Privacy Policy

1.1 Preamble

The scope of this Privacy Notice (information statement) applies equally to all domain addresses from which this system is officially accessible. In addition, it covers the legal relationships related to connected applications and networks. The current Document is displayed in the footer of the Website at all times, available in several languages, effective from the specified date, and remains valid until revoked. By using the Website—especially when placing an order and by explicitly marking the relevant field—the User accepts that all regulations relating to the use of the Website automatically apply to them.

If the User accesses the Website operated by the Company, or uses a related application, or reads their content in any manner, they acknowledge and accept the contents of this Document as binding. The Operator is entitled to unilaterally amend the content of the Document; such changes are not retroactively effective.

1.2 Data Controller, Operator

Enternova Kft.

  • 2161 Csomád
  • 48 Szent István Street
  • Tax Number: HU24892955

1.2.4 Additional Data Controllers

Stripe Payment Processor
Cloudflare CDN Network
Kboss.hu Invoicing
SMS Processor
Google
APP Store IOS
Nemzeti Útdíjfizetési ZRT.

1.3 Definitions

  • GDPR (General Data Protection Regulation): the new Data Protection Regulation of the European Union.
  • Data processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, transformation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Data controller, data processor: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data on behalf of the data controller. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Operator, Company: the Website operator
  • Personal data: any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Third party: a natural or legal person, public authority, agency or body other than the data subject, data controller, data processor, or persons who, under the direct authority of the data controller or data processor, are authorized to process personal data.
  • User: visitors, users, or buyers (data subjects) of the Website.

1.4 Principles of Data Processing and Handling

The Data Controller declares that personal data is processed according to the present privacy notice and in compliance with applicable legal requirements, with particular regard to the following:

  • Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the relevant User.
  • Personal data may only be collected for specified, explicit and legitimate purposes.
  • The purpose of personal data processing must be adequate and relevant, and limited to what is necessary.
  • Personal data must be accurate and kept up to date. Inaccurate personal data must be erased without delay.
  • Personal data must be stored in a way that allows identification of data subjects only for as long as necessary. Storage for a longer period is allowed only for archiving in the public interest or for statistical purposes.
  • Personal data must be processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, by using appropriate technical or organizational measures.
  • Principles of data protection must be applied to all information relating to an identified or identifiable natural person.

1.5 Processed Data and Legal Basis

The legal basis of data processing is the consent of the data subject, or the applicable legislation below.
Further information is provided by EU regulations on certain issues of electronic commerce services and information society services.

When visiting the Website, certain parameters concerning visitors are automatically logged.

These log parameters may include, depending on what the Website’s code is able to identify for a given User:

  • The time of entry, time spent on the website, activities performed during the session, time of exit.
  • The browser type, resolution, language, operating system, type of computing device used.
  • The visitor’s IP address.

The purpose of processing these data is quality assurance and website statistics. The duration of this data processing: 5 years, unless the User instructs otherwise.

1.6 Data Processed on the Website

The range of processed data includes: name provided by the User, email address, telephone number, billing name, billing address, tax number, vehicle registration number, country of origin (country code). In the case of insurance matters, other personal data that are indispensable for concluding the specific insurance contract. Such processed data are handled in accordance with the Data Processing Policy of the respective (Third Party) insurance company.

The purpose of data processing: full use of the Website, creation of a contract for purchase, determination of its content, monitoring its fulfillment, invoicing the associated fees, and enforcement of claims arising therefrom.

With the explicit consent of the User, the Website may process certain personal data for purposes such as delivering newsletters or other direct marketing communications.

1.6.1 Duration of Data Processing, Deadline for Deletion

At the request of the data subject, processed data must be deleted within 48 hours, according to section 1.7; in other cases, section 1.5 applies. For accounting documents, records must be kept according to the relevant accounting legislation, which also determines the mandatory retention period for data included therein.

1.7 Important Data Processing Information, Data Deletion Requests

The duration of data processing always depends on the specific purpose for which it is used. The User, as the data subject, may object to the processing of their personal data. The User may also request early deletion of data if they can prove that they are entitled to have the data deleted. A data deletion request can be made in writing through the Website’s support ticketing system. The Data Controller may request additional identifying information if it is not clear that the requester is indeed authorized to delete the data.

1.8 Newsletter, DM Activity

The Operator declares that all published information and descriptions fully comply with applicable legal regulations. According to the law on the basic conditions and certain limitations of economic advertising activities, the User may give prior and explicit consent for the Operator to contact them at the provided contact details for advertising offers or for processing personal data for the purpose of sending advertising offers. The set of processed data includes: name, email address, telephone number, date.

Legal basis for data processing: The User may unsubscribe from receiving offers at any time, without restriction or justification. You may unsubscribe from the newsletter via the "unsubscribe" link available at the bottom of the newsletter, which remains in effect until any subsequent subscription.

The advertiser, advertising service provider, or publisher of the advertisement must keep a record of the personal data of individuals who have consented to be contacted, within the scope set out in the consent. Data recorded for the advertising recipient may only be processed in accordance with and until the withdrawal of the relevant consent.

1.9 Rights Related to Data Processing

The data subject may request information from the data controller regarding the processing of their personal data, and may request the rectification, deletion, or blocking of their personal data. If the User has any questions regarding the processed data or requires further information regarding their data, they may do so through the website’s support ticketing system. The basis for data transfer is the User’s consent, or certain provisions of the European Union relating to electronic commerce services and information society services.

The data controller must plan and execute data processing operations to protect the privacy of the data subjects. The data controller and, within its activities, the data processor are obliged to ensure the security of the data and must take technical and organizational measures and establish procedural rules to enforce the provisions of the relevant regulations and other data and confidentiality rules.

Data must be protected by appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and against becoming inaccessible due to changes in technology. To secure electronically managed files in various registers, appropriate technical measures must be taken to ensure that stored data cannot be directly linked to and assigned to data subjects, unless required by law.

During the automated processing of personal data, the data controller and processor shall also ensure, by supplementary measures:

  • Prevention of unauthorized data input.
  • Prevention of unauthorized use of automated data processing systems via data transmission equipment by unauthorized persons.
  • The ability to determine and verify to whom personal data was or may be transmitted by means of data transmission equipment.
  • The ability to determine and verify who entered which personal data, when, into automated data processing systems.
  • The recoverability of systems in case of malfunction and the generation of reports on errors occurring during automated processing.

In determining and applying measures for the security of data, the data controller and processor must consider the current state of technology. Among multiple possible data processing solutions, the one ensuring the highest level of personal data protection must be applied, unless it would impose a disproportionate burden on the data controller.

The data controller maintains several automated log records to verify the legality of data transfers and to inform the data subject; these collectively record and monitor the time of personal data transfers, the legal basis and recipient of the transfer, the definition of the category of transferred data, and other data defined by the law regulating data processing.

If the data controller does not fulfill the data subject’s request for rectification, blocking, or deletion, it will provide the data subject with the factual and legal justification for refusal in writing within 30 days of receipt of the request. In the event of refusal, the data subject will be informed regarding available legal remedies.

The data subject is entitled to obtain the personal data concerning them, which they have provided to the data controller. The data subject also has the right not to be subject to a decision based solely on automated processing that produces legal effects concerning them or similarly significantly affects them, except where a decision is necessary for entering into or performance of a contract between the data subject and the data controller, is allowed by Union law with appropriate safeguards, or if the data subject has expressly consented.

2.1 Closing Provisions

The data provided by the User are stored on servers. Only the operator’s employees have access to the data, and each of them is responsible for the secure handling of the data.

If you detect any errors or omissions in this statement, please notify us immediately. Our staff will do their utmost to handle any minor User or visitor conflicts and, if necessary, supplement or amend this Privacy Notice accordingly.

2.2 Rights Related to Data Processing

  • Right to information request:
    You may request information from us via the support ticketing system regarding which of your data we process, under what legal basis, for what purpose, from what source, and for how long. Upon your request, we will provide this information by email within 30 days to the address specified in your request.
  • Right to rectification:
    You may request us to modify any of your data via the support ticketing system. Upon your request, we will take action within 30 days and send confirmation to the email address provided.
  • Right to erasure:
    You may request the deletion of your data via the support ticketing system. Upon your request, we will do so within 30 days and send confirmation to the email address provided.
  • Right to restriction:
    You may request the restriction of your data via the support ticketing system. The restriction remains valid for as long as the reason you specify necessitates data retention. Upon your request, we will apply the restriction within 30 days, and you will be notified at the email address provided.
  • Right to object:
    You may object to data processing via the support ticketing system. We will review your objection within 15 days of receipt, decide on its merits, and inform you of the outcome by email.
  • Legal remedies related to data processing:
    If you believe that data processing is unlawful, please contact us via the support ticketing system so that we have the opportunity to restore legal compliance as soon as possible. We will do our utmost to resolve the issue in your best interest.

If, in your assessment, legal compliance cannot be restored, or if the resolution does not meet your expectations, you may seek legal remedy for your complaint via the following link:

Legislation underlying data processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Act CXII of 2011 on Informational Self-Determination and the Freedom of Information.
  • Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archive Materials.
  • Government Decree 335/2005 (XII. 29.) on General Requirements for Document Management by Public-Task Entities.
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
  • Act C of 2003 on Electronic Communications.
  • The provider aims to fully comply with the legal provisions on personal data processing, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council.

This Privacy Notice is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, with reference to the content of Act CXII of 2011 on informational self-determination and freedom of information.

Data protection inquiries and requests may be submitted via the support ticketing system located in the website's contact menu and footer.

2025.09.01.