PRIVACY NOTICE

This Privacy Notice (hereinafter referred to as: “Privacy Notice”) describes the data processing on the https://pure-matic.hu/en/ website (hereinafter referred to as: “the Site”) operated by EURO-MATIC Kft. (registered office: H-1224 Budapest, Máriás utca 30., company registration number: 01-09-194259, tax number: 25005758-2-43, represented by: Hermann László, managing director individually, representative’s contact: [email protected], hereinafter referred to as: “Data Controller”)—especially the characteristics of data collection, storage and use.

This Privacy Notice is effective from 1 September 2025. The Data Controller keeps the current version of the Privacy Notice permanently available on the Site and at its registered office.

The Privacy Notice has been prepared in line with Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”), with due consideration of Act CXII of 2011 on Informational Self-determination and Freedom of Information (the “Privacy Act”). Terms used herein have the same meaning as in Article 4 GDPR and certain interpretative provisions of Section 3 of the Privacy Act. The provisions of GDPR—or where prohibited by GDPR, the Privacy Act—apply to issues not regulated in this Privacy Notice.

The Data Controller places special importance on the secure handling of personal data of clients and Site visitors. The Data Controller may provide extracts of this Privacy Notice for specific processing activities and obtain declarations that data subjects have read and acknowledged those extracts. The Data Controller reserves the right to amend this Privacy Notice; if an amendment affects the use of personal data already provided, the Data Controller will notify the data subject appropriately (e.g., by e-mail). Where details of processing change, the Data Controller will separately request consent where required.

Please read this Privacy Notice carefully and only engage the services available on the Site if you agree with the following.

1. Principles relating to processing of personal data

While providing its services, the Data Controller pays particular attention to personal data protection, complies with mandatory legal provisions, and processes data in a secure and fair manner. The Data Controller treats personal data confidentially, follows the principles of lawfulness, fairness and transparency, purpose limitation and data minimisation, storage limitation, integrity and confidentiality, and accuracy under the GDPR.

2. The method and security of data processing

The Data Controller ensures data security and takes necessary technical and organisational measures and implements procedural rules required to enforce the GDPR, the Privacy Act, and other applicable confidentiality rules. The Data Controller protects personal data from unauthorised access, modification, transmission, publication; unauthorised or accidental deletion and destruction; damage; and from becoming inaccessible as a result of technological changes.

Electronically processed data files are protected so that they are stored in separate registers and cannot be directly interconnected with the data subject unless permitted by law.

3. Data processing in relation to the Site and the services of the Data Controller

3.1. Request for quotation

  • Purpose: Manage and answer quotation requests; send quotations.
  • Data: Name, e-mail address, phone number, products quoted, other information provided in the request.
  • Data Subjects: Persons requesting a quote via the Site/webshop.
  • Legal basis: Consent (GDPR Art. 6(1)(a)).
  • Retention: Until consent is withdrawn.
  • Method: Electronic.
  • Source: Data subject.
  • Automated decisions/profiling: None.
  • Access: Authorised employees and processors (see Section 4).
  • Third-country transfers: None.

3.2. Performance of contracts

  • Purpose: Prepare, execute and perform contracts with sole proprietors, legal entities, or entities without legal personality.
  • Data: Contracting party’s name, signature, bank details; for sole proprietors: registration number, name, registered office, contact details, and other contractual data.
  • Data Subjects: Contracting partners/customers.
  • Legal basis: Contract (GDPR Art. 6(1)(b)).
  • Retention: Generally 5 years after termination; accounting documents 8 + 1 years.
  • Method: Paper and/or electronic.
  • Source: Data subject.
  • Automated decisions/profiling: None.
  • Access: Authorised employees and processors (see Section 4).
  • Third-country transfers: None.

3.3. Contact person’s data

The Data Controller keeps a register of contractual partners. Personal data in contracts are processed for performance (GDPR Art. 6(1)(b)). For contact persons of partners/authorities, processing is based on the Data Controller’s legitimate interest (GDPR Art. 6(1)(f)) per a balancing test to facilitate operations.

  • Purpose: Register partners and their contact persons; register authority contacts.
  • Data: Contracting party name, phone, e-mail; contact person name, e-mail, phone.
  • Retention: 5 years after contract performance.
  • Method/Source: Paper/electronic; data subject.
  • Failure to provide: May prevent performance/communication.
  • Automated decisions/profiling: None.
  • Access/Transfers: Authorised staff and processors; no third-country transfers.

3.4. Issuing accounting documents

  • Purpose: Issue, store and account for invoices.
  • Data: As set by Act C of 2000 (Accounting) and Act CXXVII of 2007 (VAT), including name, transaction date/period, address, e-mail, phone.
  • Legal basis: Legal obligation (GDPR Art. 6(1)(c)); Accounting Act §§159, 167.
  • Retention: 8 years (Accounting Act §169(2)); deletion after 8 + 1 years.
  • Method/Source/Access: Paper/electronic; data subject; authorised staff and processors.
  • Automated decisions/transfers: None; no third-country transfers.

3.5. Contact

  • Purpose: Communicate with customers contacting the Data Controller.
  • Data: Name, e-mail, optionally phone, message and subject.
  • Legal basis: Consent (GDPR Art. 6(1)(a)).
  • Retention: Until purpose achieved or erasure upon request.
  • Failure to provide: Prevents contact.
  • Method/Source/Access: Electronic; data subject; authorised staff and processors.
  • Automated decisions/transfers: None; no third-country transfers.

3.6. Guarantee claim

  • Purpose: Process guarantee claims regarding purchased products.
  • Data: Order ID, name, e-mail, phone, address, product name, defect description, claim, and any photos.
  • Legal basis: Consent (GDPR Art. 6(1)(a)); and legal obligation (GDPR Art. 6(1)(c)) under Decree 19/2014. (IV. 29.) NGM and the Civil Code.
  • Retention: Complaint report kept for 3 years from recording.
  • Method/Source/Access: Electronic; data subject; authorised staff and processors.
  • Failure to provide: Legal requirement to provide data to enforce claim.
  • Automated decisions/transfers: None; no third-country transfers.

3.7. Handling complaints

Consumers (as per Act CLV of 1997) may submit complaints via [email protected], by post to the registered office, or in person. Complaints are handled per the Consumer Protection Act.

  • Purpose: Receive, investigate and resolve complaints.
  • Data: Name, address, e-mail; data listed in Section 17/A(5) of the Consumer Protection Act; for undertakings, data concerning enforcement of claims.
  • Legal basis: Consent (GDPR Art. 6(1)(a)) and legal obligation (GDPR Art. 6(1)(c)) under the Consumer Protection Act.
  • Retention: If no further action after response: delete after 5 years per Section 17/A(7); otherwise after limitation period or final judgment.
  • Method/Source/Access: Paper/electronic; data subject; authorised staff/legal representatives.
  • Failure to provide: May prevent complaint examination.
  • Automated decisions/transfers: None; no third-country transfers.

3.8. Newsletter

  • Purpose: Inform newsletter subscribers about services and news at intervals.
  • Data: Name, e-mail.
  • Legal basis: Consent (GDPR Art. 6(1)(a)).
  • Retention: Until consent is withdrawn.
  • Failure to provide: No newsletters can be sent.
  • Method/Source/Access/Transfers: Electronic; data subject; authorised staff and processors; no third-country transfers.

3.9. Direct marketing

  • Purpose: Send invitations/information via direct marketing (post, e-mail, phone/SMS).
  • Data: Name, e-mail, phone, address.
  • Legal basis: Consent (GDPR Art. 6(1)(a)).
  • Retention: Until consent is withdrawn.
  • Failure to provide: No direct marketing will be sent.
  • Method/Source/Access/Transfers: Electronic; data subject; authorised staff and processors; no third-country transfers.

3.10. Record-keeping relating to the exercise of rights of data subjects

  • Purpose: Handle and document GDPR rights requests.
  • Data: Applicant’s name, place/date of birth, mother’s maiden name, address/mailing address, the GDPR right invoked and request.
  • Legal basis: Legal obligation (GDPR Art. 6(1)(c)) and legitimate interest (GDPR Art. 6(1)(f)).
  • Retention: 5 years from assessment.
  • Failure to provide: The Data Controller may be unable to meet GDPR requirements.
  • Method/Source/Access/Transfers: Paper/electronic; data subject; authorised staff and processors; no third-country transfers.

3.11. Facebook

The Data Controller operates a Facebook page: facebook.com/purematic. Via Page Insights, the Data Controller and Facebook Ireland Ltd. are joint controllers (GDPR Art. 26); Facebook assumes primary responsibility for processing analytical data. Rights requests or authority enquiries related to Page Insights received by the Data Controller will be forwarded to Facebook Ireland Ltd. For details, see: Information about Page Insights Data.

  • Purpose: Use of Facebook page and insights.
  • Data: Statistical data (e.g., likes, reach, views, interactions, age/gender/location aggregates).
  • Legal basis: Consent (GDPR Art. 6(1)(a)).
  • Retention: Until consent is withdrawn.
  • Method/Source/Access: Electronic; data subject; authorised staff and processors.
  • Transfers: Facebook Ireland Ltd.

3.12. Cookies

Cookies are small files placed on the user’s device to ensure proper operation, collect statistics, or support targeted advertising. Detailed information is available in our Cookie Policy: pure-matic.com/en/cookie-policy/.

4. Data processors

Processors act under contract and the Data Controller’s instructions, processing personal data in line with the GDPR for the periods indicated in this Privacy Notice. The Data Controller may transmit data to:

  • Tárhely.Eu Szolgáltató Kft. – 1144 Budapest, Ormánság u. 4.; Company reg. No.: 01-09-909968; Tax No.: 14571332-2-42
    Purpose: hosting services
  • GLS General Logistics Systems Hungary Kft. – 2351 Alsónémedi, GLS Európa utca 2; Company reg. No.: 13-09-111755; Tax No.: 12369410-2-44
    Purpose: delivery of ordered products
  • Pipedrivepipedrive.com; Privacy Policy: pipedrive.com/en/privacy
  • Kulcs-Soft Nyrt. – 1016 Budapest, Mészáros u. 13.; Company reg. No.: 01-10-045531; Tax No.: 13812203-2-41
    Purpose: billing software

5. Rights of the data subjects

Data subjects may exercise the following rights by e-mailing the Data Controller at [email protected]: right to information and access; rectification; erasure (“right to be forgotten”); restriction; objection and automated individual decision-making; data portability; and withdrawal of consent.

The Data Controller will identify the requester prior to fulfilling a request. If identification or required details are missing, the Data Controller will notify the applicant; the period between such notification and receipt of the missing information does not count towards the response deadline. The Data Controller informs all recipients of rectification/erasure/restriction unless impossible or disproportionate and, upon request, informs the data subject of those recipients.

5.1. Right to information and access

Under Articles 12–15 GDPR, the Data Controller provides information about processing and, upon request, access/copies of personal data processed, including: purposes, categories, recipients (including third-country/international transfers), storage periods, rights, complaint/judicial remedies, sources, automated decision-making (if any), and safeguards for transfers. The Data Controller replies within one month of receipt (extendable where permitted) and may charge a reasonable administrative fee where allowed.

5.2. Right to rectification

The data subject may obtain rectification of inaccurate data without undue delay and completion of incomplete data.

5.3. Right to erasure (“right to be forgotten”)

The data subject may request erasure where, for example, data are no longer necessary, consent is withdrawn and no other legal ground applies, processing is unlawful, or erasure is required by EU/member-state law, or data were collected in relation to information society services to a child (GDPR Art. 8). In such cases, services may no longer be provided.

5.4. Right to restriction of processing

Restriction may be requested in cases set out by GDPR (e.g., accuracy contested; unlawful processing; data needed for legal claims; pending objection assessment). During restriction, processing is limited to storage, consent, legal claims, protection of others’ rights, or important public interest. The data subject will be informed before lifting a restriction.

5.5. Right to object and automated individual decision-making

Where processing is based on public interest/official authority (Art. 6(1)(e)) or legitimate interests (Art. 6(1)(f)), the data subject may object; processing then ceases unless compelling legitimate grounds override the data subject’s interests, rights and freedoms, or for legal claims. The Data Controller does not use automated decision-making or profiling for the activities described herein.

5.6. Right to data portability

For processing based on consent or contract and carried out by automated means, the data subject may receive data in a structured, commonly used, machine-readable format and transmit it to another controller without hindrance.

5.7. Right to withdraw consent

Where processing is based on consent, it may be withdrawn at any time. The Data Controller may continue to process data where necessary to fulfil legal obligations or for legitimate interests, where proportionate to the restriction of rights.

6. Legal remedies

The Data Controller is liable for damage caused by unlawful processing or by breaching data security requirements and for grievance awards for infringements of personality rights, unless the Data Controller proves it is not in any way responsible for the event giving rise to the damage.

If the data subject considers their data processing infringes GDPR, they may first contact the Data Controller at [email protected]. They may also lodge a complaint with the Hungarian Authority for Data Protection and Freedom of Information (NAIH): H-1055 Budapest, Falk Miksa utca 9–11.; postal address: H-1363 Budapest, Pf. 9.; phone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: [email protected]. Data subjects may initiate court proceedings, which proceed under priority, before the competent district court at their residence or habitual residence. See birosag.hu/torvenyszekek and the court finder at birosag.hu/…/birosag-kereso.

Download PDF Version