Terms and Conditions

GENERAL TERMS AND CONDITIONS

of eco-trend.hu webshop – Ecoinno products

Effective date: 18.06.2025

1. Preamble

These General Terms and Conditions contain the general terms and conditions for contracts entered into between the service providing Veres és Társai Kft. (Registered seat: 9700 Szombathely, Kárpáti Kelemen utca 19/A., Company registration number: 18-09-103666, VAT identification number: 11513898-2-18, Email: info@eco-trend.hu, Represented by: Magdolna VERES and István András ANTAL, managing directors authorised to represent the company individually) hereinafter: (Supplier) and the service receiving natural or legal person (hereinafter: Customer), as well as the rights and obligations of the Supplier and Customer.

The Supplier reserves the right to unilaterally amend these GTC. The Supplier shall inform the Customer of an amendment in a short message sent to their email address provided during the ordering process and shall publish the amended GTC in a consolidated version on its website.

Subject Matter of the Contract – Services Rendered by the Supplier

Orders for the products distributed by the Supplier can be placed on the Supplier's website: www.ecotrendwebshop.com.

2. Offerings Available

The products distributed by the Supplier are available on the Supplier's website.
A detailed product description can be found for each product on the Supplier's website, by clicking on the product photo, so that the Customer can carefully review the characteristics of each product.

3. Process of Purchasing Products

The Service Provider publishes the products it offers for sale on its website. By clicking on a product, the interested party finds a brief description of each product, details about the materials used, and the price of the product. The customer can purchase the selected product by adding it to the Cart; then, at the checkout page, they provide the necessary information. To place an order, the customer must provide:

Name
Email address
Phone number
Company name
Company address
EU VAT number
Shipping address (if different)

The customer submits the order by clicking the "Send Order" button, which constitutes a contractual agreement. The Service Provider automatically sends an order confirmation via email following the submission. The contract is established when the customer receives the Service Provider’s confirmation.

The ordered products can be paid for in advance via bank transfer to the bank account indicated on the invoice, held at Kereskedelmi és Hitelbank Zrt. The website also provides other payment options.
The ordered products are shipped to the provided delivery address in the following ways:

DPD Hungary Ltd. (headquarters: 1134 Budapest, Váci út 33. 2nd floor, company registration number: 01-09-888141, tax ID: 13034283-2-44, represented by: Szabolcs Czifrik, managing director)
Magyar Posta Zrt. (headquarters: 1138 Budapest, Dunavirág utca 2-6, company registration number: 01-10-042463, tax ID: 10901232-2-44)
DACHSER Hungary Ltd. (headquarters: 8900 Zalaegerszeg, Fuvar utca 6, company registration number: 13-09-081858, tax ID: 11815798-2-44, represented by: Wolfgang Reinel, managing director; Roman Stolicny, managing director; Péter Szabó, company manager)
The Service Provider delivers the ordered products using its own vehicle.

Please be informed that when placing an order, the Customer is obliged to provide accurate personal data and to notify the Supplier of any changes in the data provided without delay, but within 15 days at the latest. The Supplier shall not be liable for any damages resulting from the incorrect or erroneous provision of data during the Customer's order, as the Customer may at any time modify the personal data provided by them by notifying the Supplier in writing. The Supplier has the right to delete obviously incorrect or false data and, in case of doubt, to verify the authenticity of the Customer's data, and reserves the right to reject the order if the Customer provides false or incomplete data or misuses personal data during registration.
The personal data provided when placing an order are not public and cannot be accessed by third parties.
When placing an order on the Supplier's website, the Customer is fully responsible for the activities related to the data provided and undertakes to notify the Supplier immediately in case the Customer notices any unauthorized use or any breach of data security with regard to their data. The Supplier is not liable for any damages incurred due to the storage of the password or due to the transfer of the email address and password to third parties.
The Supplier shall not be liable for any damages arising from the visiting or use of its website by the Customer, or for any of the following events occurring for any reason whatsoever: non-receipt of data sent and/or received over the Internet; malfunctions of the Internet network which prevent the performance of this contract; defect of the receiving equipment or communication lines, loss of any content or data; defect of any software or website; program errors, consequences of extraordinary events or technical failures including force majeure and the charges levied by the Internet service provider on the Customer.
The Parties stipulate that if the Customer orders a custom-made product through the website, the price, time of production, the terms of delivery and payment of the product shall be based on the mutual agreement of the Parties.

4. Right of Withdrawal

According to the provisions of Section 20 of Government Decree No. 45/2014 (II.26.) on the detailed rules of contracts between consumers and businesses (hereinafter: Government Decree), the Customer has the right to withdraw from the purchase without giving any reason within 14 days of the conclusion of the contract in the case of products on the website. The time limit expires 14 days after the date on which the Customer or a third party designated by the Customer (excluding the carrier) takes delivery of the goods, or, in the case of the supply of goods consisting of several batches or pieces, 14 days after the date on which the Customer or a third party designated by the Customer (excluding the carrier) takes delivery of the last batch or piece.
If the Customer wishes to exercise their right of withdrawal/unilateral termination, they must send a clear statement of their intention to withdraw from/unilaterally terminate the contract (by post or electronic mail) to the Supplier to the following address: Veres és Társai Kft. (Registered seat: 9700 Szombathely, Kárpáti Kelemen utca 19/A., Company registration number: 18-09-103666, VAT identification number: 11513898-2-18, Email: info@eco-trend.hu, Represented by: Magdolna VERES and István András ANTAL, managing directors), or alternatively use the template form for declaration of withdrawal from/unilateral termination of the contract, which is available on the Supplier’s website.
The Customer exercises their right of withdrawal/unilateral termination within the time limit if they send their withdrawal/termination notice before the expiry of the time limit indicated above.
If the Customer withdraws from the contract, the Supplier shall reimburse the Customer for all consideration paid by the Customer, including the transport costs (but excluding any additional costs incurred due to the Customer's choice of a transport mode other than the cheapest usual transport mode offered by the Supplier), without delay, but no later than 14 days after receipt of the Customer's notice of withdrawal. The Supplier shall use the same payment method for the refund as the one used in the original payment transaction, unless the Customer expressly agrees to another payment method; none the less the Customer shall not incur any additional costs as a result of the use of this latter refund method. The refund may be withheld by the Supplier until the product is returned or the Customer has provided proof that it has been sent back, whichever is the earlier.
The Customer shall return the product to the Supplier without undue delay, but no later than 14 days from the date of the communication of the Customer's withdrawal. The deadline is considered met if the product is dispatched to the Supplier before the 14-day time limit.
The direct cost of returning the product shall be borne by the Customer.
The Customer can only be held liable for depreciation of the product if it is due to use beyond the use necessary to establish the nature, characteristics and functioning of the product.

5. Responsibilities of the Supplier

Supplier shall be released from liability for breach of contract if it proves that the breach of contract was caused by a circumstance which was beyond its control and unforeseeable at the time of the conclusion of the contract and it could not have been expected of the Supplier to avoid the circumstance or avert the damage.
Defective performance: the Supplier performs defectively if, at the time of performance, the service does not comply with the quality requirements laid down in the contract or by law. The Supplier’s performance shall not be deemed defective, if the Customer was aware or should have been aware of the defect of the product at the time of conclusion of the contract.
Warranty of Material Defects On the basis of a contract in which the parties owe mutual services, the Supplier shall be subject to a warranty for material defects for its defective performance. Under their claim for warranty for material defects, the Customer, subject to their choice,
1. may claim repair or replacement, unless the performance of the chosen remedy for breach of warranty for material defects is impossible, or if it would result in disproportionate additional costs to the Supplier compared to satisfying a different claim for warranty for material defects, taking into account the value that the service would have in flawless condition, the gravity of the breach of contract and the harm to interests caused to the Customer by satisfying the right of warranty for material defects; or
2. may claim the pro rata reduction of the consideration; may repair the defect themselves or have it repaired by somebody else at the Supplier’s expense, or may withdraw from the contract if the Supplier did not undertake to repair or replace the product, or was unable to comply with this obligation, or if the Customer’s interest in having the product repaired or replaced no longer exists.

An insignificant defect shall not give rise to withdrawal. The repair or replacement must be carried out within a reasonable period of time, without prejudice to the interests of the Customer.

In case of an incorrectly indicated price, the contract is concluded at the incorrect price indicated by the Supplier.
Product Warranty In the event of a defect in movable thing sold by an undertaking to a consumer (for the purposes of this sub-title: “the product”), the consumer may demand that the producer repair the defect in the product, or, if repair is not possible within an appropriate time limit without causing harm to the consumer’s interests, replace the product. A product is defective if it does not comply with the quality requirements applicable at the time of placing the product on the market, or if it does not have the characteristics indicated in the description provided by the producer.
The manufacturer and the distributor of the product shall qualify as the producer.
The producer shall be exempted from the product warranty obligation if it proves that
a) it has not produced or distributed the product within its business activities or independent professional activities;
b) the defect was not recognisable given the state of scientific or technical knowledge when the product was placed on the market; or
c) the product’s defect was caused by the application of a law or a mandatory authority provision.
In the event of replacement, the producer shall be subject to an obligation of warranty for material defects with respect to the replaced product, and in the event of repair, with respect to the part of the product affected by the repair.
Following the detection of the defect, the consumer shall be required to communicate the defect to the producer without delay. A defect communicated within two months following the detection shall be considered communicated without delay. The consumer shall be liable for the damage arising from the delayed communication.
The producer shall be subject to product warranty for two years after he placed the relevant product on the market. The expiry of this time limit shall cause the forfeiture of rights.
In the event of the transfer of the product’s ownership, the product warranty rights may be enforced by the new owner against the producer.

6. Adoption of the GTC

The Customer accepts these GTC when placing an order with the Supplier. The Customer also acknowledges that it is bound by the GTC.
The Customer further consents to the Supplier processing their personal data provided when placing an order by email for the purposes, in the manner and to the extent provided in the GTC.
The Customer acknowledges that their right to place an order is subject to them accepting the GTC.

7. Processing of Personal Data

The Data Management Policy available on the website (www.ecotrendwebshop.com) contains information about the personal data processed during the ordering process.

8. Obligation to Cooperate and Provide Information

The Supplier and the Customer shall cooperate and inform each other of the material circumstances of the contract during the contract negotiations, at the conclusion, during the duration and at the termination of the contract.
The Customer may communicate with the Supplier by email, via the Messenger app or by telephone.

9. Termination of the Contract

The Supplier is entitled, with no obligation to give a reason for the termination, to terminate the contract with the Customer under the GTC by giving 15 days' notice in writing.
The Customer is entitled, with no obligation to give a reason for the termination, to terminate the contract with the Supplier under the GTC by giving 15 days' notice in writing.
The Supplier has the right to terminate its contract with the Customer with immediate effect, in writing, if the Customer seriously breaches the provisions of these GTC.
The Parties are entitled to terminate the contract under these GTC by mutual agreement in writing at any time.
The Parties conclude the contract under these GTC for a fixed term.
If the Customer causes damage to the Supplier by breaching the contract under these GTC, the Customer shall compensate the Supplier in full for the resulting damage. The obligation to pay damages covers
1. damage caused by the Customer's breach of contract,
2. consequential damages,
3. foreseeable damages caused by breach of duty,
4. the loss of profit suffered by the Supplier; and
5. the costs incurred by the Supplier to remedy the damage.

10. Handling of Complaints

The Supplier shall keep a record of complaints and keep them, together with the response to them, for five years from the date of the complaint.
The Supplier is obliged to investigate and respond to complaints within 30 days. In the event of a rejection, the Supplier must provide written reasons for the rejection.
The Consumer may lodge a complaint with the consumer protection authority. Pursuant to Section 45/A (1)-(3) of the act on consumer protection and Government Decree No. 387/2016 (XII. 2.) on the designation of the consumer protection authority, the Government Office acts as the general consumer protection authority: https://kormanyhivatalok.hu/kormanyhivatalok
Disputes arising from a contract concluded with the Supplier shall be settled primarily by amicable means, by agreement between the parties, or before the consumer protection authority of the Customer's place of residence. If the above approaches are unsuccessful, the parties may, at their discretion, refer the matter to the conciliation board competent for the seat of the Supplier or to the courts. Conciliation boards operated by the Chambers of Commerce and Industry according to territorial jurisdiction pertaining to registered address:

Name of the Conciliation Board	Registered Seat, Address of the Conciliation Board	Territorial Jurisdiction
Budapesti Békéltető Testület [Budapest Conciliation Board]	Budapest Budapesti Békéltető Testület [Budapest Conciliation Board] Address: 1016 BUDAPEST, Krisztina krt. 99. Telephone number: +36 1 488-2131 Telefax number: +36 1 488-2186 Chairperson: Dr. Éva Veronika INZELT Website: https://bekeltet.bkik.hu/ Email address: bekelteto.testulet@bkik.hu	Budapest
Baranya Vármegyei Békéltető Testület [Baranya County Conciliation Board]	Pécs Baranya Vármegyei Békéltető Testület [Baranya County Conciliation Board] Address: 7625 Pécs, Majorossy Imre u. 36. Telephone number: +36 72 507-154; +36 20 283-3422 Telefax number: +36 72 507-152 Chairperson: Dr. Ferenc BÉRCESI Website: www.baranyabekeltetes.hu Email address: info@baranyabekeltetes.hu kerelem@baranyabekeltetes.hu	Baranya county, Tolna county, Somogy county
Borsod-Abaúj-Zemplén Vármegyei Békéltető Testület [Borsod-Abaúj-Zemplén County Conciliation Board]	Miskolc Borsod-Abaúj-Zemplén Vármegyei Békéltető Testület [Borsod-Abaúj-Zemplén County Conciliation Board] Address: 3525 Miskolc, Szentpáli u. 1. Telephone number: +36 46 501-091 (new cases); +36 46 501-871 (ongoing cases) Chairperson: Dr. Péter TULIPÁN Website: www.bekeltetes.borsodmegye.hu Email address: bekeltetes@bokik.hu	Borsod-Abaúj-Zemplén county, Heves county, Nógrád county
Csongrád-Csanád Vármegyei Békéltető Testület [Csongrád-Csanád County Conciliation Board]	Szeged Csongrád-Csanád Vármegyei Békéltető Testület [Csongrád-Csanád County Conciliation Board] Address: 6721 Szeged, Párizsi krt. 8-12. Telephone number: +36 62 554-250/extension: 118 Telefax number: +36 62 426-149 Chairperson: Dr. Károly HORVÁTH Website: www.bekeltetes-csongrad.hu Email address: bekelteto.testulet@csmkik.hu	Békés county, Csongrád-Csanád county, Bács-Kiskun county
Fejér Vármegyei Békéltető Testület [Fejér County Conciliation Board]	Székesfehérvár Fejér Vármegyei Békéltető Testület [Fejér County Conciliation Board] Address: 8000 Székesfehérvár, Hosszúséta tér 4-6. Telephone number: +36 22 510-310 Telefax number: +36 22 510-312 Chairperson: Dr. József VÁRI KOVÁCS Website: www.bekeltetesfejer.hu Email address: bekeltetes@fmkik.hu; fmkik@fmkik.hu	Fejér county, Komárom-Esztergom county, Veszprém county
Győr-Moson-Sopron Vármegyei Békéltető Testület [Győr-Moson-Sopron County Conciliation Board]	Győr Győr-Moson-Sopron Vármegyei Békéltető Testület [Győr-Moson-Sopron County Conciliation Board] Address: 9021 Győr, Szent István út 10/a. Telephone number: +36 96 520-217 Chairperson: Dr. Beáta BAGOLY Website: https://gymsmkik.hu/bekelteto Email address: bekeltetotestulet@gymskik.hu	Győr-Moson-Sopron county, Vas county, Zala county
Hajdú-Bihar Vármegyei Békéltető Testület [Hajdú-Bihar County Conciliation Board]	Debrecen Hajdú-Bihar Vármegyei Békéltető Testület [Hajdú-Bihar County Conciliation Board] Registered seat: 4025 Debrecen, Petőfi tér 10. Client service: 4025 Debrecen Vörösmarty u. 13-15. Telephone number: +36 52 500-710; +36 52 500-745 Telefax number: +36 52 500-720 Chairperson: Dr. Zsolt HAJNAL Website: https://www.hbmbekeltetes.hu Email address: bekelteto@hbkik.hu	Hajdú-Bihar county, Szabolcs-Szatmár-Bereg county, Jász-Nagykun-Szolnok county
Pest Vármegyei Békéltető Testület [Pest County Conciliation Board]	Budapest Pest Vármegyei Békéltető Testület [Pest County Conciliation Board] Registered seat: 1055 Budapest, Balassi Bálint u. 25. IV/2. Telephone number: +36 1 792 7881 Chairperson: Dr. Pál KONCZ Website: www.pestmegyeibekelteto.hu; www.panaszrendezes.hu Email address: pmbekelteto@pmkik.hu	Pest county

The conciliation board has the competence to resolve consumer disputes out of court. It is the responsibility of the conciliation board to attempt to facilitate the conclusion of a settlement agreement between the parties that settles the dispute; if the attempt is inconclusive, the conciliation board adopts a decision to ensure the simple, rapid, effective and cost-efficient enforcement of consumer rights. At the request of the consumer or the Supplier, the conciliation board provides advice concerning the rights and obligations of the consumer.
In the absence of a settlement, the board, on the merits of the case,
a) makes a decision providing for an obligation if
aa) the request is well-founded and the Supplier – in its statement of general submission under Section 36/C of act on consumer protection registered with the conciliation board or the chamber or communicated in its commercial communication, or in a declaration made at the commencement of the procedure or not later than the date when the decision was taken – recognised the decision of the conciliation board as binding upon it, or
ab) the Supplier made no statement of general submission, but the request is well-founded and the consumer's claim does not exceed HUF 200,000, neither in the submitted request nor at the time of the decision imposing the obligation, or
b) issues a recommendation if the request is well-founded but, at the commencement of the procedure, the Supplier stated it would not recognise the decision of the board as binding upon it, or made no statement as to whether it would recognise the decision made by the board.
In the event of cross-border consumer disputes related to online contracts of sale or online service contracts, all conciliation bodies operated by the county (capital) chambers of commerce and industry may act, taking into account the rules of territorial jurisdiction set out in Section 20 of the act on consumer protection.
The Supplier is subject to the obligation to cooperate in the conciliation board procedure and, in this context, shall send its response with the content set forth in the act on consumer protection to the conciliation board within the time limit specified in the same act. With the exception of the application of Regulation (EU) No. 524/2013 of the European Parliament and of the Council of 21 May 2013 on online dispute resolution for consumer disputes and amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC, the Supplier is obliged to ensure that a person authorised to make a settlement is present at the hearing. The online hearing must be attended online by a representative of the business, who is authorised to negotiate the settlement. If the consumer requests a personal hearing, the representative of the business authorised to negotiate a settlement must attend the interview at least online.
If the Consumer does not apply to a conciliation body, or if the procedure has not been successful, the Consumer has the right to go to court to request the settlement of the dispute. The action must be brought by means of a statement of claim, which must contain the following information:
1. the competent court for the dispute
2. the names of the parties and of their representatives, their place of residence and their status in the proceedings
3. the right claimed and the facts and evidence supporting the claim
4. an definite request for a ruling from the court
5. attached relevant document or a copy of it, the contents of which are referenced by the party as evidence.
You can also use the ODR system (Online Dispute Resolution Platform) to resolve any problems that may have arisen during the purchase. The system is designed so the customer contacts the trader through the ODR platform. For further information and to use the system, please click on the link below:

https://ec.europa.eu/consumers/odr/main/?event=main.home.howitworks

For all legal and litigation matters within the European Union, we designate the competence of the Szombathely Court of Law (9700 Szombathely, Szily János utca 7.).

11. Amendment of the GTC

The Supplier shall be entitled to unilaterally modify these GTC at its own discretion and decision. Amendment may be warranted if:
- the circumstances for the Supplier materially change;

there is a change in the law;

there is a reason related to the Supplier's operation, economic interests, technical or technological capabilities, management, or circumstances affecting the service.

The Supplier must publish the GTC, as well as any amendments thereto and the GTC consolidated by the amendment, free of charge in a clearly visible place on its website, on the opening page, in a way that makes the GTC directly accessible, storable, displayable and printable. The amendment to the GTC shall enter into force on the 8th day following its publication and shall apply to all contracts concluded after its entry into force and to all contracts concluded before its entry into force. The Supplier shall notify the Customers of the changes to the GTC by electronic means (email).
If the Customer does not object to the amendment of the GTC in writing to the Supplier within 8 days from the date of publication or notification (whichever is later), it shall be deemed to be implied acceptance of the amendment by the Customer. If the Customer expressly objects to the amendment to the GTC and expressly refuses to accept it, the Supplier shall be entitled to terminate the contract with the Customer by giving 15 days' written notice.

12. Miscellaneous Provisions

If any provision of these GTC is or becomes invalid, that provision shall not affect the other provisions of these GTC.
The provisions of the Act V of 2013 on the Hungarian Civil Code (hereinafter: "Civil Code") shall apply to matters not specified in these General Terms and Conditions. For more information, see Section 50 (1) of Act XXVIII of 2017 on Private International Law (hereinafter: “Nmjtv.”).
These GTC are valid for an indefinite period.

www.ecotrendwebshop.com

Effective: as of 18.06.2025 until further notice

Veres és Társai Kft. (Registered seat: 9700 Szombathely, Kárpáti Kelemen utca 19/A., Company registration number: 18-09-103666, VAT identification number: 11513898-2-18, Email: info@eco-trend.hu, Represented by: Magdolna VERES and István András ANTAL, managing directors) as the Data Controller fulfils its obligations in relation to the processing of personal data within the framework of this Privacy Policy.

1. Introductory Provisions, Purpose of the Privacy Policy

In order to comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and the Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information (hereinafter: “Info Act”), the Data Controller sets out in this Privacy Policy the applicable data protection rules and the procedures related thereto, as well as expresses its respect for and protection of the principles set out in the Regulation.

The Controller acknowledges that it is bound by the contents of this Privacy Policy. The purpose of this Privacy Policy is to inform the Data Controller's customers, partners and clients about the processing of their personal data. The Data Controller shall process personal data only in accordance with the legal provisions in force and in strict compliance with their provisions, taking into account the principles set out in Article 5 of the GDPR:

Principle of lawfulness, fairness and transparency,
Principle of purpose limitation,
Principle of data minimisation,
Principle of accuracy,
Principle of storage limitation.

The Data Controller is committed to the protection of the personal data of data subjects, and places utmost importance on respecting the right of the data subjects to self-determination. It processes the recorded personal data confidentially in accordance with data protection legislation. In addition, it will take all technical and organisational measures to ensure the secure storage of data. The data shall be protected by appropriate measures against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction and damage, and from becoming inaccessible due to changes in the technology used.

Personal, Material and Temporal Scope of the Privacy Policy:

The personal scope of this Privacy Notice applies to the Data Controller and the natural persons whose data are included in the processing covered by this Policy, as well as to persons whose rights or legitimate interests are affected by the processing.

Definitions:

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing of special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Processing means, regardless of the procedure applied, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data transfer means making the data available to a specific third party.

Disclosure means making the data available to anyone.

Data erasure means making data unrecognisable in such a way that data restoration is no longer possible.

Filing system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

Controller means the person who – alone or jointly with others – determines the purposes and means of the processing.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data subject means any natural person identified or identifiable, directly or indirectly, on the basis of personal data.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Email means electronic mail. Its name refers to the method of writing or transmitting, which takes place entirely by electronic means using computer networks.

Internet (Internetworking System) is a global system of interconnected computer networks (a so-called meta-network) that connects the entire Earth, connecting government, military, commercial, business, educational, research, and other institutions, as well as individual users.

Website, webpage, web portal, homepage mean an electronic interface suitable for display and communication of information, which is typically located on servers connected to the Internet (Webserver). These sites, pages have a unique address (link) that is used to navigate to the given site by typing it into a browser application. The technology of the websites allows hyperlinks between individual content elements and links (hypertext).

Cookies means code components used to provide convenience features for websites. There are two basic types. One is stored on the visitor’s own machine, the other is stored on the server side; a so-called session cookie. From a processing point of view, the processing of session cookies must be regulated. The websites must inform visitors about the use of cookies and request their consent.

Electronic newsletter means information sent to the e-mail address of persons subscribed to the address list, typically created automatically and sent by an application designed for this purpose, for transactional, advertising or other campaign purposes.

2. Legal Basis and Purpose of Processing

Processing of personal data may be lawful only if and to the extent that at least one of the following conditions is met in accordance with Article 6 of the GDPR:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The Data Controller must verify the lawfulness of data processing at all stages of its activities, and may only process data and only to the extent, for which it can justify the purpose and legal basis. If the legal basis for the processing is no longer applicable, the processing is only lawful if another legal basis can be demonstrated, failing which the data must be deleted.

Hosting of the Website

Server and hosting provider: Unas Online Kft.

Address: 9400 Sopron, Kőszegi út 14.

The server and hosting service provider stores the personal data in its possession, but is not entitled to use it.

Information about the Cookies Used on the Website

Cookies are data files that are created by websites you visit. They make online navigation easier by saving the browsing data. Cookies allow websites to do the following:

they keep you logged in;
they allow websites to remember the website settings;
they make it possible for the websites to recommend you locally relevant content.

Some cookies expire when the website is closed and some have a longer expiry date.

Legal Background of Cookies:

The background to processing is set out in the provisions of the GDPR, the Info Act and the Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

Legal Basis for Cookies:

The legal basis for processing is Article 6 (1) (f) of the GDPR for session cookies, Article 6 (1) (a) of the GDPR for other cookies (e.g. secure, analytics) and your consent in accordance with Section 5 (1) (a) of the Info Act.

Please note that the data subject declares by accepting the use of cookies on the website of the Data Controller that they are over 16 years of age. No person under the age of 16 may opt in or opt out of the use of cookies by this website. Pursuant to Article 8 (1) of the GDPR, the validity of declaration of consent to data processing by such person below the age of 16 requires the consent of their legal representative. The Data Controller is not in a position to verify the age and eligibility of the person giving consent, so the Data Subject guarantees that the data they provide is accurate.

The Following Cookies are Used on the Website:

Session cookie: These cookies are temporarily activated while browsing. That is, from the moment the user opens the browser window until the moment it is closed. As soon as the browser closes, all session cookies are deleted. No personal data is stored in a session cookie.

The website uses the following cookie for its operation: PHPSESSID.

Erasure of Cookies

The cookies placed by websites may be deleted from your device at any time using your browser. For details on how to delete or manage cookies, please, refer to your browser’s Help menu. Also, you can set the browser to block cookies or request a notification each time your browser receives a new cookie. Blocking cookies may technically prevent you from using our website.

If you do not accept the use of cookies, certain features will not be available.

Initiating Contact, Enquiring via the Website

The Data Controller makes it possible for an interested party to contact it using any of the contact details indicated on the website. The data provided will only be used to contact the interested party.

The purpose of data processing is for the operator of the website to establish contact with interested parties and to provide them with a quotation.

Legal basis for processing:

In the case of enquiries and requests for information, data processing is based on voluntary consent pursuant to Article 6 (1) (a) of the GDPR. In the case of a quotation, the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract under Article 6 (1) (b) of the GDPR.

Duration of processing:

The personal data provided will be processed for different periods of time depending on the nature of the contact.

In the case of an inquiry or a contact initiated, the Data Controller will not store the data after the necessary information has been provided, unless the subject matter of the ad hoc initiated contact gives rise to a legally enforceable claim, in which case the data can be stored for a maximum of 5 years for the purpose of supporting the claim.

In the case of a given quotation, the data retention period is the period of the offer’s validity, which is defined in Section 6:64-69 of the Civil Code.

If a business relationship is established, the data must be retained for 8 years in accordance with Section 169 (2) of the Accounting Act.

Product Order

The website of the Data Controller also offers interested parties the possibility to order products marketed by the Data Controller.

To order the selected products, the Customer will be asked to provide the following personal data:

Name
Email address
Telephone number
Company name
EU VAT number
Address(es): both invoicing and delivery addresses, if different

Data processor:

National Tax and Customs Administration of Hungary (online invoicing)
Delivery to door: DPD Hungary Kft., Magyar Posta Zrt., DACHSER Hungary Kft.
Kereskedelmi és Hitelbank Zrt.
Online invoicing software: Billingo (Billingo Technologies Zrt.)
Accounting (V&T Vezetés és Tanácsadás Kft.)

Legal basis for processing: The processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract under Article 6 (1) (b) of the GDPR.

In the case of issuing an invoice, the legal basis for data processing is the fulfilment of a legal obligation under Article 6 (1) (c) of the GDPR, which obligation is set out in the provisions of the Accounting Act.

Duration of processing:

The accounting documents issued must be retained for 8 years in accordance with Section 169 (2) of the Accounting Act.

3. Data Transfer to a Third Country

On 10 July 2023, the European Commission adopted an adequacy decision for the new EU-US Data Privacy Framework, stating that personal data can be transferred securely from the European Union to organisation in the USA participating in the new framework as the United States ensures an adequate level of protection for personal data transferred from the EU to participating organisations in the USA. A prerequisite for joining the Trans-Atlantic Data Privacy Framework is that organisations in the USA, as data controllers, commit to implementing GDPR-compliant data protection measures. A list of organisation in the USA that have joined can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search

The US authorities have access to personal data of EU citizens for law enforcement and national security purposes under the Trans-Atlantic Data Privacy Framework, subject to safeguards and must always bear in mind the principles of necessity and proportionality. The safeguards put in place by the USA also make transatlantic data flows in a more general sense easier, as they are applicable even if the transfer is facilitated by using other instruments, such as general terms and conditions and binding corporate rules.

One of the key safeguards of the Trans-Atlantic Data Privacy Framework is the two-tiered complaint mechanism for European citizens: on the one hand, they can appeal to the Civil Liberties Protection Officer at the National Security Agency (NSA) of the USA and can lodge an appeal against his or her negative decision to an independent specialised three-member panel, the Data Protection Review Court (DPRC), which can review the legality of data use and access by intelligence services. EU citizens can use the DPRC's redress mechanisms by submitting a request to the competent EU data protection authority, which must then be transmitted through secure channels to the European Data Protection Board, and the complaint is “mailed” in this way. The decision in the case follows the same path.

Useful link: https://www.justice.gov/opa/pr/attorney-general-merrick-b-garland-announces-judges-data-protection-review-court/

General information on data transfers to the US after 10 July 2023 is available in English at:

https://www.edpb.europa.eu/system/files/202307/edpb_informationnoteadequacydecisionus_en.pdf

Information on the redress mechanism in relation to alleged violations with regard to data processing for national security purposes involving data transferred to the US within the Trans-Atlantic Data Privacy Framework after 10 July 2023 is available in English at:

https://www.edpb.europa.eu/system/files/2024-04/edpb_information-note_dpf-redress-mechanism-national-security-purposes_en.pdf

Template complaint form for alleged violations with regard to data processing for national security purposes involving personal data transferred to the US within the Trans-Atlantic Data Privacy Framework after 10 July 2023 is available in English at:

https://www.edpb.europa.eu/system/files/2024-04/edpb_dpf_template-complaint-form_national-security-purposes_en.pdf

Template complaint form for alleged violations with regard to data processing for commercial purposes involving personal data transferred to the US within the Trans-Atlantic Data Privacy Framework after 10 July 2023 – in cases of transfers for employment purposes, or where the controller voluntarily submits to cooperate with the EU data protection authorities – is available in English at:

https://www.edpb.europa.eu/system/files/2024-04/dpf_template-complaint-form_commercial-complaints_en.pdf

Rules of procedure of European Data Protection Authorities regarding the submission of complaints in the redress mechanism in relation to alleged violations with regard to data processing for national security purposes involving data transferred to the US within the Trans-Atlantic Data Privacy Framework is available in English at:

https://www.edpb.europa.eu/system/files/2024-04/edpb_rules-of-procedure_national-security-purposes_en.pdf

Rules of procedure of European Data Protection Authorities with regard to data processing for commercial purposes involving personal data transferred to the US within the Trans-Atlantic Data Privacy Framework – in cases of transfers for employment purposes, or where the controller voluntarily submits to cooperate with the EU data protection authorities – is available in English at:

https://www.edpb.europa.eu/system/files/2024-04/dpf_rules-of-procedure_informal-panel-dpas_en.pdf

4. Personal Data Breach

A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned.

It should be ascertained whether all appropriate technological protection and organisational measures have been implemented to establish immediately whether a personal data breach has taken place and to inform promptly the supervisory authority and the data subject The fact that the notification was made without undue delay should be established taking into account in particular the nature and gravity of the personal data breach and its consequences and adverse effects for the data subject. Such notification may result in an intervention of the supervisory authority in accordance with its tasks and powers laid down in this Regulation.

Notification of a Personal Data Breach to the Supervisory Authority

In the case of a personal data breach, the Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.

The notification shall at least:

a)	describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

b)	communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;

c)	describe the likely consequences of the personal data breach;

d)	describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.

Obligation to Communicate the Personal Data Breach to the Data Subject Pursuant to Article 34 of the GDPR

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay. The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33 (3).

The communication to the data subject shall not be required if any of the following conditions are met:

the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;

b)	the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 1 is no longer likely to materialize;

c)	it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to above are met.

5. Rights of the data Subject pursuant to the GDPR

In connection with the data processing and through the Data Controller, the data subject has the right to:

– request information about the processing and access to the data processed concerning them,

– request the rectification of inaccurate data and to have incomplete personal data completed,

– request the erasure of personal data processed based on their consent,

– object to the processing of their personal data,

– exercise their right to data portability

– request the restriction of processing.

On the basis of a request for information, the data subject has the right to, unless it is restricted by a legitimate interest, find out whether their personal data are being processed by the controller and has the right to obtain information about the data processed concerning them with regard to: – the purposes for which the data are processed, – the legal basis for the processing of the data, – from when and for how long the data are processed (duration), – what data are processed and a copy of these data shall be provided to the data subject, – the recipients or categories of recipients of the personal data, – transfers to third countries or international organisations, – the data subject's rights in relation to the processing, – the data subject’s rights of redress. The employer as data controller shall respond to requests for information and for access within 30 days at the latest. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. In some cases, the data controller may refuse to provide information on the basis of a legal authorisation, for example to prevent or prosecute criminal offences, in which case the response shall include information about the legal provision the refusal is based on and the legal remedy.

In the case of a request for rectification (amendment) of data, the data subject must substantiate the accuracy of the data requested to be amended and must also certify that the person entitled to request the rectification is the person who requests the amendment. If it is not certain that the data processed is correct or accurate, the data controller does not amend the data, but only flags it, i.e. indicates that the data subject has contested it, but the data may not be incorrect. The data controller shall, without undue delay, correct inaccurate personal data or complete incomplete data concerned by the request, after confirming the authenticity of the request. The data controller shall notify the data subject of the rectification or the flagging of personal data.

The data controller complies with the request to restrict processing if one of the following conditions is met:

– the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

– the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; – the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, personal data shall, with the exception of storage, only be processed:

– with the data subject's consent,

– for the establishment, exercise or defence of legal claims,

– for the protection of the rights of another natural or legal person, or

– for reasons of important public interest of the Union or of a Member State.

The Data Controller shall inform the Data Subject before the restriction of processing is lifted.

Remedies:

If the data subject alleges that the processing is in breach of the provisions of the GDPR or the controller's processing of the data subject’s personal data is prejudicial, they should contact the Data Protection Officer or, if the controller does not employ a Data Protection Officer, the company's representative with the complaint. The complaint will always be investigated. If, despite the response to the complaint, the data subject still maintains their objection to the way their data is handled by the data controller or wishes to contact the data protection authority directly, the data subject can lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa u. 9-11., 1363 Budapest. Pf. 9.).

The data subject can also turn to the courts, which will rule on the case in extraordinary expeditious proceedings. In this case, the data subject can decide whether to file their claim in the court of their domicile (permanent address) or the court of their residence (temporary address) (https://birosag.hu/torvenyszekek). Courts with their territorial jurisdiction are listed at https://birosag.hu/birosag-kereso.

Legitimate Interest Assessment Test

with regard to the session cookies used on the Data Controller's website

Pursuant to Article 6 (1) (f) of the GDPR – “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child” – the Data Controller, Veres és Társai Kft. (Registered seat: 9700 Szombathely, Kárpáti Kelemen utca 19/A., Company registration number: 18-09-103666, VAT identification number: 11513898-2-18, Email: info@eco-trend.hu, Represented by: Magdolna VERES and István András ANTAL, managing directors) uses the session cookie “PHPSESSID” on its website at www.ecotrendwebshop.com.

In order to determine whether the aforementioned conditions of the General Data Protection Regulation (GDPR) are met in relation to the personal data being subject of the Legitimate Interest Assessment Test, it is necessary to carry out this Legitimate Interest Assessment Test.

When carrying out the legitimate interest assessment test, the Data Controller shall

establish its legitimate interest in the processing of the personal data being subject of the legitimate interest assessment test
establish the interests and fundamental rights of the Data Subject in relation to the personal data being subject of the legitimate interest assessment test
carry out a comparison and assessment of the legitimate interests of the Data Controller and of the interests and fundamental rights of the Data Subject, and on this basis, determine whether the Data Subject's personal data can be processed on this legal basis.

In any case, the Data Controller must inform the Data Subject of the result of the legitimate interest assessment test.

The legitimate interest assessment test must be concluded before data processing is started.

The purpose of the legitimate interest assessment test is for the Data Controller to demonstrate in detail its legitimate interest as website operator in the use of session cookies on the www.ecotrendwebshop.com website.

Applicable Legislation:

With regard to the processing of personal data, the main applicable acts of legislation for natural persons are the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data (“GDPR”), the Act CXII of 2011 on Informational Self-Determination and Freedom of Information (“Info Act”) and the Act CVIII of 2001 on Certain Issues of Electronic Commerce and Information Society Services (“Electronic Commerce Act”).

Comparison of the Interests of the Data Controller and the Data Subject:

The www.ecotrendwebshop.com website is an internet site presenting the services of Veres és Társai Kft.

In order to comply with the principle of purpose limitation, the www.ecotrendwebshop.com website uses a session cookie. The use of cookies is strictly necessary for the basic functioning of the website in accordance with Article 6 (1) (f) of the GDPR, as the use of these cookies supports the basic functioning of the website, without which the smooth operation of the website cannot be ensured. Session cookies are cookies that are essential for the technical functioning of the website (e.g. navigation on the site). The session cookie is strictly necessary for the Supplier to provide the information society service explicitly requested by the user and is linked to the user's activity (e.g. filling in a form, pressing a button). Ensuring the proper functioning of the website is required by the e-commerce services and by Section 13/A (3) of the Electronic Commerce Act, according to which the Supplier, in this case the website operator, processes personal data that are technically necessary for the provision of the service. Even if the other conditions are identical, the Supplier must choose and in any case operate the tools used to provide the service in such a way that personal data are processed only if necessary for the provision of the service and for the fulfilment of the other purposes set out in the Electronic Commerce Act, but even then only for the time and to the extent necessary.

In accordance with the principle of purpose limitation and the legitimate interest assessment test, the website operator must demonstrate its legitimate interest in the use of the session cookie.

Legal Basis for Using Session Cookie: Pursuant to Article 6 (1) (f) of the GDPR, processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Purpose of data processing: the use of session cookies on the www.ecotrendwebshop.com internet site. The session cookie is used to track user data input.

Compliance with the principle of purpose limitation of processing: the Data Controller processes the session cookie in order to fulfil its obligations under Article 13/A(3) of the Electronic Commerce Act and does not process it in a manner incompatible with these purposes.

The Legitimate Interests Providing Legal Basis for the Processing:

The use of session cookies on the website of the Data Controller at www.ecotrendwebshop.com, and the processing of data strictly necessary for the provision of the service, as authorised by Section 13/A (3) of the Electronic Commerce Act.

The Scope of Personal Data Processed by the Session Cookies: No personal data relating to the user is recorded, only the data and activity that occurs during a session on the website.

Duration of Data Processing: The session cookie is created for the duration of the visit and is automatically deleted when the session ends or the browser is closed.

The Data Controller will provide adequate information about the use of the session cookie to the data subjects in a way that is accessible to everyone, and the cookies will be present on the site in a way that is necessary and proportionate to achieve the purpose and will be created only for the minimum time necessary – they will be automatically deleted at the end of the session or when the site is closed.

In connection with the data processing the data subject has the right to:

– request information about the processing and access to the data processed concerning them,

– request the rectification of inaccurate data and to have incomplete personal data completed,

– request the erasure of personal data processed based on their consent,

– object to the processing of their personal data,

– exercise their right to data portability

– request the restriction of processing.

Result of the Legitimate Interest Assessment Test:

The purpose of data processing is to enable the use of a session cookie on the website of the Data Controller at www.ecotrendwebshop.com, which is necessary for the smooth operation of the site, without which the smooth use of the website cannot be guaranteed. Session cookies are cookies that provide basic functionality to support basic functions that are essential for the technical operation of the website. The proper functioning of the website is ensured and the related data is processed in accordance with the statutory authorisation set out in Article 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce and Information Society Services. Furthermore, session cookies have a short lifetime, are limited to the user's actual session and are automatically deleted at the end of the session or when the browser is closed. They also prevent data loss.

In relation to the use of session cookies on the www.ecotrendwebshop.com website, the legal basis for the processing is the legitimate interest referred to in Article 6 (1) (f) of the GDPR, and the rights and interests of data subjects are not affected adversely to such an extent that these would override the legitimate interests of the controller.

Szombathely, 18.06.2025

Veres és Társai Kft.

controller