PRIVACY POLICY

1. Introduction

1.1. Purpose of the Privacy Policy

The purpose of this Privacy Policy (hereinafter: “Policy”) is to present in a transparent and detailed manner how personal data is processed during the operations of Pro ACDC Kft. (hereinafter: “Data Controller”), and to provide information regarding the rights of data subjects and how they can be exercised.

1.2. Legal compliance (GDPR, Act CXII of 2011)

Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR): establishes the uniform EU rules concerning the protection of personal data.

Act CXII of 2011 (Info Act): the law forming the basis of Hungarian data protection regulations, on the right of informational self-determination and on freedom of information.

This Policy endeavors to comply with the requirements set out in the above legislation.

2. Details of the Data Controller

2.1. Name and contact details of the data controller

Name: Pro ACDC Kft.

Registered office: 2120 Dunakeszi, Rákóczi út 99.2.

Company registration number: 13-09-129536

Tax number: 14507225-2-13

Representative: Nándor Holecz

Phone number: +36 70 424 2318

2.2. Availability of the privacy policy

This Policy is available in electronic format at www.proacdc.hu, and can also be viewed in printed form upon request at our customer service office.

3. Definitions

3.1. Basic GDPR concepts

Personal data: any information relating to an identified or identifiable natural person (‘data subject’).

Data Controller: the natural or legal person which determines the purposes and means of the processing of personal data.

Data Processor: a natural or legal person which processes personal data on behalf of the Data Controller.

Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.

Data subject: any identified or identifiable natural person to whom the personal data relates.

3.2. Definition of a personal data breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

4. Principles of data processing

4.1. Legal bases and principles

Lawfulness, fairness and transparency: We process data only for specified and lawful purposes.

Purpose limitation: Only for pre-determined purposes, to the extent necessary to achieve the purpose.

Data minimisation: We collect and process only the personal data strictly necessary to achieve the purpose.

Accuracy: We ensure that the personal data processed is accurate and, where necessary, kept up to date.

Storage limitation: Personal data is stored only for the time necessary to achieve the purpose.

Integrity and confidentiality: We apply appropriate technical and organisational measures to protect personal data.

4.2. Accuracy and security of data

Both the Data Controller and the data subject are responsible for the regular updating of data; the latter is obliged to report any changes in their personal data.

The Data Controller makes every effort to ensure that the recorded data is accurate and protects it from unauthorized access with appropriate security measures.

5. Purposes and legal bases of data processing

5.1. Website registration

Purpose: Creating a user account and providing related services.

Legal basis:

Consent (GDPR Article 6(1)(a)), in cases where registration is voluntary and requested by the data subject.

Performance of a contract (GDPR Article 6(1)(b)), if registration is a prerequisite for providing the service.

Scope of processed data: Name, email address, password (encrypted), date of registration, IP address.

5.2. Order management

Purpose: Processing orders, performance of the contract, invoicing, and delivery.

Legal basis: Performance of a contract (GDPR Article 6(1)(b)).

Scope of processed data: Name, shipping and billing address, contact details (phone number, email), order details.

5.3. Invoicing

Purpose: Compliance with the applicable accounting laws (e.g., Act C of 2000).

Legal basis: Compliance with a legal obligation (GDPR Article 6(1)(c)).

Scope of processed data: Name/company name, address, tax number (for legal entities), other data necessary for invoicing.

5.4. Sending newsletters

Purpose: Marketing communication, information about new products and promotions.

Legal basis: Consent (GDPR Article 6(1)(a)).

Scope of processed data: Name, email address.

Note: You can unsubscribe from the newsletter at any time by clicking the link at the bottom of the newsletter or by notifying the Data Controller directly.

5.5. Use of cookies

Purpose: Ensuring the proper functioning of the website, improving user experience, analyzing visitor data, marketing purposes.

Legal basis:

Consent (GDPR Article 6(1)(a)) – for all cookies that are not essential for the website’s operation.

Legitimate interest or performance of a contract (GDPR Article 6(1)(f) or (b)) – for technical cookies essential for operation.

Further details: See the “Use of cookies” section (Point 11) of this Policy.

5.6. Data processing on social media platforms

Purpose: Communication, sharing information (Facebook, Instagram, etc.).

Legal basis: Voluntary decision, consent (GDPR Article 6(1)(a)).

Note: The specific data processing practices of social media platforms must be viewed in the privacy policy of the respective platform.

6. Scope of processed data

6.1. Types of personal data

Identification data: name, username, password (encrypted).

Contact data: email address, phone number, address.

Technical data: IP address, browser type, cookies, login time.

Billing data: billing name, address, tax number (for companies).

6.2. Method and duration of data storage

In electronic form on protected servers, secured with passwords and other security solutions.

On paper at the registered office, in a locked area.

Storage period: until the legal obligations and the purpose of data processing are fulfilled, or until consent is withdrawn. Thereafter, the data will be deleted or anonymized.

7. Rights of data subjects

7.1. Right to information

The data subject has the right to request information about the purpose, legal basis, source, and duration of the processing of their personal data, as well as who has access to it.

7.2. Right to rectification

If the data subject believes that their processed personal data is inaccurate or incomplete, they may request its rectification or completion.

7.3. Right to erasure (“right to be forgotten”)

The data subject may request the erasure of their personal data if the data is no longer needed for its original purpose, or if the data subject withdraws their consent and there is no other legal basis for the processing.

7.4. Right to data portability

The data subject has the right to receive the personal data provided by them in a structured, commonly used and machine-readable format, and may request the transmission of this data to another data controller.

7.5. Right to object

The data subject may object at any time to the processing of their personal data if the legal basis for processing is the legitimate interest of the Data Controller.

The data subject specifically has the right to object to the processing of personal data for direct marketing purposes.

8. Data security

8.1. Protection of electronic data

Multi-level authorization system.

Regular backups.

Virus protection and firewall usage.

8.2. Technical and organisational measures

Use of a closed office network and secure Wi-Fi.

Storage of paper-based documents in locked cabinets.

Regular data protection training for employees and data processors.

9. Personal data breach management

9.1. Notification of a breach to the authorities (72-hour rule)

In the event of a personal data breach, the Data Controller shall, without undue delay and, where feasible, not later than 72 hours, notify the personal data breach to the National Authority for Data Protection and Freedom of Information (NAIH), unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

9.2. Communication to the data subjects in case of high risk

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject without undue delay, describing the nature of the breach and the measures taken.

10. Data processors and third parties

10.1. Hosting provider

Name: Vitarex Stúdió Kft.

Registered office: 1016 Budapest, Aladár u. 17. Fsz. 1.

Contact details: vitarex@vitarex.hu, (+36-1) 466-7404

Data processing activity: web server operation, technical maintenance. It processes personal data only based on the instructions of the Data Controller.

10.2. Accountant and other partners

The Data Controller may use an accountant, courier service, marketing agency, and other partners to process personal data.

Accountant: Tímea Kucsikné Keve / SzámVilág Könyvelő, Adótanácsadó és Szolgáltató Kft. Activity: accounting, payroll, tax-related tasks.

The Data Controller always concludes a written contract with these partners (data processors) in compliance with GDPR requirements. The contracts stipulate that the partners may only process data based on the instructions of the Data Controller, for the specified purpose, and for the necessary duration.

10.3. Technical and security services

Our website uses Cloudflare services to enhance website security, protect against attacks, and serve content more quickly.

Service provider: Cloudflare, Inc.

Registered office: 101 Townsend St., San Francisco, CA 94107, USA

During the operation of Cloudflare, certain data of website visitors is routed through Cloudflare’s servers, specifically:

IP address,

browser and device information,

traffic and log data related to the use of the website,

technical data related to security events.

Purpose of data processing:

maintaining website security,

filtering out malicious traffic,

ensuring service availability,

optimizing website performance.

Cloudflare may also use its own cookies to ensure the proper functioning of its security features (e.g., bot protection, load balancing). Detailed information regarding Cloudflare’s data processing can be found at the following link: Cloudflare Privacy Policy

11. Use of cookies

11.1. Purpose and types of cookies

Session cookies: essential for the functioning of the website, they are deleted when the browser is closed.

Functional cookies: enhance user convenience, for example by remembering login details or the selected language.

Analytical cookies (e.g., Google Analytics): serve statistical purposes, helping to understand user behavior and improve website functionality.

Marketing cookies: support the display of relevant advertisements and the measurement of advertising effectiveness.

11.2. Managing user settings

Users can control cookie management in their browser settings, allowing them to disable or delete them.

When modifying cookie settings, some functions of the website may not work properly.

During the first visit to the website, there is an option to accept or reject non-essential (e.g., marketing) cookies via a pop-up window.

12. Legal remedies for data subjects

12.1. Lodging a complaint with the National Authority for Data Protection and Freedom of Information (NAIH)

If the data subject believes that the processing of their personal data violates applicable laws, they may lodge a complaint with the National Authority for Data Protection and Freedom of Information:

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 (1) 391-1400

Email: ugyfelszolgalat@naih.hu

12.2. Right to an effective judicial remedy

In case of violation of their rights, the data subject may turn to court. The lawsuit may be initiated – at the choice of the data subject – before the regional court competent for their place of residence or stay.

13. Applicable laws underlying data processing

13.1. GDPR (Regulation (EU) 2016/679)

Regulation (EU) 2016/679 of the European Parliament and of the Council, which aims to protect natural persons with regard to the processing of personal data and on the free movement of such data within the EU.

13.2. Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information

The Hungarian data protection act, which regulates the domestic principles and limitations of personal data processing.

13.3. Other relevant Hungarian legislation

Act on Accounting.

Act on the Civil Code (Ptk.).

Act on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

14. Final provisions

14.1. Scope and modification of the privacy policy

This Policy is effective from June 3, 2026.

The Data Controller reserves the right to unilaterally modify this Policy, especially to take into account legislative changes, the introduction of new data processing activities, or recommendations from the supervisory authority.

Modifications will be published on the website, and upon their entry into force, data subjects accept the new rules by continuing to use the services.

Dated: Dunakeszi, June 3, 2026.

© 2026 Pro ACDC Kft. | Privacy Policy

created by:

A weboldal fejlesztője a Vitarex Stúdió Kft.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by