Privacy policy

YUXTA Limited Liability Company (hereinafter referred to as the "Data Controller"), as the operator of the website available under the domain names www.yuxta.hu and www.yuxtaenergy.hu (hereinafter referred to as the "Website"), hereby discloses the following information concerning the processing of personal data in the context of the webshop available on the Website, other services available on the Website and other services provided by the Data Controller
information.

Users accessing the Website (hereinafter referred to as "User") agree to all the terms and conditions set out in this Privacy Policy (hereinafter referred to as "Policy"), and are therefore kindly requested to read this Policy carefully before using the Website.

1. Data of the Data Controller

The data controller is YUXTA Korlátolt Felelősségű Társaság
Location: 1023 Budapest, Bécsi út 3-5.
VAT number: 26672241-2-41
His e-mail address: info.hu@yuxtaenergy.com
Phone: +36 20 429-6240

2. Information on each processing operation

a.) Registration

In the registration interface, the User has the possibility to provide his/her data in order to be registered as a reseller by the Data Controller and to use the services of the Website as a reseller.

Scope of data processed:

  • name (first name, surname)*;
  • company name;
  • VAT number:
  • address;
  • phone number;
  • e-mail address;
  • username;
  • password.

Purpose of the processing: The purpose of data processing is to provide the services of the Website to resellers, to maintain contact with Users. The name, e-mail address and telephone number of the person indicated as the contact person (contact details in case they are related to the contact person) are considered as personal data for the purposes of processing.

The Data Controller draws the User's attention to the fact that in all cases it is the User's obligation and responsibility as an employer to inform the Contact Person designated by the User of the processing of his/her personal data for the purposes and under the conditions set out in this Notice.

Duration of processing: until the User's contact person requests the deletion of their data or objects to the use of their data.

Legal basis for processing: the legal basis for the processing of the data of the User's contact person by the Data Controller is Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR), the data controller has a legitimate interest in the relationship between the User and the data controller, in relation to the contract concluded between them and the performance of the order. The Controller considers that without processing the data of the Contact Person, the purpose of the processing cannot be fulfilled. In order to ensure the right of the Data Subject to the protection of his or her personal data, the Data Controller shall use the Data Subject's personal data solely for the purpose of contacting the User, shall provide the Data Subject with appropriate information on the circumstances of the processing in any case, and shall ensure the rights set out in point 7 of this Notice, as defined by the GDPR.

 

b.) Contact

Scope of data processed:

On the Website, the User has the opportunity to provide his/her data in order to contact the Data Controller, to receive information about the Data Controller's products and services, and to receive assistance with the order. When contacting the Data Controller, the following personal data may be provided (data marked with * are mandatory):

● full name*;
● company name;
● e-mail address;
● message*;
● mobile phone number;
● Indicate status*;
● comment.

Purpose of the processing: Providing information about the Data Controller's products, services and activities, contacting and maintaining contact with Users interested in the Data Controller's products and services, informing Users, handling comments about the Data Controller's activities.

Duration of processing: The Data Controller shall process the personal data for a maximum period of 30 days from the end of the bilateral communication between the Data Controller and the User, or until the User requests the deletion of his/her data or withdraws his/her consent to the processing of his/her personal data.

Legal basis for processing: the User's consent pursuant to Article 6(1)(a) of the GDPR.

c.) Ordering in the online shop

Scope of data processed:
If the User selects a product on the Website, he/she has the possibility to provide his/her data in the shopping interface in order to allow the Data Controller to fulfil the order. In doing so, you must provide the following data:

  • surname, first name*;
  • company name;
  • VAT number:
  • billing address (country, city, street, house number, postal code)*;
  • phone number;
  • e-mail address;
  • delivery address (if different from the billing address);
  • comment.

You can also provide the following information during the purchase process:

  • payment method*;
  • method of receipt*.

Purpose of the processing: Providing the services of the webshop, such as registering and fulfilling the contract for the order, delivering the ordered products, contacting the Users in connection with the order.

The Data Controller draws the User's attention to the fact that in the case of an order from a legal person The Data Controller draws the User's attention to the fact that in all cases it is the User's obligation and responsibility as an employer to inform the Contact Person designated by the User of the processing of his/her personal data for the purposes and under the conditions set out in this Notice.

Duration of processing: In the case of an order, the Data Controller shall process the necessary data for 5 (five) years after the order in order to enforce the claims and rights arising from the contract concluded pursuant to Section 6:22 of Act V of 2013 on the Civil Code (hereinafter: Civil Code), and in order to fulfil the data controller's obligation to retain the name and address of the User on the accounting voucher for 8 years pursuant to Section 169 of Act C on Accounting (hereinafter: Accounting Act), solely for the purpose of fulfilling the accounting obligation. If the User is a legal entity, the Data Controller shall process the Contact Person's data for 5 years after the termination of the contract concluded for the purpose of fulfilling the order or the termination of the Contact Person's capacity as a contact person, exclusively in accordance with the provisions of the Civil Code. It is the User's obligation and responsibility to inform the Data Controller of any change in the identity of the Contact Person by amending the relevant fields.

Legal basis for processing: The legal basis for the processing of personal data processed during the ordering process in the webshop is the performance of the contract between the User and the Data Controller, the enforcement of rights and obligations arising from the contract pursuant to Article 6 (1) (e) of the GDPR. The legal basis for the processing of accounting documents is the statutory provision imposing mandatory data processing, i.e. Section 169 of the Accounting Act.

Where the User is a legal person, the legal basis for the processing of the contact details provided by the User is the legitimate interest of the Data Controller in relation to the contract concluded between the User and the Data Controller and the performance of the order, pursuant to Article 6 (1) (f) of the GDPR. The Data Controller considers that without processing the Contact's data, the order cannot be fulfilled. In order to ensure the right of the Data Subject to the protection of his or her personal data, the Data Controller shall use the Data Subject's personal data solely for the purpose of contacting the User, shall provide the User with appropriate information on the circumstances of the processing in any case, and shall ensure the rights set out in point 7 of this Notice, as defined by the GDPR.

User account:

If the User ticks the corresponding box during the ordering process, the system will create a User account for the User, which will contain the following data:

  • the data provided by the User when placing an order,
  • information about the User's previous orders.

When using the User Account, the User has the possibility to track his/her orders, to provide the data required for the order, to modify the data provided, to subscribe to the newsletter.

d.) Newsletter subscription

Scope of data processed:

The User has the possibility to subscribe to the newsletter of the Data Controller, which requires the following personal data:

● full name*;
● e-mail address;

Purpose of the processing: sending electronic newsletters and advertising messages about offers, services, products, promotions, promotions and competitions related to the Data Controller and its activities to the e-mail address provided by the User.

Duration of processing: Until the User requests the deletion of his/her data or withdraws his/her consent to the processing of his/her personal data. The User may unsubscribe from the newsletter at any time by using the "Unsubscribe" option of the newsletter or by making a written or e-mail declaration, which shall constitute a withdrawal of consent. In such a case, the Data Controller shall delete all data of the unsubscribing User without delay.

Legal basis for processing: the User's express consent (by ticking the box provided for acceptance of this Notice) pursuant to Article 6(1)(a) of the GDPR.

e.) When handling complaints

Scope of data processed:

● in case of a written complaint:
o name;
o mailing address or e-mail address;
o the subject and content of the complaint.

● In the case of a verbal complaint, or in the case of a verbal complaint communicated by telephone, if the complaint is not immediately resolved, the Data Controller shall keep a record of the complaint, which shall contain the following information:
o name;
o address;
o the place, time, manner, subject and content of the complaint;
o the unique identification number of the complaint.

Purpose of the processing: The purpose of data management in the case of a User who is a consumer is the processing of complaints received by the Data Controller orally, by telephone, in writing and by e-mail, the documentation of the identity of the complainant, the exact time of the complaint and the content of the complaint, as well as the information provided by the Data Controller regarding the complaint, for the purpose of traceability.

Legal basis for processing: § 17/B of Act CLV of 1997 on Consumer Protection.

Duration of processing: pursuant to Article 17/B of Act CLV of 1997 on Consumer Protection, the Data Controller shall keep the minutes of the oral complaint, the written complaint and the response for 5 (five) years.

3. Who has access to personal data, data processing

The Data Controller and its Data Processors are entitled to access personal data in accordance with applicable law.

The data are processed by the following processors acting on behalf of the Data Controller:

Location provider details:
Greenpow Costa Rica SA‎
Address: Oficentro ejecutivo sabana t6, piso7 #26
Email address: support@greenpow.cloud
Purpose of processing: to provide the necessary storage space for the operation of the webshop, to operate the website

Mailing service provider details:
The Rocket Science Group LLC d/b/a Mailchimp Attn. Adatvédelmi tisztviselő
Address: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Email: privacy@mailchimp.com
Purpose of data processing: sending newsletters

Details of courier services:
EKOL Logistics Ltd
Address:1211 Budapest, Szikratávíró utca
E-mail address: attila.polcsak@ekol.com
Purpose of data processing: delivery of the ordered product to the User, contact related to the delivery.

The Data Controller reserves the right to involve additional data processors in the future, which it will inform Users of by amending this Notice.

Unless expressly provided for by law, the Data Controller shall only disclose to third parties personally identifiable information with the express consent of the User concerned.

4. Rights of the user

Access to personal data

At the User's request, the Data Controller shall inform the User whether the Data Controller is processing his or her personal data and, if so, give the User access to the personal data and inform the User of the following information:
Purpose of the processing:
● the types of personal data concerned by the processing;
● the legal basis and recipient(s) of the transfer of the User's personal data;
Duration of processing:
● the User's rights in relation to the rectification, erasure and restriction of processing of personal data and the right to object to the processing of personal data;
● the possibility to appeal to the Authority;
● the source of the data;
● relevant information about profiling;
● the names and addresses of data processors and their activities in relation to data processing.

The Data Controller shall provide the User with a copy of the personal data subject to processing free of charge. For additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs. If the User has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.

The Data Controller shall provide the information in an intelligible form at the User's request without undue delay, but no later than one month from the date of the request. The User may submit a request for access using the contact details specified in point 1.

Correction of processed data

The User may request the correction of inaccurate personal data or the addition of incomplete data to the Data Controller (at the contact details specified in point 1), taking into account the purpose of the data management. The data controller will carry out the correction without undue delay.

Erasure (right to be forgotten), blocking of processed data
The User may request the Data Controller to delete personal data concerning him or her without undue delay and the Data Controller shall be obliged to delete personal data concerning the data subject without undue delay if one of the following grounds applies:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the User withdraws his/her consent and there is no other legal basis for the processing;
c) the User objects to the processing of his/her personal data;
d) the processing of personal data was unlawful;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
f) the personal data were collected on the basis of consent in connection with the provision of information society services to children.

If the Data Controller has disclosed (made available to third parties) the personal data and is obliged to delete it pursuant to the above, it shall take reasonable steps and measures, taking into account the available technology and the cost of implementation, to inform the data controllers that process the personal data concerned that the User has requested them to delete the links to the personal data in question or a copy or duplicate of such personal data.

Personal data do not need to be deleted in cases where the processing is necessary:
● to exercise the right to freedom of expression and information;
● for the purposes of complying with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
● in the public interest in the field of public health;
● for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it; or
● to bring, enforce or defend legal claims.

Restrictions on data processing

The User has the right to have the Data Controller restrict the processing of personal data instead of rectifying or erasing it, if one of the following conditions is met:

● the User contests the accuracy of the personal data, in which case the limitation applies for the period of time that allows the controller to verify the accuracy of the personal data;
● the data processing is unlawful and the User opposes the deletion of the data and instead requests the restriction of their use;
● the Controller no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or defence of legal claims; or
● the User has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.

If the processing is restricted, such personal data may be processed, except for storage, only with the consent of the User or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The Data Controller shall inform in advance the User at whose request the processing has been restricted of the lifting of the restriction of processing.

Obligation to notify the rectification or erasure of personal data or restriction of processing

The Data Controller shall inform any recipient to whom or with which the personal data have been disclosed of the rectification, erasure or restriction of processing of the personal data, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.

Right to data portability

The User has the right to receive personal data concerning him/her that he/she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit such data to another data controller. If the User so requests, the Controller may export the processed data in PDF and/or CSV format.

Right to object

The User may object to the processing of his/her personal data if the processing is.
● necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
● necessary to pursue the legitimate interests of the Data Controller or a third party;
● based on profiling.

In the event of the User's objection, the Controller may no longer process the personal data, unless the User proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the User or are related to the establishment, exercise or defence of legal claims.

If personal data are processed for the purposes of direct marketing or related profiling, the User has the right to object at any time to the processing of personal data concerning him/her for such purposes. If the User objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes.

Action by the Data Controller in relation to the User's request

The Data Controller shall inform the User without undue delay, but no later than one month after receipt of the request, of the measures taken following the request for access, rectification, erasure, restriction, objection and portability. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the User of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. If the User has submitted the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.

If the Data Controller fails to act upon the User's request, the Data Controller shall inform the User without delay, but no later than one month after receipt of the request, of the reasons for the failure to act and of the User's right to lodge a complaint with a supervisory authority and to seek judicial remedy.

At the User's request, the information, the information and the action taken on the basis of the request shall be provided free of charge. Where the User's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller may, taking into account the administrative costs of providing the requested information or information or of taking the requested action, charge a reasonable fee or refuse to act on the request. The burden of proving that the request is manifestly unfounded or excessive shall lie with the Controller.

5. Data security

The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Users to comply with the requirement of data security.

6. Handling and reporting data breaches

A data breach is any event that results in the unlawful treatment or processing of personal data processed, transmitted, stored or handled by the Data Controller, in particular unauthorised or accidental access, alteration, disclosure, deletion, loss or destruction, accidental destruction or accidental damage to personal data.

The Data Controller shall notify the NAIH of a personal data breach without undue delay, but no later than 72 hours after becoming aware of the personal data breach, unless the Data Controller can demonstrate that the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the notification shall state the reason for the delay and the required information may be provided in detail without further undue delay. The notification to the NAIH shall contain at least the following information:

● the nature of the personal data breach, the number and category of data subjects and personal data;
● Name and contact details of the data controller;
● the likely consequences of the data breach;
● the measures taken or planned to manage, prevent or remedy the data breach.

The Data Controller shall inform the data subjects of the data breach within 72 hours of the discovery of the data breach through the Data Controller's website. The notification shall contain at least the information specified in this point.

The Data Controller keeps records of data breaches for the purpose of monitoring the measures taken in relation to the data breach and informing the data subjects. The register shall contain the following data:

● the scope of the personal data concerned;
● the scope and number of persons concerned;
● the date of the data breach;
● the circumstances and effects of the data breach;
● the measures taken or planned to manage, prevent or remedy the data breach.

The Data Controller shall keep the data contained in the register for 5 years from the date of the data breach.

7. Enforcement

The Data Controller will make every effort to ensure that the processing of personal data is carried out in accordance with the law, however, if the User feels that this is not the case, he/she may write to the contact details specified in point 1.

If the User feels that his or her right to the protection of personal data has been infringed, he or she may seek redress from the competent authorities in accordance with the applicable legislation.

● National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; ugyfelszolgalat@naih.hu; www.naih.hu)
● in court.

8. Other provisions

This Information Notice is governed by Hungarian law, in particular by Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, Act CVIII of 2001 on certain issues of electronic commerce services and information society services, and the provisions of the GDPR.

Budapest, 2021.03.12.

YUXTA Ltd. (Data Controller)

en_USEnglish
hu_HUHungarian en_USEnglish
Scroll to Top