Privacy Policy

Date of acceptance: 2026-01-04

Data Controller

Name: BRODO HUNGARY Limited Liability Company (Korlátolt Felelősségű Társaság)
Registered office: Hungary HU 1161 Budapest, József utca 162
Mailing address: Hungary HU 1161 Budapest, József utca 162
Tax number: 27070721-2-42
Representative: Ferenc Szlávik
Phone number: +36209455851
E-mail: ferenc.szlavik@brodo.hu
Website: brodo.hu

Hosting Provider

Name: ErdSoft Kft. (doo)

Mailing address: Serbia, Subotica, Zombori út 33a.

E-mail address: info@sellvio.com

Phone number: +381 60 446 05 53

Description of data processing during the operation of the webshop

This document contains all relevant data processing information regarding the operation of the webshop based on the General Data Protection Regulation No. 2016/679 of the European Union (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Info Act).

Information on the use of cookies

What is a cookie?

The Data Controller uses so-called cookies during visits to the website. A cookie is an information package consisting of letters and numbers that our website sends to your browser with the aim of saving certain settings, facilitating the use of our website, and assisting in collecting some relevant, statistical information about our visitors.

Some of the cookies do not contain personal information and are not suitable for identifying the individual user, however, some of them contain an individual identifier - a secret, randomly generated sequence of numbers - stored by your device, thereby ensuring your identifiability. The operational duration of individual cookies is contained in the relevant description of each cookie.

Legal background and legal basis of cookies:

Basically, we distinguish between three types of cookies: strictly necessary cookies for operation, which serve the proper functioning of the Website, statistical cookies, and marketing cookies.

The legal basis for data processing is your consent under Article 6(1)(a) of the Regulation for statistical and marketing cookies, and the legitimate interest necessary to ensure the operation of the Website under Article 6(1)(f) of the Regulation for cookies necessary for operation.

Main characteristics of cookies used by the website:

Strictly necessary cookies for operation:

If you do not accept the use of these cookies, certain features may not be available to you.

Cookies necessary for operation Essential cookies are indispensable for the operation of the website. They provide basic functions such as logging in or adding to the cart in the case of webshops. The website would not function properly without these cookies.

Statistical cookies Statistical cookies enable website owners to analyze the use of the website through anonymous data collection.

Statistical cookies:

Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and app owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and generate reports from statistical data on website usage without personally identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reports generated from website usage statistics, Google Analytics – together with some of the advertising cookies described above – can also be used to display more relevant ads on Google products (such as Google Search) and across the internet.

Marketing cookies The purpose of marketing cookies is to track users across multiple websites. The goal is to display ads to our users that are relevant and interesting to them, thereby making them more valuable to publishers and third-party advertisers.

Marketing cookies:

Google AdWords cookie When someone visits our page, the visitor's cookie ID is added to the remarketing list. Google uses cookies – such as NID and SID cookies – to customize ads displayed on Google products, like Google Search. It uses such cookies, for example, to remember your most recent searches, your previous interactions with an advertiser's ads or search results, and your visits to advertisers' websites. The AdWords conversion tracking feature uses cookies. To track sales and other conversions resulting from an ad, it saves cookies on the user's computer when that person clicks on an ad. Some common ways cookies are used: selecting ads based on what is relevant to the user, improving reporting on campaign performance, and avoiding showing ads that the user has already seen.

Facebook pixel (Facebook cookie) The Facebook pixel is code that helps report on conversions on the website, build target audiences, and provide the page owner with detailed analytics on visitors' use of the website. With the help of the Facebook pixel, personalized offers and ads can be displayed to website visitors on the Facebook interface. You can study Facebook's data policy here: facebook.com/privacy/explanation

You can find more information on deleting cookies at the following links:

Google Consent Mode v2

The Data Controller has integrated the Google Consent Mode v2 version into its website and ensures the management of consents and rejections through its cookie panel based on the new version. Based on Google Consent Mode v2, in addition to the previous two flags (analytics_storage, ad_storage), Google uses two additional flags which will serve for storing and reading statistical and advertising cookies:

ad_user_data: Any user data that can be sent to Google for advertising purposes.
ad_personalization: The user's data can be used for personalized advertising purposes, for example, remarketing.

The operation of these two switches serves to determine whether the storage and reading of statistical and advertising cookies are permitted.

Data processed for the conclusion and performance of the contract

Several data processing cases may occur in the interest of concluding and performing the contract. We inform you that data processing related to complaint handling and warranty administration will only take place if you exercise one of the mentioned rights.

If you do not purchase through the webshop but are only a visitor to the webshop, the provisions regarding data processing for marketing purposes may apply to you, provided you give us your consent for marketing purposes.

Data processing operations carried out in the interest of concluding and performing the contract in more detail:

Registration on the website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g., the data subject's data does not need to be entered again upon a subsequent purchase). Registration is not a condition for concluding the contract.

Processed data
During data processing, the Data Controller processes your name, address, phone number, e-mail address, the characteristics of the purchased Goods, and the date of purchase.

Duration of data processing
Until the withdrawal of your consent.

Legal basis for data processing
Your voluntary consent provided to the Data Controller upon registration [Data processing under Article 6(1)(a) of the Regulation]

Order processing

During the processing of orders, data processing activities are necessary to fulfill the contract.

Processed data
During data processing, the Data Controller processes your name, address, phone number, e-mail address, the characteristics of the purchased Goods, the order number, and the date of purchase.

If you have placed an order in the webshop, the data processing and the provision of data are indispensable for the performance of the contract.

Duration of data processing
We process the data for 5 years according to the civil law limitation period.

Legal basis for data processing
Performance of a contract. [Data processing under Article 6(1)(b) of the Regulation]

Invoicing

The data processing process takes place in order to issue an invoice compliant with legislation and to fulfill the obligation to retain accounting documents. Pursuant to Section 169 (1)-(2) of the Act on Accounting (Sztv.), business associations must retain accounting documents that directly and indirectly support the accounting settlement.

Processed data
Name, address, e-mail address, phone number.

Duration of data processing
Issued invoices must be retained for 8 years from the issuance of the invoice pursuant to Section 169 (2) of the Sztv.

Legal basis for data processing
Based on Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issuance of an invoice is mandatory, and it must be retained for 8 years based on Section 169 (2) of Act C of 2000 on Accounting [Data processing under Article 6(1)(c) of the Regulation].

Data processing related to goods delivery

The data processing process takes place in order to deliver the ordered product.

Processed data
Name, address, e-mail address, phone number.

Duration of data processing
The Data Controller processes the data for the duration of the delivery of the ordered goods.

Legal basis for data processing
Performance of a contract [Data processing under Article 6(1)(b) of the Regulation].

Recipients and data processors of data processing related to goods delivery

Name of the recipient: Magyar Posta Zártkörűen Működő Részvénytársaság

Registered office of the recipient: 1138 Budapest, Dunavirág utca 2-6.

Phone number of the recipient: +36-1/767-8200

E-mail address of the recipient: ugyfelszolgalat@posta.hu

Website of the recipient: posta.hu

The courier service acts in the delivery of the ordered goods based on a contract concluded with the Data Controller. The courier service processes the received personal data in accordance with the provisions contained in the privacy policy available on its website.

Handling of implied warranty and guarantee claims

We must proceed with implied warranty and guarantee claims according to the rules of NGM Decree 19/2014 (IV. 29.), which also defines how we must handle your claim.

Processed data

When handling implied warranty and guarantee claims, we must proceed according to the rules of NGM Decree 19/2014 (IV. 29.).

Based on the decree, we are obliged to draw up a protocol regarding your implied warranty or guarantee claim reported to us, in which we record:

your name, address, and your statement that you consent to the processing of your data recorded in the protocol as specified in the decree,
the name and purchase price of the movable property sold within the framework of the contract concluded between you and us,
the date of performance of the contract,
the date of reporting the defect,
the description of the defect,
the right you wish to assert based on your implied warranty or guarantee claim, and
the manner of settling the implied warranty or guarantee claim or the reason for rejecting the claim or the right to be asserted based on it.

If we take over the purchased Goods from you, we must issue a receipt for this, which must indicate

your name and address,
the data necessary for the identification of the item,
the date of receiving the item, and
the time when you can take back the repaired item.

Duration of data processing
The enterprise is obliged to retain the protocol drawn up regarding the consumer's implied warranty or guarantee claim for three years from its drafting, and present it at the request of the inspecting authority.

Legal basis for data processing
The legal basis for data processing is compliance with legal obligations under NGM Decree 19/2014 (IV. 29.) [Section 4 (1) and Section 6 (1)] [Data processing under Article 6(1)(c) of the Regulation].

Data processed in connection with the verifiability of consent

During registration, ordering, or subscribing to the newsletter, the IT system stores the IT data related to the consent for later verifiability.

Processed data
The date of consent and the IP address of the data subject.

Duration of data processing
Due to legal regulations, it must be possible to verify the consent later, therefore the duration of data storage is stored until the limitation period following the termination of data processing.

Legal basis for data processing
Article 7(1) of the Regulation prescribes this obligation. [Data processing under Article 6(1)(c) of the Regulation]

Data processing for marketing purposes

Data processing related to sending newsletters

The data processing process takes place in order to send out newsletters.

Processed data
Name, address, e-mail address, phone number.

Duration of data processing
Until the withdrawal of the data subject's consent.

Legal basis for data processing
Your voluntary consent provided to the Data Controller by subscribing to the newsletter [Data processing under Article 6(1)(a) of the Regulation]

Data processing related to sending and displaying personalized advertisements

The data processing process takes place in order to send advertising content corresponding to the data subject's sphere of interest.

Processed data
Name, address, e-mail address, phone number.

Duration of data processing
Until the withdrawal of your consent.

Legal basis for data processing
Your voluntary, separate consent provided to the Data Controller during data collection [Data processing under Article 6(1)(a) of the Regulation]

Remarketing

Data processing as a remarketing activity is carried out using cookies.

Processed data
Data processed by cookies specified in the cookie information.

Duration of data processing
The data storage duration of the given cookie, more information available here:

Google general cookie information:
https://www.google.com/policies/technologies/types/

Google Analytics information:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Facebook information:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data processing
Your voluntary consent provided to the Data Controller by using the website [Data processing under Article 6(1)(a) of the Regulation].

Additional data processing

If the Data Controller wishes to carry out further data processing, it shall provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of processed data, duration of data processing).

Recipients of personal data

Data processing aimed at storing personal data

Name of the data processor: ErdSoft Kft. (doo)

Contact details of the data processor:

Phone number: +381 60 446 05 53

E-mail address: info@sellvio.com

Registered office: Serbia, Subotica, Zombori út 33a.

Website: sellvio.com

The Data Processor performs the storage of personal data based on a contract concluded with the Data Controller. It is not entitled to access the personal data.

Data processor activity related to newsletter sending

Name of the company operating the newsletter system: The Rocket Science Group LLC.

Registered office of the company operating the newsletter system: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Phone number of the company operating the newsletter system:

E-mail address of the company operating the newsletter system: privacy@mailchimp.com

Website of the company operating the newsletter system: mailchimp.com

The Data Processor assists in sending out newsletters based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the data subject's name and e-mail address to the extent necessary for sending newsletters.

Data transfer to a third country

The following data processor is located outside the European Union, and processes data outside the European Union. The data processor processes the data according to the provisions of the general data processing contract formulated by the European Commission.

ErdSoft doo

Address: Serbia, Subotica, Zombori út 33a

E-mail: info@sellvio.com

Phone: +381 60 446 05 53

Your rights during data processing

During the period of data processing, you are entitled to the following rights according to the provisions of the Regulation:

the right to withdraw consent
access to personal data and information related to data processing
right to rectification
restriction of data processing,
right to erasure
right to object
right to portability.

If you wish to exercise your rights, it involves your identification, and the Data Controller must necessarily communicate with you. Therefore, for the purpose of identification, you will need to provide personal data (but identification can only be based on data that the Data Controller already processes about you), and your complaints regarding data processing will be available in the Data Controller's email account within the timeframe specified in this information regarding complaints. If you were a customer of ours and would like to identify yourself for complaint handling or warranty administration, please also provide your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller responds to complaints related to data processing within 30 days at the latest.

The right to withdraw consent

You are entitled to withdraw your consent given for data processing at any time; in such a case, the provided data will be deleted from our systems. However, please note that in the case of a not yet fulfilled order, withdrawal may result in us not being able to fulfill the delivery to you. In addition, if the purchase has already taken place, based on accounting regulations, we cannot delete the data related to invoicing from our systems, and if you have a debt towards us, we can process your data based on a legitimate interest related to the recovery of the claim even in the event of withdrawal of consent.

Access to personal data

You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to:

gain access to the processed personal data and
be informed by the Data Controller about the following information:
- the purposes of the processing;
- the categories of personal data processed about you;
- information about the recipients or categories of recipient to whom the personal data have been or will be disclosed by the Data Controller;
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- your right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing in the case of processing based on a legitimate interest;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from you, any available information as to their source;
- the existence of automated decision-making (if such a procedure is applied), including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising the right may be aimed at determining and verifying the lawfulness of data processing, therefore, in the case of multiple requests for information, the Data Controller may charge a fair fee in exchange for fulfilling the information.

The Data Controller ensures access to personal data by sending you the processed personal data and information via email following your identification. If you have a registration, we ensure access so that by logging into your user account you can view and check the personal data processed about you.

Please indicate in your request whether you are requesting access to personal data or requesting information related to data processing.

Right to rectification

You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you.

Right to restriction of data processing

You have the right to obtain from the Data Controller restriction of processing where one of the following applies:

you contest the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the personal data; if the accurate data can be established immediately, no restriction will take place;
the processing is unlawful and you oppose the erasure of the personal data (for example, because the data are important to you for the establishment of legal claims) and request the restriction of their use instead;
the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
you have objected to processing, but the Data Controller's legitimate interest may also justify the processing; in this case, pending the verification whether the legitimate grounds of the Data Controller override your legitimate grounds, the processing must be restricted.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

The Data Controller will inform you in advance (at least 3 working days before the restriction is lifted) before the restriction of processing is lifted.

Right to erasure - right to be forgotten

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Data Controller;
you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
you object to processing based on a legitimate interest and there are no overriding legitimate grounds (i.e., legitimate interest) for the processing,
the personal data have been unlawfully processed by the Data Controller and this has been established based on the complaint,
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.

Where the Data Controller has made the personal data public for any legitimate reason and is obliged to erase the personal data for any of the above reasons, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Erasure shall not apply to the extent that processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject (such as data processing carried out within the framework of invoicing, since the retention of the invoice is required by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for the establishment, exercise or defense of legal claims (e.g., if the Data Controller has a claim against you which you have not yet fulfilled, or a consumer or data processing complaint is being handled).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on legitimate interest. In this case, the Data Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to portability

If the data processing is carried out by automated means, or if the data processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data you provided to the Data Controller, which the Data Controller will make available to you in xml, JSON, or csv format; if technically feasible, you may request that the Data Controller transmit the data in this format to another data controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In these cases, the Data Controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

The above shall not apply if the decision:

is necessary for entering into, or performance of, a contract between you and the Data Controller;
is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.

Registration in the data protection register

Under the provisions of the Info Act, the Data Controller had to register certain data processing operations in the data protection register. This registration obligation ceased on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage, and against becoming inaccessible due to changes in the applied technology.

The Data Controller makes every effort within organizational and technical capabilities to ensure that its Data Processors also take appropriate data security measures when working with your personal data.

Legal remedies

If you believe that the Data Controller has violated any statutory provision concerning data processing, or has not fulfilled any of your requests, you may initiate the investigative procedure of the National Authority for Data Protection and Freedom of Information to terminate the presumed unlawful data processing (mailing address: 1363 Budapest, Pf. 9., e-mail: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

We also inform you that in the event of a violation of the statutory provisions concerning data processing, or if the Data Controller has not fulfilled any of your requests, you may file a civil lawsuit against the Data Controller in court.

Modification of the privacy policy

The Data Controller reserves the right to modify this privacy policy in a way that does not affect the purpose and legal basis of data processing. By using the website after the modification takes effect, you accept the modified privacy policy.

If the Data Controller wishes to carry out further processing of the collected data for a purpose other than that for which they were collected, prior to that further processing, it will inform you of the purpose of the data processing and the following information:

the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
your right to request from the Data Controller access to and rectification or erasure of personal data or restriction of processing concerning you and to object to processing of personal data in the case of data processing based on legitimate interest, and in the case of data processing based on consent or a contractual relationship, to request the provision of the right to data portability;
in the case of data processing based on consent, the existence of the right to withdraw consent at any time,
the right to lodge a complaint with a supervisory authority;
whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data;
the existence of automated decision-making (if such a procedure is applied), including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Data processing can only commence after this; if the legal basis for data processing is consent, in addition to the information, you must also consent to the data processing.

Poste restante and postal point delivery

Please note that Magyar Posta Zrt. identifies the addressee in accordance with the provisions contained in the privacy policy in force at any given time, therefore, where appropriate, it may request you to provide your personal data upon delivery at the post office or postal point pickup.