Privacy Notice

Purpose of this Privacy Notice

The purpose of this Privacy Notice (hereinafter: the "Notice"Notice”) is to set out the data protection and data management principles and policies applied by INNO-SWEETS Private Limited Company (Company Registration Number: 01-10-140940; Tax Number: 28738440-2-41; Registered Office: 1039 Budapest, Attila utca 92. Building A; hereinafter collectively: the "Controller”), which the Controller acknowledges as binding upon itself.

This Notice contains the principles of personal data processing for users visiting the Website operated by the Controller (as defined below), as well as for natural persons who inquire about the Controller’s services via the Website, by email, telephone, or other means (hereinafter collectively: "Data Subject" or "Data Subjects").

In formulating the provisions of this Privacy Notice, the Controller paid special attention to Regulation (EU) 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), as well as Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information ("Infotv.").

Definitions

Data Processing: Any operation or set of operations performed on personal data or data files, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller, Joint Controllers: The person who alone or jointly with others determines the purposes and means of the processing of personal data. If the purposes and means are determined jointly by two or more controllers, they are considered joint controllers.

Personal Data: Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data Protection Incident: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller. Under this Notice, the following may act as Processors:

  • UP Advertising Kft., 1022 Budapest, Bimbó út 82.
  • Proweb Internet Kft., 1026 Budapest, Pasaréti út 23/a.
  • Macademia Kft., 1071 Budapest, Damjanich u. 19.
  • ACtive-IT Kft., 1086 Budapest, Csobánc utca 8. 1. em. 7.

Website: The website operated by the Controller at nuance-gelato.com.

Data Processed by the Controller, Purpose, Legal Basis, and Duration of Processing

Contact

Contact, inquiries, and requests regarding the Controller’s services may be made via the Website, telephone, or other means.

Personal data processed:

  • Name
  • Email address
  • Telephone number
  • Subject and content of the message

Purpose: To manage, administer, and respond to inquiries. The Controller does not use the provided personal data for purposes other than those specified herein.

Duration: Until the purpose of processing is fulfilled (i.e., the inquiry is managed or the Data Subject withdraws consent), unless another legal basis requires further processing.

Joining as a Partner

Submission of data for joining as a partner via the designated interface on the Website.

Personal data processed:

  • Name
  • City
  • Email address
  • Telephone number

Purpose: To conduct the approval process for seeking partners.

Legal basis: The Data Subject’s consent, which may be withdrawn at any time as above.

Duration: Until acceptance as a partner or withdrawal of consent, unless another legal basis requires further processing.

Cookies

Processing of data of Website visitors through the use of cookies. By visiting the Website, the Data Subject consents to the placement of cookies on their device, which assist in the Website’s operation and provide information about user behavior.

The Controller uses this information to improve the Website. Only anonymized and aggregated technical information is obtained via cookies, which cannot individually identify users.

Cookies are used until the Data Subject disables them in their browser settings, but at the latest until processing is necessary for the technical operation of the Website.

Profiling

The Controller does not employ automated decision-making or profiling based on the available data and does not use the data for direct marketing purposes.

Rights of the Data Subject and How to Exercise Them

The Data Subject may request information from the Controller as to whether their personal data is being processed and, if so, access to the personal data, with particular regard to:

  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • The right to request rectification, erasure, or restriction of processing, and to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • Where the data are not collected from the Data Subject, any available information as to their source
  • The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject

Requests for information regarding the processing of personal data may be made in writing to the Controller’s address by registered or return-receipt mail, or by email to office@nuance-gelato.com.

The Controller considers requests sent by mail authentic if the Data Subject can be clearly identified from the request. Email requests are considered authentic only if sent from the Data Subject’s registered email address.

The Data Subject may request rectification or amendment of their personal data processed by the Controller. Taking into account the purpose of processing, the Data Subject may request completion of incomplete data. Requests for modification may be made by email to the above address. Once a modification request is fulfilled, previous (deleted) data cannot be restored.

The Data Subject may request the erasure of their personal data processed by the Controller, except where processing is authorized by law or necessary for the establishment, exercise, or defense of legal claims. The Controller will always inform the Data Subject if a deletion request is denied, stating the reason. Once data is deleted, it cannot be restored.

The Data Subject may request restriction of processing if:

  • The accuracy of the personal data is contested, for a period enabling verification
  • The processing is unlawful and the Data Subject opposes erasure and requests restriction instead
  • The Controller no longer needs the data for processing, but the Data Subject requires it for legal claims
  • The Data Subject has objected to processing, pending verification of whether the Controller’s legitimate grounds override those of the Data Subject

The Data Subject may object to the processing of their personal data if:

  • Processing is necessary solely for compliance with a legal obligation or for the legitimate interests of the Controller or a third party
  • Processing is for direct marketing, public opinion, or scientific research purposes
  • Processing is carried out for the performance of a task in the public interest

The Controller will examine the merits of any objection and, if justified, cease processing and block the data, notifying all recipients to whom the data was previously disclosed.

Data Protection Incidents

In the event of a data protection incident likely to result in a high risk to the rights and freedoms of natural persons, the Controller will inform the Data Subject without undue delay. Notification is not required if:

  • The Controller has implemented appropriate technical and organizational protection measures, such as encryption, rendering the data unintelligible to unauthorized persons
  • The Controller has taken subsequent measures ensuring the high risk is unlikely to materialize
  • Notification would require disproportionate effort, in which case public communication or a similar measure will be used to inform Data Subjects effectively

Data Processing

The Controller uses the Processors named above for its activities. Processors do not make independent decisions and may act only under contract and instructions from the Controller. The Controller supervises the work of Processors. Processors may engage further processors only with the Controller’s consent.

Data Transfers

Transfers to the Processors specified in this Notice may be carried out without separate, case-by-case consent, as the Data Subject gives explicit and unambiguous consent by accepting this Notice. Disclosure of personal data to third parties or authorities is only permitted on the basis of a legal requirement or with the Data Subject’s prior, explicit consent, unless otherwise provided by law.

The Controller is entitled and obliged to disclose any personal data lawfully stored to the competent authorities if required by law or a binding official order. The Controller is not liable for such data transfers or their consequences.

For the purpose of verifying the lawfulness of data transfers and informing the Data Subject, the Controller maintains a data transfer register.

The Controller does not transfer personal data to third countries.

Legal Remedies

For any questions or comments regarding data processing, the Controller’s staff may be contacted at office@nuance-gelato.com.

The Data Subject may lodge a complaint regarding data processing directly with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; phone: +36-1-391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu).

In case of violation of rights, the Data Subject may seek judicial remedy. The case falls within the jurisdiction of the regional court. The action may, at the Data Subject’s choice, be brought before the court of the Data Subject’s place of residence or domicile. Upon request, the Controllers will inform the Data Subject of available remedies and means.

Budapest, 25 April 2025

Cookie settings

These cookies are absolutely necessary for the website to function and therefore cannot be turned off. These cookies are usually placed in response to user activity, such user activity can be the use of some service, the setting of data protection settings, logging in or filling out a form. You can disable these cookies in your browser or set a warning about their operation. If disabled, certain elements of the site will not work.
Collecting information about how our browser users use the website - by assessing which parts of our website they visit or use the most, so we can find out how to provide our users with an even better user experience when they visit the website again. For example, the device used for browsing and the type of browser.
To monitor the activities carried out on the website, so that the data controller can deliver messages about offers that are of particular interest to the data subject and that are important to him or her.

Our website uses cookies

We use cookies to ensure the proper functioning of our site. Our site only uses cookies that are necessary for the basic operation of the site.