Armin Trade Kft. - hereafter referred to as the "Entrepreneur", shall comply with the obligation to provide prior information required for the processing of personal data by the data subjects concerned by the disclosure of REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, as required by the relevant Articles of this Regulation, each piece of information shall be made available to those concerned by data in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner.


  1. Controller

ARMIN TRADE Kft. (Headquarters: 4024 Debrecen, Kossuth utca 22. 2. em. 4., represented by: Zoltán Herbák managing director)

Phone number: + 36 52 794 696

email address:


  1. Purpose of personal data processing:

The purpose of creating a personal account is to place orders on the webshop, fulfill orders, keep contact. Enhance the user experience. Facilitate the placement of the next order. Save your favourite products.

  1. Scope of processed data:

Name, mail/invoicing address, e-mail address, phone number (to place an order), other data related to performing the contract, products used and the related services (e.g. invoicing, favourite products)

  1. Legal basis of data processing:

necessary for performance of the contract [Article 6 (1) b) of the GDPR, maintaining the personal account is based on the consent by the data subject [Article 6 1 (a) of the GDPR], the legal basis of processing the invoicing data is the compliance with a legal obligation to which the controller is subject in accordance with Article 6 (1) c) of the GDPR, Section 169 of VAT Act

  1. Period of storage of personal data

Until the deletion of the personal account or the retrieval of the consent

The period of processing of invoice data is 8 years in accordance with Section 169 (2) of Accounting Act.

  1. Engaging another processor:

Tárhely.Eu Service Provider Kft.

Headquarters: 1144 Budapest, Ormánság utca 4. X. em. 241.

Company reg. no: 01-09-909968

Tax number: 14571332-2-42


Name / company name:    Zsolt Szabó private entrepreneur

Tax number:    68115173-1-29

Headquarters:    4026, Debrecen, Bethlen u. 54. fsz/4



Name / company name:    Tamás Edwin Heveli private entrepreneur

Tax number:    68113913-1-29

Headquarters:    4031, Debrecen, Sárkány utca 9



  1. Circle of persons entitled to know the data:

Co-workers of the controller who processes purchase orders.

  1. Rights of data subjects:

GDPR includes your data protection rights and legal remedies in detail. You can anytime request information on your data, you can anytime request the rectification, erasure or restriction of processing your data, you can object against data processing (contact data) based on legitimate interest. Below the most important provisions are summarised.

Right to information: If the controller processes personal data concerning you, the controller shall provide you with information, even if you do not request this, such as the most important characteristics of data processing, the purposes, legal basis, period of data processing, the person and contact details of the controller and its representative (in the case of transfer to third countries with reference to the appropriate or suitable safeguards), in the case of data processing based on legitimate interest about the legitimate interest of the controller and/or the third party, and your rights and legal remedies related to data processing (including the right to submit a complaint with the supervisory authority), if you do not yet possess that information.

The controller provides you with the information by making the present information note available to you.

Right to access: You shall have the right to receive a feedback from the controller concerning whether your personal data are being processed or not and if they are being processed, you shall have the right to obtain access to the personal data and specific pieces of information in connection with the data processing including the purpose of data processing, the categories of personal data of the data subject, the recipients of personal data, the (planned) period of data processing, the rights and legal remedies of the data subject and in the case of data gathered from the data subject the pieces of information referring to the source thereof. On your request, the controller provides you with a copy of the personal data undergoing processing. The controller may charge you with a reasonable fee for further copies requested by you that are based on administrative costs. The right to obtain a copy may not adversely affect the rights and freedoms of others. You shall be informed about the possibility of obtaining a copy, its form, its possible costs and other details by the controller on your request.

Right to rectification: You shall have the right to make the data processor rectify the inaccurate personal data concerning you without undue delay. Taking into account the purpose of the data processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure: You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay if specific conditions apply. Among others, if the controller shall erase your personal data on your request if the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; you withdraw consent to which the processing is based and there are no overriding legitimate grounds for the processing; or your personal data have been unlawfully processed; you object against the processing and there are no legitimate reasons for the processing; the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject; the personal data have been collected in relation to the offer of information society services.

Right to restriction of processing: You have the right to require the controller to restrict processing if one of the following conditions applies: a) you dispute the accuracy of your personal data; in which case processing may be restricted during the period it takes for the controller to verify the accuracy of the data; b) the processing is unlawful and you object against the deletion of the personal data and request a restriction of the use of the personal data instead; c) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or d) you have objected against the data processing for the period until it is determined that the legitimate interests of the controller overrides your legitimate interests. In case the processing of your personal data was subject to restriction, and notwithstanding their storage, such data shall only be processed with your consent or for the establishment, exercise, or defense of claims or for the procurement of the protection of rights of a natural or legal person or for purposes of an important public interest of the European Union or a member state.

In case the restriction of processing has been executed in accordance with the above, you shall be informed by the controller prior to the cancellation of such restriction.

Right to data portability: you can receive the originally provided personal data in readable format to transfer the data to another service provider (controller). You can request the transfer of the data to the new controller directly.

Right to complain:

The controller provides the requested information without undue delay but within one month from the receipt of the request at the latest about the measures taken based on your request related to your rights listed previously. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller informs you as to any such extension within one month as of receipt of the request, stating the reasons for the delay. If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of you lodging a complaint with the competent data protection supervisory authority (in Hungary the Hungarian National Authority for Data Protection, NAIH) and you can be seeking a judicial remedy. (Contact details of NAIH: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Tel: +36 1391 1400, E-mail: In the event of violation of your rights, you may seek ruling from a court. The proceedings fall within the jurisdiction of the General Court (Regional court in Hungary). If requested by the data subject, the action may also be brought before the general court in whose jurisdiction the home address or temporary residence of the data subject is located. You may claim any damage caused to you as a result of unlawful processing (including any breach of data security measures) from the controller liable for the damage caused.

  1. Transfers of personal data to a third country or an international organisation

Not appropriate.

  1. Automated decision-making, profiling

Not appropriate.

  1. Data security measures: The controller shall plan and perform data processing so that the privacy of the data subjects is protected when applying the provisions of the GDPR and other provisions related to data processing. The controller ensures the security of the data, furthermore, takes technical and organisational measures and establishes the procedural rules necessary to enforce GDPR and other data protection and confidentiality regulations. The data is protected using the appropriate actions, particularly against unauthorised access, alteration, forwarding, disclosure, deletion or destruction as well as accidental destruction and damage, furthermore becoming inaccessible due to the change in the applied technique. In this, the company shall store the personal data of the data subject in a password-protected and/or encrypted database. The company shall provide a risk-proportionate level of protection of data via firewalls and antivirus programs. It monitors data protection incidents continuously. The controller stores the completed questionnaires on its own server electronically.