DATA PROCESSING POLICY (This privacy policy is based on Hungarian law and applicable EU regulations)
I.
General information
The purpose of this Privacy Policy is to set out the data management and data protection procedures applied by the data controller, which, as the data controller (hereinafter: Data Controller), it observes in the course of its activities, paying particular attention to the protection and preservation of personal data, as well as to secure and fair data processing.
Data Controller details:
Company name: SPEDEMEX Korlátolt Felelősségű Társaság
Company registration number: 09-09-022565
Registered address: 4224 Hajdúböszörmény-Bodaszőlő, Zelemér utca 161.
Tax number: 23808902-2-09
The following legislation applies to this Privacy Policy:
Act CVIII of 2001 on certain issues of electronic commerce services and information society services;
Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities;
Act CXII of 2011 on the right to informational self-determination and freedom of information;
Act V of 2013 on the Civil Code;
Regulation (EU) 2016/679 (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
The Data Controller undertakes a unilateral obligation to comply with this Privacy Policy. However, the Data Controller reserves the right to amend the Privacy Policy, and also undertakes a unilateral obligation to publish any such amendments in an appropriate manner.
II.
Definitions and legal interpretations used in this Policy:
Data subject: any identified or – directly or indirectly – identifiable natural person on the basis of specific personal data.
Personal data: any information relating to the data subject.
This includes, in particular, the data subject’s name, identification data, and information relating to one or more aspects of their physical, physiological, mental, economic, cultural or social identity.
This also includes any conclusion relating to the data subject that may be drawn from the data.
Special categories of personal data: personal data revealing racial origin, nationality, political opinions or party affiliation.
This includes personal data relating to religious or other philosophical beliefs, membership of an interest representation body or organisation, and a person’s sex life.
Special categories of personal data also include personal data concerning health or addiction, as well as personal data relating to criminal matters.
Consent: a voluntary and unambiguous expression of the data subject's will, based on adequate information, by which the data subject gives their unequivocal agreement to the processing of personal data relating to them – whether in full or for specific operations.
Objection: a declaration by the data subject objecting to the processing of their personal data and requesting the termination of such processing or the erasure of the processed data.
Data Controller: the natural or legal person, or organisation without legal personality, who or which, alone or jointly with others, determines the purposes of data processing, makes and implements decisions regarding data processing (including the means used), or has such decisions implemented by the Data Processor.
Data processing: any operation or set of operations performed on data, regardless of the procedure applied, including in particular collection, recording, registration, organisation, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, restriction, erasure and destruction, as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identification.
Data transfer: making data accessible to a specific third party.
Disclosure: making data accessible to anyone.
Data erasure: rendering data unrecognisable in such a way that it can no longer be restored.
Data blocking: marking data with an identification tag in order to permanently restrict its further processing or restrict it for a specified period of time.
Data marking: the labelling of data with an identifying marker for the purpose of distinguishing it.
Data processing (technical): the performance of technical tasks related to data processing operations, regardless of the method and means used to carry out the operations and the location of application, provided that the technical task is performed on the data.
Data destruction: the complete physical destruction of the data carrier containing the data.
English: Data processor: a natural or legal person, or an organisation without legal personality, who or which processes data on the basis of a contract — including a contract concluded on the basis of a statutory provision.
Data set: the totality of data processed within a single register.
Third party: a natural or legal person, or organisation without legal personality, who or which is not identical to the data subject, the data controller or the data processor.
EEA state: a member state of the European Union and any other state party to the Agreement on the European Economic Area, as well as any state whose nationals enjoy the same status as nationals of a state party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its member states and a state not party to the Agreement on the European Economic Area.
Third country: any state that is not an EEA state.
Personal data breach: the unlawful processing or handling of personal data, including in particular unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction and damage.
III.
Legal bases for data processing
In the course of its activities, the processing of personal data by the Data Controller must in all cases be based on law or voluntary consent.
Personal data may only be processed for a specified purpose, in order to exercise a right or fulfil an obligation. At every stage of processing, it must be consistent with the purpose of processing, and the collection and handling of data must be fair and lawful.
Only personal data that is essential for the fulfilment of the purpose of processing and is suitable for achieving that purpose may be processed.
Personal data may only be processed to the extent and for the duration necessary for the fulfilment of the purpose.
Personal data may be transferred, and different processing locations may be linked, only if the data subject consents or the law permits it, and all other conditions for processing the personal data are met.
Personal data may be transferred from Hungary to a data controller or processor located in a third country only if the data subject has explicitly consented, or the law permits it, and the processing and handling of the transferred data in the third country is adequately ensured, including its protection.
In the case of mandatory data processing, the purpose, conditions, scope and accessibility of the data to be processed, the duration of processing, and the identity of the data controller shall be determined by the law or municipal regulation ordering the processing.
The law may, in the public interest and with explicit specification of the scope of data, order the disclosure of personal data. In all other cases, the consent of the data subject is required for disclosure, and in the case of special data, written consent is required. In case of doubt, it shall be presumed that the data subject has not given consent.
The consent of the data subject shall be deemed to have been given with regard to data disclosed in the course of the data subject's public activities or provided by them for the purpose of publication.
The data subject may also give their consent within the framework of a written contract concluded with the Data Controller, for the purpose of fulfilling the terms of the contract. The contract must unambiguously state that by signing, the data subject has consented to the processing of their data as specified in the contract.
IV.
Scope of personal data processed and method of recording
In connection with its activities falling within the scope of this Privacy Policy, the following personal data are processed:
Last name and first name
Date, place and time of birth
Mother's maiden name
Email address
Personal data may only be recorded after the Data Controller has made this Privacy Policy, which serves as the basis for data processing, available to the data subject, and the data subject has explicitly acknowledged it.
The data recording process is controlled by the data subject themselves; if the data subject interrupts the recording process, whether explicitly or by implied conduct, the Data Controller is obliged to discontinue the recording and delete all personal data provided up to that point without exception.
The Data Controller may not use the personal data provided for purposes other than those set out in this Privacy Policy. Personal data may only be disclosed to third parties or authorities with the prior, explicit consent of the data subject, unless the law provides otherwise.
The Data Controller does not verify the personal data provided to it – the person providing the data is solely responsible for their accuracy.
When providing their email address, the data subject accepts responsibility for ensuring that only they use the service from the provided email address.
The Data Controller is not obliged to verify that the email address provided actually belongs to the data subject who provided it – and is therefore entitled to presume that the processing of the personal data provided is lawful.
V.
Modification and erasure of data, duration of processing
The data subject may at any time request information about the data processed by the Data Controller, the time of recording, the scope of the data processed, and the method of recording.
The data subject may at any time, free of charge and without justification or restriction, request the rectification of their data or the erasure thereof from the Controller's database at the following contact details:
Data protection officer (name): Jámborné Szanyi Mónika
Postal address: 4224 Hajdúböszörmény-Bodaszőlő Zelemér utca 161.
E-mail cím: info@transflowers.com
Phone: +36 70 604 04 10
The processing of personal data provided during recording begins at the time of recording and continues until its erasure or until another point in time specified by law.
VI.
Rights of data subjects
Upon request by the data subject, the Data Controller is obliged to provide information about the data it processes, the purpose, legal basis and duration of processing, the name and address of the data processor and its activities related to processing, as well as who has received the data since its recording and for what purpose. The Data Controller must provide this information in writing, free of charge, within a maximum of 20 days from the submission of the request.
The Data Controller is obliged to rectify any inaccurate personal data upon notification by the data subject. The Data Controller shall notify the data subject and all those to whom the data was previously transferred for processing purposes. Notification may be omitted if this does not prejudice the legitimate interests of the data subject having regard to the purpose of processing.
The Data Controller is obliged to erase personal data if its processing is unlawful, the data subject requests erasure, or the data is incomplete or inaccurate and this cannot be lawfully corrected.
The Data Controller shall also erase data if the purpose of processing has ceased, the legally defined storage period has expired, or erasure has been ordered by a court or the data protection commissioner.
The data subject has the right to object to the processing of their personal data if such processing or transfer is solely necessary for the enforcement of the rights or legitimate interests of the Data Controller or a data recipient; ex
The Data Controller – while simultaneously suspending the processing – is obliged to examine the objection within the shortest possible time from the submission of the request, but no later than 15 days, and to inform the applicant in writing of the outcome. If the data subject's objection is well-founded, the Data Controller is obliged to terminate the processing, restrict the data, and notify all those to whom the personal data was previously transferred.
In the event of an infringement of the data subject's rights, a complaint may be lodged against the Data Controller with a court or the data protection authority, the details of which are as follows:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Phone: +36 – 1 – 391-1400
Fax: 06 – 1- 391-1410
E-mail: ugyfelszolgalat@naih.hu
Web: www.naih.hu
VII.
Data security
The Data Controller is obliged to ensure the security of data throughout the processing process, and is also obliged to take all organisational and technical measures necessary for the secure storage of data.
Data must be protected by appropriate technical means against unauthorised access, alteration, unauthorised transfer, unauthorised disclosure, erasure or destruction, as well as accidental destruction and damage and the resulting inaccessibility. Technical protective measures must be applied that – unless permitted by law – cannot be directly linked to or attributed to the data subject.
VIII.
Personal data breach
The Data Controller is obliged to maintain a record of personal data breaches for the purposes of managing and monitoring such breaches and informing the data subject.
The register must contain the scope of personal data affected, the scope and number of individuals affected by the breach, the time of the breach, its direct and indirect effects, and the measures taken to remedy it.
Upon request by the data subject, the Data Controller is obliged to provide information on this matter.
Upon detection of a breach, the Data Controller is obliged to notify the supervisory authority of the breach within 72 hours, unless the circumstances of the personal data breach make it unlikely to result in a risk to the rights of natural persons.
IX.
Final provisions
This Privacy Policy enters into force by order of the company's managing director and becomes effective upon publication on the company's website.
Budapest, 2026. january 05.
Managing director
s.k.
The Controller uses so-called cookies when visiting the website. A cookie is a package of information consisting of letters and numbers, which our website sends to your browser in order to save certain settings, facilitate the use of our website and assist in providing some relevant,
we collect statistical information about our visitors.
Some cookies do not contain personal information and are not capable of identifying an individual user, however some of them contain a unique identifier — a secret, randomly generated string of numbers — which is stored on your device, thereby also ensuring your identifiability. The operation of individual cookies
duration is contained in the relevant description of each cookie.
We distinguish between three basic types of cookies: essential cookies, which serve the proper functioning of the Website, cookies for statistical purposes and cookies for marketing purposes.
The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation in the case of statistical and marketing cookies, and the legitimate interest necessary to ensure the functioning of the Website pursuant to Article 6(1)(f) of the Regulation in the case of essential cookies.
If you do not accept the use of these cookies, certain functions may not be available to you.
Strictly necessary cookies: These cookies are essential for the use of the website and enable the use of the basic functions of the website. Without them, many functions of the site will not be available to you. The lifetime of this type of cookie is limited exclusively to the duration of the session.
Session cookie:Session cookie: These cookies store the visitor's location, the browser language and the payment currency; their lifetime is until the browser is closed or a maximum of 2 hours.
Age-restricted content cookie: These cookies record the fact that age-restricted content has been approved and that the data subject is over 18 years of age; their lifetime lasts until the b…These cookies record the fact that age-restricted content has been approved and that the data subject is over 18 years of age; their lifetime lasts until the browser is closed.
Recommended products cookie: Records the list of products to be recommended via the "recommend to a friend" function. Lifespan: 60 days.
Mobile version, design cookie: Detects the visitor's device and switches to full view on mobile. Lifespan: 365 days.
Cookie acceptance cookie: Records the acceptance of the cookie storage notice displayed in the warning window upon arrival on the site. Lifespan: 365 days.
Logout #2 cookie: According to option #2, the system logs the visitor out after 90 days. Lifespan: 90 days.
Backend identifier cookie: The identifier of the backend server serving the site. Lifespan: until the browser is closed.
Employee_login_last_email Stores the email address at login until the browser is closed.
Ealrm, ealem, ealpw — Enables persistent login. Lifespan: 180 days. Permanens beléptetést biztosít. Élettartama 180 nap.
Come_from Handles login redirection. Lifespan: 10 minutes.
Currency Stores the customer's currency preference. Lifespan: 30 days.
Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and application owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and produce statistical reports on website usage without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reports based on website usage statistics, Google Analytics – together with some of the advertising cookies described above – can also be used to display more relevant advertisements in Google products (such as Google Search) and across the internet.
Cookies for improving user experienceThese cookies collect information about how the user uses the website, for example which pages they visit most frequently or what error messages they receive from the website. These cookies do not collect information that identifies the visitor — they work entirely with general, anonymous data. The data obtained from them is used to improve the performance of the website. The lifespan of this type of cookie is limited to the duration of the session only.
Referer cookiesRecords which external site the visitor arrived from. Lifespan: until the browser is closed.
Utoljára megtekintett termék cookie: Rögzíti a termékeket, amiket utoljára megtekintett a látogató. Élettartamuk 60 nap.
Last viewed category cookie: Records the last viewed category. Lifespan: 60 days.
Shopping cart cookie: Records the products added to the cart. Lifespan: 365 days.
Smart recommendation cookie: Records the conditions for displaying smart recommendations (e.g. whether the visitor has been to the site before, whether they have an order). Lifespan: 30 days.
Google Adwords cookie When someone visits our site, the visitor's cookie identifier is added to the remarketing list. Google uses cookies – such as NID and SID cookies – to customise advertisements shown in Google products, such as Google Search. These cookies are used, for example, to remember your most recent searches,
your previous interactions with individual advertisers' ads or search results, and your visits to advertisers' websites. The AdWords conversion tracking function uses cookies. To track sales and other conversions resulting from advertisements, cookies are saved to the user's computer when that person clicks on an advertisement. Some common uses of cookies include: selecting advertisements based on what is relevant to a given user, improving reports on campaign performance, and avoiding
showing advertisements the user has already viewed.
Remarketing cookies: These may appear to previous visitors or users when browsing other websites on the Google Display Network, or when searching for terms related to its products or services.
predictionio User identification cookie for recommending personalised advertisements. Lifespan: 3 months.
Facebook pixel (Facebook cookie) The Facebook pixel is a piece of code that allows conversion reports to be generated on the website, audiences to be built, and the site owner to receive detailed analytical data about visitors' use of the website. Using the Facebook pixel, personalised offers and advertisements can be displayed to website visitors on the Facebook platform. You can review Facebook's privacy policy here: https://www.facebook.com/privacy/explanation
For more information on how to delete cookies, please visit the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies