analytics data is also supported by external service providers. Data Controller provides detailed information on the management of measurement data at the following addresses:
| Analytical/Analytical Cookies | |
| Tool: | Google Search Console |
| Purpose of data processing: | To track visitor behavior to improve the website. |
| Legal basis of data processing: | legitimate interest within the meaning of Article 6(1)(f) of the GDPR |
| Duration of data processing: | Up to 16 months |
| Data Processor: | Google LLC (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America) |
| You may learn more about the data collected by Google here: |
| Marketing cookies | |
| Tool: | Facebook Pixel |
| Purpose of data processing: | To track visitor behavior to improve the website. Website activity (e.g., clicks, purchases, form fills), page visits, content viewed. |
| Legal basis of data processing: | legitimate interest within the meaning of Article 6(1)(f) of the GDPR |
| Duration of data processing: | Active: 90 days; Aggregated/anonymized: 1 year |
| Data Processor: | Meta Platforms Ireland Limited (Registered office: 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) |
| You may learn more about the data collected by Google here: | https://www.facebook.com/policy.php |
6. Contact Us
When you contact us via email or the contact form, we store the data you provide as follows:
| Contact information | |
| Data concerned: | Personal data: name, e-mail address, phone number, message content (which may also contain additional personal data) Technical data: IP address, timestamp |
| Purpose of data processing: | Keeping in touch, answering questions or problems, managing requests for quotations. |
| Legal basis of data processing: | Performance of a contract [Article 6 (1) b) of the GDPR and Consent [Article 6(1)(a) of the GDPR) |
| Duration of data processing: | The data will be deleted after the request has been processed, unless further storage is required due to a legal obligation or the fulfilment of a contract. |
| Data Controller: | PET Spare Parts Ltd. |
7. Transfer of data through sales agent(s)
PET Spare Parts Kft. processes the personal data obtained by the sales representatives as a data controller. The sales representatives process it exclusively as data processors, based on the instructions specified by our company. The sales representatives are not independent data controllers, but data processors who process the data on behalf of our company and only according to our instructions. The data is forwarded to our company by the sales representatives to help us conclude contracts and provide services. A data processing agreement is available for data processing, which ensures that the data processing complies with the relevant data protection regulations.
| Data Processing Salesperson | |
| Data concerned: | name, e-mail address, phone number, other customer data provided during the order |
| Purpose of data processing: | According to the instructions of the data controller, the processing of personal data is carried out with the help of the sales representative for the purpose of concluding contracts and providing services. |
| Legal basis of data processing: | Performance of a contract (Article 6 (1) b) of the GDPR) Legitimate interest (Article 6 (1) f) of the GDPR) and Legal obligation (Article 6(1)(c) of the GDPR) |
| Duration of data processing: | Minimum: The total duration of the contract + 5 years after the termination of the contract (limitation period according to the Civil Code) At the most: 8 years (Accounting Act – Section 169 of Act C of 2000) |
| Data Processor: | Alexander Jens Göbölyös |
8. Data transfer to service partners
We always strive to provide the highest possible level of security when transferring your personal data, which is why we only transfer your data to contractually committed service providers and partners that have been carefully selected beforehand.
| Technical Address Management Service Provider | |
| Data concerned: | Google Tag Manager does not collect any personal information. The system is used to run tags, but it doesn’t store the data they collect. It is stored and processed by the respective third-party devices. |
| Purpose of data processing: | 1. To measure the performance and effectiveness of the website; 2. Efficient management of labels; 3. Analyze user behavior (by Google Analytics) |
| Legal basis of data processing: | Consent (Article 6(1)(a) of the GDPR) Legal obligation [Article 6 (1) c) of the GDPR and Legitimate interest [Article 6 (1) f) GDPR) |
| Data Processor: | Google Tag Manager |
| Duration of data processing: | The transmitted data is handled by Google LLC in accordance with its own privacy policy, which is available at the following link: |
| Newsletter Provider | |
| Data concerned: | Name; Email address; Demographic information; User interactions; |
| Purpose of data processing: | Personalized communication; Delivery of newsletters; Increase the relevance of content; Service development; |
| Legal basis of data processing: | Consent (Article 6(1)(a) of the GDPR) |
| Data Processor: | The Rocket Science Group LLC (or “MailChimp”) |
| Duration of data processing: | The transmitted data is handled by MailChimp in accordance with its own privacy policy, which is available at the following link: |
9. Transfer of data to other third parties for the fulfilment of a legal obligation and legitimate interest (Article 6(1)(c) and (f) of the GDPR)
In order to manage the invoicing of orders placed on the Website or services requested, we may transfer the Customer’s personal data to our billing service provider. The data transfer only covers the data necessary for the issuance of the invoice and the fulfilment of the relevant legal requirements.
We may also transfer your personal data to third parties or public authorities in accordance with applicable data protection laws if we are legally obliged to do so (e.g. by order of an administrative authority or court) or if we are entitled to do so (e.g. as it is necessary to investigate a crime or to prove and enforce our rights and interests).
| Billing provider | |
| Data concerned: | Name; Billing address; Email address; Order ID; Name and price of the product/Service |
| Purpose of data processing: | Issuing invoices and fulfilling accounting obligations; Issuing invoices and tax records; Electronic invoice transmission (if applicable); Account identification and customer service administration; Issuing invoices and fulfilling tax obligations; |
| Legal basis of data processing: | GDPR Article 6 (1) (c) – compliance with a legal obligation; and GDPR Article 6 (1) (b) – performance of a contract; |
| Processing: | Revolution Software Kft. |
| Duration of data processing: | According to accounting legislation, PET Spare Parts Kft. stores it for at least 8 years. The data transmitted to Revolution Software Kft. is handled by their own Privacy Policy, available at the following link: |
| Contact: | gdpr@revolution.hu |
.
10. Data transfer to third countries
We would like to draw the attention of our users to the Service Provider referred to in Section 5.2 and the transfer of data to the Service Provider specified in Section 8 shall be considered as data transfer to a third country.
Data transfer is carried out exclusively on behalf of our users using the newsletter service.
The third countries covered by this section are mainly, but not exclusively, the following:
– United States of America
Data transfers to other countries may take place depending on where their servers or partner companies are located to provide the service.
Such data movements require special attention under the European Union’s data protection regulation, the GDPR, as the EU strictly regulates the transfer of EU citizens’ data to third countries.
The Service Providers we have chosen therefore use Standard Contractual Clauses (SCCs) that provide legal guarantees for the security of data when it is transferred outside the EU, but also ensure an adequate level of data protection during data transfers in accordance with Article 46 of the GDPR (such as the EU-US Data Protection Framework).
11. Rights of the natural person concerned
If you wish to exercise any of the following rights free of charge, please send us a message. You can use the following contact details at no cost, except for any charges that your service provider may charge for forwarding the message:
- E-mail: gregus@petspareparts.com
- by post: 6000 Kecskemét, Máriahegy tanya 124.
For your own safety, we reserve the right to request additional information to verify your identity when responding to an inquiry. If identification is not possible, we also reserve the right to refuse to respond to your request.
12. Your rights
- a) Right for information
You have the right to request information from us regarding the personal data stored about you.
- b) Right for rectification
You are entitled to request the immediate correction and/or addition of personal data stored about you. If you have asserted your right to rectification, erasure or restriction of data processing, we will notify all recipients of your personal data explaining how we have corrected or deleted the data or that there is now a restriction on the processing of the data, unless this is impossible or requires a disproportionate effort.
- c) The right to restrict data processing
You have the right to request the limitation of the processing of your personal data if you dispute the accuracy of the data stored about you, if the data processing is illegal and we no longer need the data, but you do not want us to delete the data and you need them to present, assert or enforce legal claims or to defend against them or if you objected to data processing.
- d) Right for deletion
You have the right to request the deletion of your personal data stored by us, unless the preservation of the data is necessary for the free expression of opinion, freedom of information, compliance with legal obligations, public interest, presenting or defending against legal claims or exercising rights.
- e) Right for data portability
You have the right to request a copy of your data provided to us and to request that we send it to you or a third party in a segmented, widely used and machine-readable form. If you request the data be sent directly to another data controller, we will only do so if this is technically possible.
- f) Right to protest
If we process your personal data on the basis of a legitimate interest in accordance with Article 6 (1) point f) of the GDPR, you have the right to object to data processing at any time in accordance with Article 21 of the GDPR.
- g) Right to withdraw consent
You have the right to withdraw your consent to the collection of data at any time with effect for the future. This does not affect the data collected until withdrawal. We hope you understand that it may take some time to process the withdrawal of consent for technical reasons and that you may still receive messages from us during this time.
- h) The right to submit a complaint to a regulatory authority
If the handling of your personal data violates data protection legislation, or if your data protection rights have been violated in any other way, please proceed as follows:
- i) Complaint to the data controller or data protection officer: We ask that you contact the data controller in the first place with a complaint related to data management.
- j) Right for court procedure:
In the event of a violation of rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.
- k) Data protection authority procedure:
Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
| Name: | National Authority for Data Protection and Freedom of Information |
| Seat: | 1055 Budapest, Falk Miksa utca 9-11 |
| Mailing address: | 1363 Budapest, Pf. 9. |
| Telephone: | +36 -1-391-1400 |
| Fax: | +36-1-391-1410 |
| Email: | ugyfelszolgalat@naih.hu |
The fastest, easiest and most convenient way to exercise the right to rectification and deletion is to log in to your account and directly edit or delete the data stored there. We only restrict access to that data, but do not delete the data, if we are obliged to store the data based on legal or contractual obligations, in order to prevent the data from being used for other purposes.
13. Data security
The security of your personal data is of utmost importance to us. Therefore, we protect your data stored with us by means of technical and organisational measures to effectively prevent it from being lost and manipulated by third parties.
The Data Controller and its data processors shall implement appropriate technical and organisational measures, taking into account the state of the technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of the data processing, as well as the risk to the rights and freedoms of natural persons of varying probability and severity, in order to guarantee a level of data security appropriate to the extent of the risk.
The Data Controller selects and operates the IT tools used for the processing of personal data in the course of providing the service in such a way that the processed data:
(a) accessible to authorised persons (availability); b) its authenticity and authentication are ensured (credibility of data processing); c) its unchangedness can be verified (data integrity); d) be protected against unauthorized access (confidentiality of data).
The Data Controller shall protect the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage, and inaccessibility due to changes in the technology used.
In order to protect the data files electronically managed in its various registers, the Data Controller shall ensure by means of an appropriate technical solution that the stored data – unless permitted by law – cannot be directly linked and assigned to the data subject. With regard to the current state of technology, the Data Controller shall ensure the protection of the security of data processing with technical, organisational and organisational measures that provide a level of protection appropriate to the risks arising in connection with data processing.
In the course of data processing, the Data Controller preserves a) confidentiality: it protects the information so that only those who are entitled to it can access it; b) integrity: it protects the accuracy and completeness of the information and the method of processing; (c) availability: ensures that the authorised user has access to the information they want when they need it and that the tools are available.
The IT system and network of the Data Controller and its partners involved in data processing are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flooding, as well as computer viruses, computer break-ins and attacks leading to denial of service. The operator ensures security with server-level and application-level protection procedures.
We inform users that electronic messages transmitted over the Internet, regardless of the protocol (email, web, ftp, etc.), are vulnerable to network threats that lead to dishonest activity, disputes of contracts, or disclosure or modification of information. In order to protect against such threats, the Data Controller takes all precautions that can be expected of it. It monitors systems to record all safety incidents and provide evidence for every security incident. System monitoring also makes it possible to check the effectiveness of the precautions taken.
The Data Controller, as data controller, shall keep a record of any personal data breaches, indicating the facts related to the personal data breach, its effects and the measures taken to remedy it.
14. Changes to the Privacy Policy
To ensure that our Privacy Policy complies with the legal requirements in force at any given time, we reserve the right to amend it at any time. This also applies to cases where the Privacy Policy needs to be amended to provide new or amended products or services.
15. Language versions and priority of interpretation
This Privacy Policy is available on the PET Spare Parts Website in Hungarian, English and German language. In the event of any discrepancy or uncertainty of interpretation between the different language versions, the Hungarian version shall prevail.
20 February 2025
