PRIVACY POLICY

 

1. INTRODUCTION

We welcome visitors to our website and our customers, hereinafter collectively referred to as "Data Subject(s)"!

 

1.1 Who are we, i.e., who is the data controller?

Name and registered office of the data controller: Dalma Zsuzsanna Papp sole proprietor, 2330 Dunaharaszti, Dárda street: 1/1, Hungary

Contact details of the data controller's representative: [email protected] +36307974731

Website: https://intarent.com/

 

1.2 Where can I get information about the processing of my personal data?

We process the personal data of data subjects in accordance with what is contained in this Privacy Notice.

Data Subjects may request further information about the personal data processing carried out by us by email at this address: [email protected]

For the interpretation of this Notice, we believe it is necessary that the Data Subject is aware of the concept of personal data.

 

1.3 What do we call personal data?

Any information that identifies or may identify a natural person is personal data. Examples of personal data include name, number, location data, online identifier, or information relating to physical, mental, economic, or cultural identity.

The definitions of other important concepts can be found in the Annex I.

1.4 What are the main elements of this Privacy Notice?

Here, among others, the Data Subject may find

• the rules regarding the processing of their data,
  
  
• the data protection principles,
  
  
• detailed information regarding the processing, such as what data we process, for what purpose, for how long
  
  
• and last but not least, information about the rights of the data subject.
  
  

 1.5 What should I pay attention to when providing other people's data?

We request that all website users only provide their own data, as the main rule is that it is prohibited to provide the data of other persons, except in cases where the data provider has obtained the actual data subject’s consent in advance.

 

1.6 What are my rights and how can I exercise them?

Important: The Data Subject may withdraw their consent to the processing of their personal data at any time, and then the Data Controller is obliged to terminate the processing based on the withdrawn consent.

Example: If the Data Subject no longer wants to receive newsletters from us, they can request that we no longer send them.

The Data Subject can find detailed information on withdrawing consent and other rights in point 2.

 

2. DETAILED INFORMATION ABOUT DATA PROCESSING

2.1. Inquiry, contact

Scope of processed data: Name (first name, surname), email address, phone number, communication with customer service

Purpose of data processing: Replying to inquiries

Legal basis for data processing: Data Subject’s consent (Regulation Article 6(1)(a))

Duration of data processing: Data is deleted after the communication contact takes place.

What are the consequences if data is not provided?: Data Controller cannot contact the Data Subject.

2.2. Registration

Scope of processed data: Username, first name, surname, email address, phone number, address, password, bank account number, registration time, IP address, tax number (optional)

Purpose of data processing: Using the functions offered by the service, more convenient website navigation

Legal basis for data processing: Data Subject’s consent (Regulation Article 6(1)(a))

Duration of data processing: In case of withdrawal of your consent (e.g., deletion of registration) we immediately delete your data or after 5 years from your last activity.

What are the consequences if data is not provided?: The Data Subject cannot use the service provided by the Data Controller

 

2.3. Newsletter, email marketing communication

Scope of processed data: Name, email address, subscription time, IP address.

Purpose of data processing: Our system may send informational emails in several ways to the Data Subject, e.g., about abandoned carts, order confirmation, order statuses, and customer satisfaction surveys to inform interested parties. We also send marketing communications via email by direct contact, about promotions, offers, etc.

Legal basis for data processing: Data Subject’s consent (Regulation Article 6(1)(a))

Duration of data processing: Until withdrawal of the Data Subject’s consent or 5 years from your last activity.

What are the consequences if data is not provided?: The Data Subject will not receive newsletters from the Data Controller

2.4. Data processing related to using the service and subscriptions

Scope of processed data: Name, email address, country, subscription time, IP address, service data

Purpose of data processing: Sale of the service package chosen by the Data Subject

Legal basis for data processing: If the Data Subject is a natural person, performance of the contract for the provision of the service (Regulation Article 6(1)(b)) (until the contract is performed); If the Data Subject is a business entity or sole proprietor, the legal basis is legitimate interest (Regulation Article 6(1)(f)).

After termination of the contract, in both cases, legitimate interest according to Regulation Article 6(1)(f) (general limitation period under Civil Code, that is 5 years)

Name of the Data Controller’s legitimate interest (if the legal basis is legitimate interest): For a business entity or sole proprietor, the legitimate interest is in managing the contract, providing the service. The legitimate interest after contract termination is assertion of claims within the limitation period, and substantiating own position in authority and other matters.

Duration of data processing: Until contract termination, and afterwards for 5 years as per the legal basis.

What are the consequences if data is not provided?: The Data Subject cannot subscribe to service packages on the site and cannot access premium functions provided by the service.

2.5. Data processing related to refunds for natural person Data Subjects

Scope of processed data: Name, bank account number, subscription data, other data necessary for the refund

Purpose of data processing: Fulfillment of refund obligation arising under law or from obligations stated in the Terms of Use

Legal basis for data processing: Fulfillment of contractual obligation for service provision (Regulation Article 6(1)(b)). After the refund, legitimate interest according to Regulation Article 6(1)(f) (general limitation period under Civil Code, that is 5 years)

Name of Data Controller's legitimate interest (if the legal basis is legitimate interest): assertion of rights within the limitation period, and substantiating own position with adequate data in authority and other matters.

Duration of data processing: Until contractual obligation is fulfilled, and afterwards for 5 years as per the legal basis.

What are the consequences if data is not provided?: The Data Subject will not receive refund in the manner requiring these data.

2.6. Data processing related to invoices for natural person Data Subjects

Scope of processed data: Name, email address, phone number, address, billing address, other invoice data

Purpose of data processing: Issuance of invoice as required by law

Legal basis for data processing: Regulation Article 6(1)(c) legal obligation (obligation to issue invoice – Act CXXVII of 2007 (VAT Act) Section 159(1))

Duration of data processing: 8 years from the date of invoice issuance (According to Accounting Act Section 169(2) invoices must be retained for 8 years after issuance).

What are the consequences if data is not provided?: The transaction will not be concluded (this is a mandatory field for placing an order)

2.7. Data processing related to property management

Scope of processed data: Name of lessor, property name, property address, short description of property, date of adding property, property data

Purpose of data processing: ensuring full use of the service

Legal basis for data processing: Regulation Article 6(1)(a) Data Subject’s consent

Duration of data processing: Until withdrawal of the Data Subject’s consent or 5 years from the Data Subject’s last activity.

What are the consequences if data is not provided?: The Data Subject cannot fully utilize the Data Controller’s service

 

2.8 Data processing related to complaint handling for natural person Data Subject

Scope of processed data:

• the consumer’s name, address, (if consent is given, for contact purposes only, phone number, email address)
  
  
• place, time, method of submitting complaint,
  
  
• detailed description of the consumer’s complaint, list of documents, records, other evidence provided by consumer,
  
  
• Data Controller’s statement regarding the complaint, if immediate investigation is possible,
  
  
• person recording the report and– except for complaints made by phone or other electronic communication, the consumer’s signature,
  
  
• place and time of report,
  
  
• in case of verbal complaint by phone or electronic communication, unique complaint identification number.
  
  

Purpose of data processing: compliance with relevant law and handling consumer complaints.

Legal basis for data processing: Regulation Article 6(1)(c) legal obligation. Relevant Hungarian regulation: Act CLV of 1997 § 17/A (5) and (7)

Duration of data processing: 3 years

What are the consequences if data is not provided?: The Data Subject cannot enforce a complaint.

2.9. Cookie-related data processing

For a better shopping experience, we use cookies for certain social and content-sharing functions, as well as for analyzing website traffic and for marketing communication purposes.

Our cookie data processing notice can be found in Annex II.

2.10 Data transfers outside the EU

Are there data transfers to a country outside the EU? If so, indicate adequacy decision or other appropriate safeguards:

No data is transferred to countries outside the EU.

 

3. DATA PROCESSORS

3.1. Our hosting provider(s)

• Name: DigitalOcean
• Registered office: Frankfurt, Germany
• Email: [email protected]

3.2. Our invoice software provider(s)

• Name: KBOSS.hu Kft
  • Registered office: 1031 Budapest, Záhony street 7, Hungary
• Email: [email protected]

• Name: Emergence Engineering Kft.
  • Registered office: 1123 Budapest Nagyenyed street 5. basement
• Email: [email protected]
  
  
  

3.3. Our accounting provider(s)

• Name: Digitbooks Kft.
  • Registered office: 1036 Budapest, Lajos street 131, Floor 6, Apt 33
• Email: [email protected]
  
  

3.4. Our newsletter provider(s)

• Name:
  • Registered office:
  • Email:
  
  

3.5. Our online payment provider(s)

• Name: Stripe, Inc.
• Registered office: The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland
• Email: [email protected]

 

I. RIGHTS OF THE DATA SUBJECT, REMEDY OPTIONS

In connection with the above data processing, the Data Subject is entitled to the following rights and may exercise these rights as follows:

The Data Subject is entitled at any time to request information about the data processed by the Data Controller, to request correction, supplementation, deletion, blocking of their registered data, as well as to exercise the right to data portability, and access to their personal data, and to object to the processing of their personal data.

The request for exercising the rights specified above should primarily be submitted to the representative of the Data Controller or, if such a position exists at the Data Controller, to the data protection officer.

Information and right of access to personal data

You may, via the contact details provided above, in writing request information from the Data Controller about which:

• personal data,
  
  
• under what legal basis,
  
  
• for what processing purpose,
  
  
• from what source,
  
  
• for how long is processed,
  
  
• to whom, when, on what legal basis, which personal data the Data Controller granted access or transferred.
  
  

The Data Controller provides the information in an electronic format commonly used unless the Data Subject requests it in writing, on paper. The Data Controller does not provide verbal information over the phone or in person.

The Data Controller provides the first copy of personal data (in person at customer service) free of charge to the Data Subject. For further copies requested, the Data Controller may charge a fee based on administrative costs. If the Data Subject requests delivery of the copy electronically, the Data Controller provides the information by email in a widely used electronic format unless the Data Subject requests otherwise.

Following the information, if the Data Subject disagrees with the data processing or the accuracy of the processed data, they may request correction, supplementation, deletion, restriction of processing, object to such processing, or initiate proceedings as specified in point 7.

RIGHT TO RECTIFICATION AND SUPPLEMENTATION OF PROCESSED PERSONAL DATA

The Data Controller shall without undue delay correct any inaccurate personal data or supplement incomplete data indicated by the Data Subject, upon written request. The Data Controller informs all recipients regarding the correction or supplementation except where this proves impossible or requires disproportionate effort. The Data Controller shall inform about these recipients if requested in writing.

RIGHT TO RESTRICTION OF DATA PROCESSING

The Data Subject may, via written request, ask the Data Controller to restrict data processing if

• The Data Subject disputes the accuracy of personal data, restriction applies for the duration necessary for the Data Controller to verify the accuracy,
  
  
• Processing is unlawful and the Data Subject opposes deletion and instead requests restriction,
  
  
• The Data Controller no longer needs the personal data but the Data Subject needs them for asserting, exercising, or defending legal claims,
  
  
• The Data Subject objects to processing: restriction applies while it is determined whether the Data Controller’s legitimate interests override the Data Subject’s rights.
  
  

Data affected by restriction, apart from storage, may be processed only with the Data Subject’s consent, for asserting, exercising or defending legal claims, for protecting the rights of another natural or legal person, or for an important public interest of the Union or any Member State during the period. The Data Controller will inform the Data Subject before lifting the restriction.

RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

The Data Controller, upon request, deletes the personal data without undue delay if any of the following grounds apply:

1. a) Personal data are no longer needed for the purpose for which the Controller collected or otherwise processed them;
   
   
2. b) You withdraw your consent that is the basis for processing, and there is no other legal basis;
   
   
3. c) The Data Subject objects to processing based on their particular situation, and there are no overriding legitimate grounds;
   
   
4. d) The Data Subject objects to direct marketing or profiling related to direct marketing;
   
   
5. e) The Data Controller processes the data unlawfully;
   
   
6. f) The personal data were collected in relation to information society services offered directly to children.
   
   

The Data Subject may not exercise the right to erasure if processing is necessary

1. a) For exercising freedom of expression and information;
2. b) For reasons of public interest in the area of public health;
3. c) For purposes of archiving in the public interest, scientific or historical research, or statistical purposes, if the right to erasure would make that processing impossible or seriously endanger it;
4. d) For asserting, exercising or defending legal claims;
5. e) For compliance with legal obligations requiring processing, or for performance of a task carried out in the public interest or exercise of official authority.
   
   

RIGHT TO DATA PORTABILITY

If processing is necessary for performance of contract, or based on the Data Subject’s voluntary consent, and the processing is automated, the Data Subject has the right to request to receive their data provided to the Data Controller in a machine-readable format. If feasible, they may request data transfer to another data controller. This right only covers personal data provided by the Data Subject. (e.g. statistics etc.)

The Data Subject may receive personal data held in the Data Controller’s systems:

• in a structured, commonly used, machine-readable format,
• to transfer to another controller,
• request direct transfer to another controller– if technically feasible.
  
  

This right does not apply if processing is necessary for public interest or for the performance of official authority duties.

The Data Controller fulfills requests for portability based only on written requests submitted by email or post. To fulfill the request, the Data Controller must be convinced that the request is submitted by the authorized person. The right of portability applies only to data provided by the Data Subject. Exercising this right does not automatically mean erasure from the Controller’s systems; records remain unless erasure is requested.

RIGHT TO OBJECT TO PROCESSING OF PERSONAL DATA

The Data Subject may object (based on their own situation) by declaration to the Data Controller if the legal basis for processing is

• public interest according to Regulation Article 6(1)(e), or
• legitimate interest according to Regulation Article 6(1)(f).
  
  

If personal data are processed for direct marketing purposes, the Data Subject may object at any time, including to profiling if related to direct marketing. Afterwards, the personal data will no longer be processed for these purposes.

On exercising the right to object, the Data Controller cannot process the data unless proven there are compelling legitimate grounds overriding the Data Subject’s rights, or for asserting, exercising or defending legal claims. The Data Controller decides on whether compelling legitimate grounds exist, and informs the Data Subject of its position in writing.

The Data Subject may object to processing in writing (email or post).

THE RIGHTS OF DECEASED PERSONS EXERCISED BY OTHERS

Within five years after the death of a Data Subject, the rights that the deceased would have had (right to access, rectification, erasure, restriction of processing, portability, objection) may be exercised by persons authorized by the deceased by administrative allocation or by notarial or fully authentic private document. If the Data Subject made several such statements at the Controller, the person designated in the later statement may exercise these rights.

If the deceased did not make such a statement, the rights may be exercised by the deceased's close relative according to the Civil Code within five years after death (if several close relatives, the first to exercise is entitled).

Close relative as per the Civil Code: spouse, direct descendant, adopted, stepchild, foster child, adoptive-, step-, foster-parent, and sibling. Close relatives must prove:

• the fact and date of death with death certificate or court order,
• their own identity–and, if necessary, relationship–with public documents.
  
  

The person enforcing the deceased's rights holds the same rights and obligations as the deceased in proceedings with Data Controller, the National Authority for Data Protection and Freedom of Information, and before court.

The Data Controller shall inform the close relative about actions taken upon written request unless the deceased explicitly prohibited it in their statement.

WITHDRAWAL OF CONSENT

The Data Subject may withdraw their consent to the processing of their personal data at any time. In this case, the Data Controller shall no longer process the affected data. Exceptions are cases where another legal basis for processing exists. The Data Controller must inform the Data Subject about such exceptions and data erasure as described below.

DEADLINE FOR FULFILLING REQUESTS

The Data Controller shall notify you of measures taken within one month of receipt of any request described above. If needed, taking into account complexity and number of requests, the deadline may be extended by two months, but the Data Controller will notify you of the delay and its reasons within one month, and about your right to complain to the supervisory authority and enforce your rights in court.

If your request is clearly unfounded or excessive (especially repetitive), the Data Controller may charge a reasonable fee or refuse to act, considering administrative costs; Data Controller must justify this.

If you submitted your request electronically, the Data Controller provides information electronically unless you request otherwise.

COMPENSATION AND DAMAGES

 

Any person who suffers material or non-material damage resulting from a breach of the Regulation is entitled to compensation from the Data Controller and/or processor. The processor is only liable for data processing damages if it failed to comply with statutory obligations specifically applicable to processors, or ignored the Data Controller’s lawful instructions or acted contrary. The Data Controller or processor is exempt from liability if it proves no responsibility for the event causing the damage.

REMEDY OPTIONS

The Data Subject may enforce their rights by written request sent by email or post.

The Data Subject cannot enforce their rights if the Data Controller proves that it is not in a position to identify the Data Subject. If the Data Subject’s request is clearly unfounded or excessive (especially repetitive), the Data Controller may charge a reasonable fee or refuse to act. The Data Controller must prove this. If the Data Controller has doubts about the identity of the applicant, it may request additional information to verify identity.

You may, based on the Info Act, Regulation and Civil Code (Act V 2013)

1. a) Submit a complaint or request to the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa street 9-11; https://www.naih.hu) OR
   
   
2. b) Enforce your rights in court. The case may–at your choice–be launched before the court of your place of residence (list and contacts: https://birosag.hu/torvenyszekek).

 

II. HANDLING DATA PROTECTION INCIDENTS

A data protection incident is a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to transmitted, stored, or otherwise processed personal data. The Data Controller keeps a record of measures regarding data protection incidents, notification of supervisory authority, and notification of Data Subject, which includes the scope of affected personal data, numbers and scope of affected Data Subjects, time and circumstances, effects, and measures taken.

In case of a data protection incident, except where there is no risk to the rights and freedoms of natural persons, the Data Controller shall notify the supervisory authority without undue delay, but at latest within 72 hours. If the incident is likely to pose a high risk to the rights and freedoms of Data Subjects, the Data Controller shall notify the Data Subject without undue delay.

III. ACCESS TO DATA AND DATA SECURITY MEASURES, DATA TRANSFER

ACCESS TO DATA, DATA TRANSFER

Employees and certain agents of the Data Controller may access personal data to fulfill their duties, in a very limited scope.

The Data Controller transmits personal data under law and for purposes as specified in law, to other bodies or state bodies.

The Data Controller informs the Data Subject that courts, prosecutors, investigating authorities, infraction authorities, administrative bodies, the National Authority for Data Protection and Freedom of Information, and other bodies authorized by law may request information, communicate data, transfer, or provide documents for availability purposes.

The Data Controller only provides personal data as needed and to the extent necessary to achieve the purpose specified by the authority, provided the authority specifies the exact purpose and scope of requested data.

DATA SECURITY MEASURES

The Data Controller takes all necessary measures to ensure the security of data, provides adequate protection, especially against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as accidental loss and damage. The Data Controller ensures the security of data through adequate technical and organizational measures.

In the course of providing service, the Data Controller selects and operates IT tools so that:

• access is available to authorized persons (availability);
  
  
• authenticity and authentication of processing is ensured (data processing authenticity);
  
  
• integrity is verifiable (data integrity);
  
  
• unauthorized access is prevented (data confidentiality).
  
  

The Data Controller ensures during processing:

• confidentiality: protects information so only authorized persons can access;
• integrity: protects accuracy and completeness of information and processing;
• availability: ensures authorized users can access needed info and tools when required.
  
  

Further protection of personal data is provided by the Data Controller's data protection officer, who is responsible to the top management and cannot accept instructions from anyone regarding their duties.

If processing is carried out on behalf of the Data Controller, only processors providing adequate guarantees for compliance and protection of Data Subject rights through adequate technical and organizational measures may be used.

 

IV. OTHER PROVISIONS

The Data Controller reserves the right to amend this Privacy Notice unilaterally. If there is a change, the Data Controller shall notify the Data Subject by posting the amendment and its effective date on the Data Controller’s website.

If someone provided another person’s data to the Data Controller or gave fictitious data and thereby caused damage in any way, the Data Controller may claim compensation against the person providing another’s data.

The Data Controller does not verify the personal data provided. The person providing the data is solely responsible for their accuracy. When providing personal data, the Data Subject agrees that the provided data are correct and their own personal data.

Annex 1: DEFINITIONS OF TERMS

“Regulation”: General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council)

“Data Controller”: The organization/legal entity specified in point 1

“personal data”: any information relating to an identified or identifiable natural person (“data subject” in this document: “loyal customer”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more physical, physiological, genetic, mental, economic, cultural, or social elements;

“processing”: any operation or set of operations performed on personal data or data sets by automated or non-automated means, such as collection, recording, arrangement, segmentation, storage, transformation or alteration, retrieval, inspection, use, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, destruction;

“restriction of processing”: marking stored personal data with the aim of limiting their processing in the future;

“profiling”: any form of automated processing of personal data which consists in using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

“processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;

“recipient”: a natural or legal person, public authority, agency or other body to whom personal data are disclosed, regardless of whether it is a third party. Authorities which may access personal data under EU or national law in a specific investigation are not considered recipients; processing by such authorities must comply with data protection rules for the purpose of processing;

“Data Subject’s consent”: the Data Subject’s voluntary, specific, informed and unambiguous declaration of will, by which the Data Subject expresses agreement to the processing of personal data concerning them by statement or clear affirmative action;

“data protection incident”: a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data;

Annex II: COOKIE NOTICE

What are cookies?

Data files stored by a given browser on the user’s computer.

What is the function of a cookie?

It collects data about activities carried out by the user on their computer (websites) and allows the website to store individual settings and actions.

The user may individually set/accept or refuse cookies, since browsers allow this. The function of cookies also allows the user to view more special content (e.g., video).

What kinds of cookies exist?

You may encounter countless cookies on different websites.

Cookie categories:

1. Functional (essential, necessary) cookies
2. Analytical cookies
3. Advertising cookies
   
   

What is the purpose of data processing?

User identification, prevention of data loss, distinguishing users, tracking sessions and storing data provided. The user can also delete cookies from their computer.

What is the legal basis for data processing?

The Data Subject’s consent (Regulation Article 6(1)(a)), or legitimate interest (Regulation Article 6(1)(f)) for functional cookies.

Types of processed personal data:

identifier, previously visited page, time, date

Duration of data processing: end of session, or up to 365 days after session ends (mobile version tracking cookie, cart memory cookie)

Cookies in the following browsers may be managed by clicking the link:

• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Chrome: https://support.google.com/chrome/answer/95647
• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  
  

1. Functional (essential, necessary) cookies
   
   

Cookies facilitating usability, such as site navigation, access to restricted areas, ensure the proper functioning of our site.

Purpose of data processing: tracking a website visit session

Legal basis for data processing: Data Subject’s consent (Regulation Article 6(1)(a))

Name of Data Controller’s legitimate interest (if legal basis is legitimate interest): legitimate interest in full functionality of store

Duration of data processing: As a rule, for as long as the Data Subject is actively browsing the website, i.e., processing ends with session end, in some cases, may last longer.

2. Analytical (statistical) cookies - (_ga and _ga_)
   
   

Purpose of data processing: statistical purpose, i.e., assessing visitor behavior without personal identification

Legal basis for data processing: Data Subject’s consent (Regulation Article 6(1)(a))

Duration of data processing: last website visit + 2 years

3. Advertising cookies
   
   

Scope of processed data: no personal data at Data Controller

Purpose of data processing: marketing targeting and advertising based on website visit and activity

Legal basis for data processing: Data Subject’s consent (Regulation Article 6(1)(a))

Duration of data processing: last visit +180 days for Facebook cookies, last visit +360 days for Google

Categories of recipients of personal data: none

What are the consequences if data is not provided?: The Data Controller cannot display personalized ads for you on Google or Facebook.

IP logging for web server operator by IP identification

Scope of processed data: IP address

Purpose of data processing: defense against attacks on the website or post-attack investigation

Legal basis for data processing: legitimate interest (Regulation Article 6(1)(f))

Name of Data Controller’s legitimate interest (if legal basis is legitimate interest): Data Controller’s interest in secure website operation and protection of business secrets, post-attack investigation, prevention of crimes

Duration of data processing: 1 year from your last website visit

Categories of recipients of personal data: web server operator partner

Special information about cookies in our web store For further information on cookie processing, see: https://gdpr.eu/cookies/