Privacy policy


The purpose of this Policy is to register the HighEnd Fashion Limited Liability Company (registered office: 1102 Budapest, Szent László tér 24., I.em., 1. ajtó, company registration number: 01-09-191701, registration authority: Fővárosi Bíróság mint Cégbíróság, tax number: 24958718-2-42) and data management principles and the Company's data protection and data management policy.
Info TV. , the HighEnd Fashion Ltd. (hereafter referred to as the "Data Controller") website (hereinafter referred to as the "Website") is the web site visitor, the website registrant and the buyer (by name, billing and delivery address, telephone number, e-mail address, tax number) can be transmitted for processing by IT Hosting Kft. (headquarters: 1182 Budapest, Üllői út 563, registration number: 01 09 289171, registration authority: BudapestiTörvényszék Cégbírósága , tax number: 25788903-2-43) as a hosting provider, data processor (hereinafter referred to as Service Provider).
The purpose of this Code is to ensure that any person regardless of their nationality or place of residence ensures that the processing of personal data (data protection) respects their freedoms, in particular their right to privacy.



"Data Processor" means any natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller;
Data processing means the collection or recording of any operation or operations carried out in an automated or non-automated manner on personal data or data files, such as collecting, capturing, rendering, compiling, storing, modifying or modifying, querying, inspecting, using, communicating, transmitting, distributing or otherwise disclosure, coordination or interconnection, restriction, deletion or destruction;
Data Manager: a natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by Union or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law;
Privacy incident: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;
Contribution of the person concerned: a voluntary, concrete and appropriate and informed and clear statement of the will of the person concerned by indicating his / her statement or by expressing his / her unambiguous means of affirmation of his consent to the processing of personal data concerning him;
Restricting data management: designating stored personal data to limit their future management;
Denomination: the handling of personal data in a way that, without the use of additional information, no longer identifies the specific natural person of the personal data provided that such additional information is stored separately and provided with technical and organizational measures, that this personal data can not be linked to identified or identifiable natural persons;
User: any natural person identified on the basis of personal data provided in the subscription to the newsletter, who uses the service.
GDPR (General Data Protection Regulation) is the new EU Privacy Policy;
Third Party: a natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the data processor, or persons authorized to manage personal data under the direct control of the data controller or data processor;
Registry system: personalized data, in any way, centralized, decentralized or functional or geographic, which is accessible on the basis of defined criteria;
Personal data: any information relating to an identified or identifiable natural person (s) concerned; a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified;
Service: offers services to users in the form of newsletters.



3.1. The web content contained in the web site (hereinafter referred to as "the Website") will be based on the Relevant Relevant Disclosure Statement of the Affected Person, which includes the express consent of the Affected Person in order to use the Web Site their personal data are used.
Data management
• In the case of online product sales, the contributor concerned is Info. TV. Article 5 (1) (a) of the GDPR and Article 6 (1) (a) GDPR and the performance of a contract pursuant to Article 6 (1) (b) GDPR;
• the fulfillment of a legal obligation to document the purchase and payment, fulfillment of the accounting obligation, and the execution of the invoice declaration and payment are Article 6 (1) (c) of the GDPR and the Accounts. TV. Article 169 (2) and VAT Act. Pursuant to § 169;
• the consent of the person concerned as a customer identifying and communicating with the customer and the performance of the ordered product (or service). TV. Article 5 (1) (a), Article 6 (1) (a) GDPR and performance of contract under Article 6 (1) (b) GDPR;
• In the case of filtering off suspicious transactions online, a legitimate interest is based on Article 6 (1) (f) GDPR.
Your consent to the use of the Site by registering, or voluntarily providing the information in question, is affected by each Affiliation.
3.2. The purpose of data management is to ensure the provision of services available on the Website. The Service Provider and the Data Controller provide the data provided by the Affected subject only to the execution of the order, to the delivery of the house, to allow invoicing, to contact, or to the Affected Subscription Newsletter, to send a newsletter and the conditions of the contract that may be concluded.
3.3. The data that are automatically recorded will be used for statistics generation, technical development of the IT system, and protection of the rights of the interested parties.
3.4. The Service Provider and the Data Controller may not use or use the personal data provided for purposes other than those set out in these points. Issuance of personal data to a third party or authorities may, unless expressly provided for by law, be subject to prior consent by the Participant.
3.5. The Service Provider and the Data Controller do not check the personal details that he / she has provided. The correctness of the data given is solely the responsibility of the person giving it. When you contact any of your Affected Email addresses, you are responsible for solely using the provided e-mail address. With respect to this responsibility, any liability associated with an entry in a given e-mail address shall be borne exclusively by the person who has registered the e-mail address.
3.6. Changing or deleting data can be initiated by email or by mail with the specified contact details. Data is deleted when the consent for data management is withdrawn. The user may at any time withdraw his consent to the processing of the data by sending a mail to the contact email address (


4.1. Pending completion of the contract, unless the person concerned has withdrawn its consent, the Data Manager shall, after the date of purchase, 6:22. § 5 years after cancellation. If the data is processed by the Data Controller. TV. , the data will be cleared by the Data Manager, irrespective of the consent of the User, 8 years after the user account has been terminated.
4.2. Logged data will be stored for 12 months after the date of the log, except for the last visit date, which is automatically overwritten.
4.3. In the case of a newsletter, personal data will be processed from the newsletter by unsubscribe as specified in point 7.

5.1. Data is primarily the data handler and the internal staff of the Service Provider or the Service Provider, but they are not disclosed to third parties. Data storage is done electronically.
5.2. The operation of the underlying IT system, the fulfillment of the orders, and the settling of the settlement may be carried out by the Service Provider's data processor (eg system operator, carrier company, accountant).


Data is forwarded to the following parties:
• Barion Payment Zrt., 1117 Budapest, Infopark Promenade 1.
• Hungarian Post Zrt .- MPL, 1138 Budapest, Dunvirág u. 2-6.
• Octonull Ltd., 1085 Budapest, József körút 74th I. em. 6th
• PayPal Inc., 1085 Budapest, József körút 74. I em. 6th
• Google LLC (1600 Amphitheater Parkway Mountain View CA 94043)
• Google Analytics, Google Adwords (headquarters: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA)
• Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland)
The Data Manager shall provide data in the case of an indefinite service contract until the termination of the contract.
In order to issue an electronic invoice, the Data Controller shall transmit the data provided by the Customer to the Octonull Kft. The purpose of the data transfer is to issue a electronic invoice invoice to the Affected person, which the Data Controller sends electronically to the address given by the Customer. The Data Controller shall transmit the data relating to the electronic fee invoices up to the termination of the contract until the obligation of legal certifying the data.
5.3. The Data Controller and the Service Provider shall treat the personal data of the Users in a manner which can be traced and in accordance with the law. In addition, personal data will be transmitted to third parties solely and solely upon the consent of the Affected Person and will only be disclosed for official requests.


6.1. Register. During registration, you must be required to provide the following personal information:
• User,
• your own email address,
• Password
• billing address (billing name, street name, house number, settlement, postal code),
• delivery address (delivery name, street name, house number, town, postal code),
• phone
You can buy the User on the Data Manager's Website without registration.
6.2. Technical details
Technically recorded data during the operation of the system: the data of the affected Login computer generated during the use of the service and recorded by the Service Provider as an automatic result of the technical processes. The data that will be automatically recorded will be automatically logged on entry or exit, without the specific statement or action of the Person. These data can not be linked to other personal user information, except in cases that are legally binding. Data may only be accessed by the Service Provider and the Data Controller.
6.3. cookie
Visits to the Website will send one or more cookies - a small file containing a string of characters - to the visitor's computer, which will allow its browser to be uniquely identified. These cookies are provided by Google and are used through Google Adwords. These cookies will only be sent to the visitor's computer by visiting some sub-pages, so in these we only store the fact and the time of visiting that sub-page, not any other information.
The use of these cookies is as follows: External service providers, including Google, are stored by these cookies if the Affiliate has previously visited the Website to display ads to the Affiliate for external service providers, including Google - on the websites of its partners. You can disable your Google cookies on the Affected Google ads page. (You can also indicate to the Subject that you can also block external service provider cookies from the Network Advertising Initiative opt-out page.)
Once blocked, they will not receive personalized bids from the Service Provider.


Cookies Applied:Cookies Applied:

• Session Cookie: session cookies will be automatically deleted after you visit the Affected Person. These cookies are designed to help the Service Provider's Web site work more efficiently and safely, so it is essential that some features of the Web site or some applications work properly.

• Persistent cookies: Constant cookies are also used by the Service Provider for a better user experience (eg providing optimized navigation). These cookies are stored for longer in the browser cookie file. The duration depends on the setting applied by your affected web browser.

• A password-protected session cookie.

• Shopping basket cookie.

• Security cookie.External servers help you independently measure and audit web page visitor and other webanalytic data (Google Analytics). The Data Manager can provide detailed information about the handling of the measurement data to the affected party.They can be reached at you do not want Google Analytics to measure the above data for the purpose and purpose described, install the blocking plugin in your browser.The "Help" feature in most of the browser's menubar provides you with information about your browser

• how to disable cookies,

• how to accept new cookies or

• How to instruct your browser to set a new cookie or

• how to turn off other cookies. 6.4. General data management related to online orderingThe Service Provider reserves the right to inform Info. the personal identification number of the natural person receiving the product in the shop during the personal receipt of the goods shall be recorded in the Accounts. Info. TV. , the consent may be granted, in writing, by oral, written and incidental (surrender of the document). The purpose of this data management is to protect the buyer's interest in ownership. Info. TV. the User may request the Data Manager to delete his / her personal data recorded in this section.6.5. With newsletter, personalized newsletter, passport mail handlingAt, you can subscribe to a personalized newsletter. The user subscribing to the newsletter regarding the use of this opportunity will hand over the personal data of the Service Provider and the Data Controller through the voluntary data service:

• Name

• E-mail address

• Phone

• Title

• Website behavioral behaviors

• Bulletin Read Behavior Behaviors

• Shopping habitsThe web site operator declares that the information and descriptions that he publishes fully comply with the relevant legal provisions. You also acknowledge that when you sign up for a newsletter, you are not able to verify the authenticity of your contact information and also determine that the information you provide relates to a private individual or business. The purpose of data management is to provide additional services; online product sales; Documentation of purchase and payment; fulfillment of the accounting obligation; identifying and contacting the User as Buyer; fulfillment of the ordered product (s), account statement; the possibility of making payment, and the filtering of suspicious transactions during online payment. The User may unsubscribe from the newsletter at any time without any consequences.You may expressly and expressly consent to the advertiser's promotional offers, information and other items at the e-mail address given at the time of subscription. As a result, the user may agree to provide the provider with the necessary personal information for that purpose.


If the user wants to receive a newsletter, he or she must provide the required information. If the data is not provided, the user is not entitled to receive a newsletter.
The data processing takes place until the consent is withdrawn. Your consent to data handling can be withdrawn by the user at any time by email sent to the contact email address.
You can also cancel your contribution based on the link in the posted newsletters.
6.6. complaint Handling
Complaint handling is the data handler's activity during which the circumstances of the complaint to are investigated and accurately documented in order to provide the Data Manager with the requests and observations that are related to the data manager's activities. The communication is archived, so in any ex-post question or dispute the information is available in its original form and, if necessary, in connection with the case, the Data Manager can contact the User.

Personal information provided during complaint handling:
• the user's name, address,
• the place, time, manner of submitting the complaint,
• a detailed description of the User's complaint, a list of documents, documents and other evidence presented by the User,
• the Data Controller's statement regarding the user's complaint, if the complaint can be immediately investigated,
• the person who signs the record and the signature of the User (unless the complaint is filed by email or telephone)
• the place, time,
• the unique identification number of the complaint.

The Data Controller shall keep the minutes and the copy of the response to the complaint for five years and present it to the control authorities upon request
If the data is processed by the Data Controller. TV. the Data Manager shall only disclose the data, irrespective of the person concerned, 8 years after the complaint has been filed.
The legal basis for managing the data processed in the complaint handling operation is the contributor concerned, Info. TV. Article 5 (1) (a) of the GDPR, Article 6 (1) (a) of the GDPR, and performance of a contract pursuant to Article 6 (1) (b) GDPR, (c) and Fgy. TV. 17 / A.

6.7. Facebook
Users can send comments and messages to the Data Handler via Facebook ( A data processor providing a service to the Data Controller or the Data Controller can answer questions and comments if necessary. (Facebook is not the official forum for dealing with consumer complaints.)
Unless the consent of the person concerned is withdrawn, the data shall not be disclosed by the Data Controller after the date of communication, 6:22. § 5 years after cancellation.
The Facebook Data Collection is the contributor concerned by Info. TV. Article 5 (1) (a) is based on Article 6 (1) (a) of the GDPR.

6.8. The Web site contains simple links to Facebook, Twitter, Pinterest Share, Google Bookmarks. In such a case, only the data will be transmitted to these social media operators by clicking on that icon (eg, the Facebook icon on the "f" icon). When you click on that icon, the social media user's page opens in the popup window. On these pages, you may post information about our products in accordance with the rules of the respective social media operator.



7.1. The Data Manager pays particular attention to the legitimacy of the use of the e-mail addresses he handles, so use them only as specified below (for information or advertising) to send an e-mail.
7.2. Managing e-mail addresses primarily serves to identify the Customer, to execute orders, to access the Services, so that e-mails are sent primarily for this purpose.

7.3. In the case of changes to the Services provided by the Data Controller or changes to the General Terms and Conditions and other similar services of the Data Controller, the Data Handler shall, in certain cases, send it to the Users in electronic form by e-mail. However, such notifications are not used by the Data Manager for advertising purposes.
7.4. Newsletter
Mails containing advertising or advertising (newsletter) to e-mail addresses given during the registration will only be sent by the Data Manager with the express consent of the Person, in the cases and in the manner prescribed by law. The newsletter contains direct marketing elements and promotional items. The Data Handler manages the information provided by the Person during the use of the newsletter.
In the case of a newsletter, the Data Manager will handle the information provided during the subscription to the Relevant Newsletter until the Relevant has subscribed to the newsletter by clicking the "Unsubscribe" button at the bottom of the newsletter or requesting it to be removed from the subscribers list by e-mail or by post. If you do not opt ​​out, the Data Manager will not contact you with any additional newsletters or offers. You can unsubscribe at any time from the newsletter and revoke your consent. Registered users can sign up for their newsletter at any time and free of charge on their personal site.
7.5. Personalized newsletter
The Data Manager may also use the personal information of the users to send them personal offers in the form of newsletters. In the personalized newsletter, Data Handler examines previous purchases of registered and subscribed users, and can also send personalized newsletters to users on the basis of the survey and results.
To unsubscribe from a personalized newsletter, see 7.4. shall apply. If the Affected User is opted out of the Data Handler's newsletter, you will not receive a personalized newsletter anymore.


Persons under the age of 16 can not provide personal data, unless they have been asked for permission from a parent who has parental responsibility. By declaring your personal data to the Data Controller and guaranteeing that you are doing so, your ability to act on the provision of information is not limited.
If you are not legally entitled to provide any personal data, you are required to obtain the consent of the third parties concerned (eg, legal representative, guardian, other person, such as a consumer, acting on behalf of you) or provide a different legal basis for the disclosure. In this context, he or she must either consider whether or not a third party's consent is required in relation to the provision of the personal data concerned. The Data Handler may be contacted with you personally, so you are required to comply with this clause and you will not be liable to the Data Handler in this context. Regardless of this, the Data Controller is always entitled to check whether the appropriate legal basis for handling a personal data is available. For example, if you are acting on behalf of a third party, such as a consumer, we have the right to request your consent and / or the relevant data management consent of the person concerned for the particular case.
The Data Handler will do its utmost to delete any personal data that has been unlawfully made available to you. The Data Controller ensures that, if this is known to you, this personal data is not transmitted to any other person or used by the Data Handler.



The Data Controller must ensure the security of the data, take technical and organizational measures and establish the procedural rules that ensure that the stored or managed data are protected or prevent their destruction, unauthorized use and unauthorized alteration. It also calls on third parties whose data have been transmitted to be required to comply with the requirement of data security.
The Data Handler shall ensure that unauthorized persons have access to, disclose, transmit, transmit, and modify or delete them.
The Data Manager shall do its utmost to ensure that the data are not damaged or destroyed. The above commitment is also provided by the Data Controller to the employees of his or her data management activity or to the data processors acting on behalf of the Data Controller.
Data management computer systems and other data retention locations can be found on the Servers' servers.
In order to prevent unauthorized persons from accessing your data, the Data Controller secures personal data as follows and prevents unauthorized access: access to the server and computers is password protected.


Privacy incident: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.
If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller informs the data subject of the privacy incident without undue delay, in a clear and unambiguous manner.
The person concerned shall not be informed if any of the following conditions are met:
(a) the data controller has implemented adequate technical and organizational protection measures and applies those measures to the data covered by the data protection incident, in particular the measures, such as the use of encryption, which are unintelligible to unauthorized persons make the data;
(b) after the data protection incident, the data controller has taken further measures to ensure that the high risk for the rights and freedoms of the person concerned is no longer likely to be realized;
(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.
The data protection incident shall be reported to the supervisory authority under Article 55 without undue delay and, if possible, no later than 72 hours after the data protection incident becomes known, unless the data protection incident is unlikely to pose a risk to the rights of natural persons and freedom. If the notification is not filed within 72 hours, the reasons for proving the delay must also be enclosed.



11.1. You may at any time be required to disclose information about personal data handled by the Service Provider and the Data Controller and may change them at any time in the manner specified in the GTC.
11.2. The Service Provider and the Data Controller shall provide information on the data that he or she handles to him, to the data processed by him or to the data processor entrusted by him or to the data processor, the source, the purpose, legal basis, duration of the data processing and the data processor's name, address and data management its activities, the circumstances of the privacy incident, its effects and the measures taken to remedy it, and, in the case of transmission of the personal data of the Person concerned, the legal basis and the addressee of the transfer. The Data Manager shall provide the requested information in writing within 30 days of the submission of the request.
The Data Controller maintains a register of data protection incidents and information about the Affected Person, including the Relevant Personal Data, the Data Protection Incident, the scope and number of Affected Persons, the Date, Conditions, Effects and Remedies of Data Protection Incident, and Data Management other statutory provisions.
11.3. You can exercise the rights of the Affiliate at the following contact details:
Correspondence address: HighEnd Fashion Ltd. 1044 Budapest, Fiumei út 16., A ép., Fsz 2.
Customer Service: + 36-20-386 5633;
Privacy Officer: Lóránt Ménesi, + 36-20-386 5633;
11.4. You may at any time have the right to correct or erase incorrectly recorded data. Some of your information may be corrected by the Affected Website; In other cases, the Data Handler will delete the data within 3 business days of receipt of the request, in which case they will not be recovered. The deletion does not apply to data processing required by law (eg accounting rules), which the Service Provider maintains for the required period of time.
In the case of any of the following reasons, the data subject shall have the right, at his request, to delete the personal data relating to him without undue delay:

• personal data is no longer needed for the purpose for which they were collected or otherwise treated;
• the party concerned withdraws the consent of the data controller and has no other legal basis for data handling;
• the person concerned objects to the data handling and there is no prior legitimate reason for data handling or if data management is related to direct business acquisition;
• personal data has been unlawfully handled;
• the personal data should be deleted in order to comply with the legal obligation imposed on the controller in the Union or Member States' law;
• the collection of personal data has been linked to the provision of information society services.
The data controller will inform the data subject electronically of the deletion of any personal data provided by the data subject by virtue of Article 19 of the GDPR. If the concerned request for cancellation also covers the e-mail address it has provided, the data administrator will also delete the email address after the information has been provided.
Deleting data can not be initiated if data management is required:
• to exercise the right to freedom of expression and information;
• the fulfillment of obligations under EU or Member States applicable to the Data Controller for the processing of personal data and for the public interest;

• for preventive health or workplace health purposes, assessment of the employee's ability to work, medical diagnosis, health or social care or treatment, or management of health or social systems and services, under a contract concluded with a healthcare professional under EU or national law or healthcare professional, shall be handled by a professional or under the responsibility of a professional who is subject to the professional secrecy obligation laid down by Union or national law or by the rules established by the competent authorities of the Member States, or by another person who is also a Union or Member State law, the obligation of confidentiality laid down by the rules laid down by the competent authorities of the Member States;
• protection of public health in the area of ​​public health, such as the protection of serious health threats across borders or the provision of high quality and safety of healthcare, medicines and medical devices, and based on EU or Member State law that provides for appropriate and specific measures it has guarantees for the rights and freedoms of the person concerned and, in particular, professional secrecy;
• on the basis of public interest in the field of public health and the treatment of such data is carried out by a professional or under the responsibility of a professional who is subject to professional secrecy imposed by Union or national law or by the rules established by the competent bodies of the Member States, who is also subject to the obligation of confidentiality laid down by Union or Member State law or by the rules laid down by the competent authorities of the Member States;
• public interest archiving, for scientific and historical research purposes or for statistical purposes, if the right to cancel would probably make it impossible or seriously compromise this data management; or
• advocating, enforcing or protecting legal claims.
11.5. You can also ask your Person to block your data. The Data Controller locks out personal data when requested by the data subject, or if, on the basis of the information available to him, it may be assumed that the deletion would violate the legitimate interests of the Affected Person. Personal data so locked can only be handled as long as there is a data management target that excludes the deletion of personal data.
The person concerned must be notified of the correction, blocking and deletion, and all who have previously been transferred to the data for data handling. Notification may be omitted if it does not prejudice the legitimate interest of the Person concerned in view of the purpose of the processing.
If the Data Handler fails to comply with the Relevant Correction, Lockout, or Cancellation Policy, it will give written and written reasons for the rejection of the request for rectification, blocking or deletion within 30 days of receipt of the request.
You may object to handling your personal information. The Service Provider shall examine the protest within the shortest possible time but not later than 15 days from the submission of the request, and shall make a decision on its validity and shall inform the applicant in writing.

11.6. Upon request by the data subject, the Data Controller restricts the processing of data if one of the following conditions is met:
• the person concerned disputes the accuracy of the personal data, in which case the restriction concerns the period of time that the person concerned can verify the accuracy of the personal data;
• Data handling is illegal and the data subject is opposed to the deletion of the data and instead asks to restrict their use;
• the Data Manager no longer needs personal data for data processing but the person concerned requires them to submit, enforce or protect legal claims; or
• the person concerned has objected to data handling in connection with the data management of the Data Controller in the public interest or legitimate interest; in this case, the restriction applies to the duration of determining whether the data controller's legitimate reasons prevail over the legitimate grounds of the party concerned.
If the processing of data is restricted according to the above, such personal data may only be disclosed with the consent of the person concerned or the presentation, enforcement or protection of legal rights or the protection of the rights of a natural or legal person or of the public interest of the Union or of a Member State can be handled.
The Data Handler informs the data subject whose request has restricted the data management on the basis of the above, informing him in advance of the discontinuation of the limitation of data management.

11.7. The data subject shall have the right to receive personal data made available to him by the Data Controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without this being hampered by the Data Controller, provided personal data when:
• data management is either a contribution or a contract; and
• Data management is done automated.
In exercising the right to carry the data as described above, the data subject has the right to request, if technically feasible, the direct transfer of personal data between data controllers.
The exercise of the right to data storage shall be without prejudice to the right to cancel. That right shall not apply where the processing of data is necessary for the performance of a task in the public interest or in the exercise of its public authority powers conferred on the data controller.
The right to data storage should not adversely affect the rights and freedoms of others.
11.8. The data subject is entitled to object to the processing of his or her personal data by the Data Controller at any time when the legal basis for data processing is in the public interest or in the performance of a public authority exercised on the Data Controller or in the need to enforce the legitimate interests of the Data Controller or a third party, including profiling based on those provisions. In this case, the Data Controller may not process personal data unless it proves that data management is justified by legitimate reasons of enforceability that are of priority to the interests, rights and freedoms of the data subject, or which relate to the submission, validation or protection of legal claims.
If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition. If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.
If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes.
11.9. The data subject is entitled to withdraw his consent at any time based on the consent of the data controller based on the consent of the data controller. Revocation of the contribution does not affect the lawfulness of the consent based on consent, prior to the withdrawal.
11:10. It is based on and the Civil Code (Act V of 2013)
• National Data Protection and Information Authority (1530 Budapest, Pf .: 5, phone: +36 (1) 391-1400, email:, website: may or may
• Exercise your rights before the court.

11:11. If you have provided third-party information during the registration, or if you have caused any damage to the Website during the use of the Website, the Service Provider and the Data Controller are entitled to claim damages against the Affiliate. In such a case, the Service Provider and the Data Controller provide all available assistance to the determining authorities for the purpose of identifying the offender.


12.1. The Data Handler may collect data about the Activity of the Affiliates that can not be linked to any other data entered by the Affiliate upon registration or any other data generated by the use of any other website or service.
12.2. In all cases where the data provided by the Data Controller is intended to be used for purposes other than the purpose of the original recording, he or she informs the Affective Person and obtains his / her prior express consent or gives him the opportunity to prohibit the use.
12.3. The Service Provider and the Data Controller undertake to ensure the security of the data and also take technical measures to ensure that the data being recorded, stored or managed is protected and that it does everything to prevent their destruction, unauthorized use and unauthorized alteration. You also agree that any third party to which the data may be transmitted or handed over also draws attention to the fulfillment of this obligation.
12.4. The Data Controller reserves the right to unilaterally modify this Policy without prior notice to the Website of the Affected. Upon the entry into force of this amendment, the User shall accept the changes to continue using the Web site, as provided by the Data Controller as provided on the Web Site.
12.5. Legislation underlying data management
• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 / GDPR).
• 2011 CXII. law on information self-determination and freedom of information.
• Act LXVI of 1995 on public documents, public archives and the protection of private archives material. law.
• Decree 335/2005 on the General Requirements for Document Management of Public Servants (XII.29.) Government decree.
• CVIII of 2001. Act on Electronic Commerce Services and Information Society Services Issues.
• Act C of 2003 on Electronic Communications.



Last updated: May 21, 2018, Budapest
HighEnd Fashion Kft.