Data Protection Notice

Valid from 30.11.2025 until revoked.

The purpose of the following data management information is to provide a detailed description of the personal data processed by the operator of the ifitcore.hu webshop (hereinafter referred to as the Data Controller) and the legal obligations it complies with. The Data Controller, as a self-employed individual entrepreneur exempt from personal tax (AAM), is committed to the protection of personal data and undertakes that all its data management activities are carried out in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (Infotv.). The Data Controller treats personal data confidentially and takes all necessary security, technical and organizational measures to protect the data.
1. Purpose and legal background of the information

1.1 Scope of the information

This document applies to all data processing on the ifitcore.hu website, including ordering products, registering, using contact forms, subscribing to newsletters, and using the website's cookies. The purpose of the information is to provide visitors and customers with detailed information about how and for what purpose we process their personal data, as well as what rights they have.

1.2 Legal basis

The Data Controller undertakes to ensure that all data processing processes of its activities comply with applicable laws, in particular the following:

  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council, which uniformly regulates the processing of personal data within the European Union.
  • Infotv. – Act CXII of 2011 on the right to informational self-determination and freedom of information.
  • Civil Code – Act V of 2013, which contains the general rules governing the conclusion of contracts and contractual legal relationships.
  • Accounting Act – Act C of 2000, according to which tax and accounting documents must be retained for a specified period of time.
  • Electronic Commerce Act – Act CVIII of 2001, and Government Decree 45/2014 (II. 26.) on distance contracts, which defines the right of withdrawal for buyers.

1.3 Unique regulatory environment in 2025

From 2025, all Hungarian-language websites and online stores must have their own data processing information, especially when customers register, receive newsletters or participate in prize draws. Such information must be accepted by visitors when using the service. According to the new GDPR regulation, users must be given the opportunity to withdraw their consent and change their previous decision at any time. Therefore, there are separate checkboxes on our website for newsletter subscription and order forms.

2. Data controller's data

Company name: Gergő Szitai EV operator of ifitcore.hu web store
Registered office: 2217 Gomba, Szemere Huba Street 1.
Mailing address: 2217 Gomba, Szemere Huba Street 1.
Tax number: 55926148-1-33 – subject tax exempt (AAM)
Registration number: 54674910
Representative: Gergő Szitai
Email: info@ifitcore.hu
Phone: +36 30 597 6075
Website: https://ifitcore.hu

The Data Controller treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data.

3. Definitions

The terms used in this privacy policy are based on the definitions of the GDPR and the Information Act. The most important ones are as follows:

  • Personal data: any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, a number, location data, an online identifier or to factors specific to the physical, physiological, genetic, economic, cultural or social identity of that person.
  • Data processing: any operation performed on personal data or data files, whether or not by automated means, such as collection, recording, organization, storage, modification, use, transmission, retrieval, alignment, erasure or destruction.
  • Data controller: the natural or legal person who determines the purposes and means of processing personal data.
  • Data Processor: the natural or legal person who processes personal data on behalf of the Data Controller.
  • Data Subject: the natural person whose data is processed by the Data Controller.
  • Consent: a voluntary, clear expression of the data subject's will, by which he or she gives his or her consent to the processing of his or her personal data.
4. Scope of processed data and purposes of data processing

During the operation of the ifitcore.hu webshop, we process various types of personal data. The following list presents the most common data groups and the purpose of data processing.

4.1 Orders

Processed data: name, billing address, shipping address, telephone number, e-mail address, details of the ordered product(s), payment method.

Purpose: creation and fulfillment of the purchase contract; delivery of products; fulfillment of invoicing and payment obligations.

Legal basis: performance of a contract (Article 6(1)(b) of the GDPR) or compliance with legal requirements regarding invoicing obligations (Article 6(1)(c) of the GDPR).

4.2 Contact and customer service

Data processed: name, e-mail address, telephone number, content of the message sent, data from any previous orders.

Purpose: answering user questions, handling complaints, warranty administration, customer support.

Legal basis: legitimate interest (GDPR Article 6(1)(f)), as the Data Controller has a legitimate interest in communicating with customers.

4.3 Newsletter subscription and marketing

Data processed: name (optional), email address.

Purpose: sending electronic newsletters to subscribers, sharing new products, promotions and useful information.

Legal basis: prior, voluntary consent of the data subject (Article 6(1)(a) GDPR). We provide a separate checkbox for subscribing to the newsletter. The user can withdraw their consent and unsubscribe from the newsletter at any time.

4.4 Billing and accounting data

Processed data: name, billing address, tax number (optional, only for corporate customers), order data, invoice number.

Purpose: to fulfill invoicing and tax obligations; to comply with accounting and legal requirements.

Legal basis: compliance with a legal obligation (Article 6(1)(c) GDPR).

4.5 Technical data and cookies

Data processed: IP address, browser type, operating system, behavioral data related to the use of the website (e.g. time of visit, pages visited). Cookies can be session cookies, statistical (analytical) cookies and marketing cookies.

Purpose: to ensure the technical operation of the website; to improve the user experience; to prepare visitor statistics; to measure the effectiveness of marketing activities. It is important to highlight that under the new regulation, the IP address and the cookie identifier are also considered personal data.

Legal basis: legitimate interest for technical operation (GDPR Article 6(1)(f)); consent to marketing cookies (GDPR Article 6(1)(a)). We provide detailed information on the use of cookies and the user can set which cookies they consent to.

5. Data processors and data transfer

During the operation of the webshop, the Data Controller uses partners who provide services necessary for the fulfillment of orders. These partners - as data processors - have access to personal data only to the extent necessary to fulfill the given purpose.

5.1 Hosting provider

Provider name: Shopify International Ltd.
Headquarters: 2nd Floor, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Service: website operation, database and email infrastructure provision.

5.2 Logistics partners

Processed data: name, delivery address, telephone number, e-mail address, ordered products.
Purpose: home delivery of ordered products or delivery to a parcel point.
Note: Logistics partners are considered independent data controllers in the processing of shipping data.

5.3 Payment service provider

Data processed: When paying with a bank card, the customer's payment data (card number, expiration date, CVV) is not processed by ifitcore.hu, but by the payment service provider. Our webshop only receives feedback on the success of the transaction.
Purpose: to ensure the payment process is secure.
Note: The payment service provider provides its own data processing information regarding bank card payments.

5.4 Billing and accounting system

Provider name: [Name of billing or accounting software]
Processed data: name, address, tax number, order data.
Purpose: issuing invoices, fulfilling tax and accounting obligations. The transfer of data is based on a legal obligation.

5.5 Newsletter service provider

Service provider name: [Name of company operating the newsletter system]
Data processed: name (optional), email address.
Purpose: to send marketing messages, promotions, and interesting articles to newsletter subscribers. The processing of data stored in the newsletter sending system is based on the consent of the data subject, which can be withdrawn at any time.

6. Data security measures

The Data Controller ensures that personal data is secure and not accessible to unauthorized persons. Security measures include:

  • Access control: only those employees who need it to perform their job duties have access to personal data.
  • Encrypted data transmission: communication between the website and the servers takes place via the TLS/SSL protocol.
  • Password protection and authentication: access to the data controller's systems is protected by strong passwords and multi-factor authentication.
  • Regular backup: Regular backups are made to maintain data integrity.
  • Vulnerability tests and updates: we continuously ensure that systems are updated and maintained.

The Data Controller considers it particularly important to respect the right of informational self-determination of the data subjects and treats personal data confidentially.

7. Rights of data subjects

Data subjects are entitled to exercise the following rights in accordance with the provisions of the GDPR and the Infotv. The Data Controller shall comply with the requests received without undue delay, but no later than within one month.

7.1 Right of access

The data subject has the right to request information about whether the Data Controller processes his or her personal data and, if so, what data, on what legal basis, for what purpose, for how long, and to whom it is transferred.

7.2 Right to rectification

The data subject may request the correction of inaccurate or incomplete data or the completion of data.

7.3 Right to erasure (right to be forgotten)

The data subject may request the deletion of their personal data if the processing of the data has become unjustified or if the data subject has withdrawn their consent.

7.4 Right to restriction of data processing

The data subject may request that the Data Controller restrict the processing of personal data (e.g. if he or she disputes the accuracy or legitimacy of the data).

7.5 Right to data portability

The data subject has the right to receive the personal data he or she has provided in a structured, commonly used and machine-readable format and has the right to transmit these data to another controller.

7.6 Right to object

The data subject has the right to object to the processing of his or her personal data where the processing is based on legitimate interests. In such a case, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the rights of the data subject.

7.7 Withdrawal of consent

The data subject may withdraw their consent at any time, which, however, does not affect the lawfulness of previous data processing.

7.8 Submitting a complaint

The data subject has the right to lodge a complaint with the competent supervisory authority if he or she believes that the processing of his or her personal data violates the applicable laws. In Hungary, the National Authority for Data Protection and Freedom of Information (NAIH) is competent:

  • Address: 1055 Budapest, Falk Miksa Street 9–11.
  • Postal address: 1363 Budapest, P.O. Box 9.
  • Phone: +36 1 391 1400
  • E-mail: ugyfelszolgalat@naih.hu
  • Website: https://naih.hu
8. Data retention period

The Data Controller will only retain personal data for as long as the purpose of the data provision requires or as long as required by law:

  • Data related to the performance of a contract: within the civil law limitation period (usually 5 years) or up to 8 years due to the need to assert claims.
  • Invoices and accounting documents: according to the Accounting Act, they must be kept for 8 years.
  • Newsletter subscription: until the user unsubscribes from the newsletter.
  • Contact details: up to 1 year after the communication has ended, unless a legal dispute arises.
  • Technical data and cookies: depending on the type of cookie, a few minutes or days (session cookies) or up to 12 months (analytical and marketing cookies).
9. Managing cookies

ifitcore.hu uses several types of cookies to ensure the proper functioning of the website and to improve the user experience. Cookies are small data files that are stored by the browser on the user's device. Types of cookies:

  • Session cookies: an identifier is created when you visit the website and is automatically deleted when you close your browser. These are essential for the functioning of the shopping cart and login.
  • Preference cookies: remember the user's settings (such as language or display options) to provide a more convenient experience on your next visit.
  • Analytical cookies: help us collect statistical information about visits (e.g. Google Analytics). According to the GDPR, these cookies may also collect personal data, such as IP address, and are therefore only processed in an anonymized form.
  • Marketing cookies: used to display targeted advertisements, for example in the advertising systems of Facebook or Google. These require separate consent.

We ask for the user's consent before using any non-necessary cookies; consent can be changed or withdrawn at any time in the cookie management settings.

10. Regular data transfer abroad

ifitcore.hu does not transfer personal data outside the borders of the European Union, unless the data processor of the newsletter sender or payment service provider is established outside the Union. In such cases, the data transfer will only take place under appropriate guarantees (e.g. general contractual conditions approved by the European Commission).

11. Automated decision-making and profiling

ifitcore.hu does not use automated individual decision-making or profiling that would have legal effects on the data subjects. All our marketing activities are based on the user's consent and no analysis is carried out on the basis of which a significant decision would be made.

12. Amendment of the data processing information

The Data Controller reserves the right to modify this information at any time. We will inform users of any changes in a notice on the website and/or by e-mail. The current version of this information is available on the ifitcore.hu website. The modifications will only apply after publication.

13. Contact and further information

If you have any questions or requests regarding this data management policy, please contact us at the following address:

  • Email: info@ifitcore.hu
  • Postal address: [Operator's postal address]
  • Phone: +36 30 597 6075

Please note that this privacy policy is for general information purposes only. It does not constitute legal advice and we recommend that you consult a legal professional if necessary.

Valid: 2025.11.30.

The Data Protection Notice can be downloaded in PDF format here.

iFitCore © 2025 - All rights reserved.