Welcome to the DENV-AIR Kft. website!

Opening hours: Mon - Fri 8:00 AM - 4:00 PM
+36 (1) 226-6527
1116 Budapest, Nádudvar utca 12.
denvair@denvair.hu

🔒 PRIVACY POLICY

(DENV-AIR Ipari Kft. – denvair.hu)

This Privacy Policy is adopted to provide natural persons using our services and representatives of legal entities (hereinafter: Users) with all essential information and notices in a concise, transparent, intelligible, and easily accessible form, clearly and comprehensibly worded, and to assist Clients in exercising their rights set out in Section 4.

The basis for preparing this Privacy Policy is Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), applicable from May 25, 2018, Section 16(5) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.), and Section 13/A of Act CVIII of 2001 on Electronic Commerce Services and Information Society Services (Ekertv.).

This Privacy Policy has been prepared taking into account the GDPR, the Infotv., and other relevant legislation applicable to specific data processing activities.

1. Data Controller Information and Contact Details

DescriptionData
Company Name (Data Controller)DENV-AIR Ipari Kft.
Registered Office1114 Budapest, Nadudvar utca 12.
Business Premises9028 Győr, Sági út 5
Company Registration Number01 09 676670
Tax Number1785835-2-43
Emailinfo@denvair.hu
Phone Number+36 96 528 987
Websitedenvair.hu

2. Purpose and Legal Basis of the Privacy Policy

Key legislation considered in developing this Privacy Policy (detailed in Annex 1):

  • GDPR: Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data.
  • Infotv.: Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
  • Ptk.: Act V of 2013 on the Civil Code.
  • Számv. tv.: Act C of 2000 on Accounting.
  • Ekertv.: Act CVIII of 2001 on Electronic Commerce Services.

3. Data Processing Activities on the Website

This section details the essential circumstances for each data processing activity as required by the GDPR and relevant sectoral legislation.

3.1. Data Processing Related to Contact Requests

  • Data Processed: Email address, phone number, content of inquiry.
  • Purpose of Processing: User identification, contacting the User.
  • Legal Basis: Processing based on legal obligation (pursuant to Article 6(1) and (2) of the GDPR, Section 5(1) of the Infotv., and Section 13/A(1)-(3) of the Ekertv.). 5. § (1) and Section 13/A(1)-(3) of the Ekertv.).
  • Retention Period: 1 year following the contact request.
  • Processing Method: Electronic format.

3.2. Data Processing Related to Newsletter Subscription (Direct Marketing)

  • Data Processed: Email address, subscription date.
  • Purpose of Processing: Sending electronic advertising (e.g., promotions, news).
  • Legal Basis: User’s voluntary consent (Article 6(1)(a) of the GDPR).
  • Retention Period: Until consent is withdrawn (unsubscription).

3.3. Data Processing Related to Online Orders and Contracts

  • Data Processed: Name, phone number, email address, billing address, business premises/on-site pickup location, order details, payment method.
  • Purpose of Processing: Contract preparation, conclusion, and performance, on-site pickup of products, invoicing, compliance with legal obligations.
  • Legal Basis: Performance of contract (Article 6(1)(b) of the GDPR) and compliance with legal obligation (Article 6(1)(c) of the GDPR).
  • Retention Period: 8 years following contract termination (due to accounting requirements) and until the expiration of the limitation period (5 years).

3.4. Data Processing Related to Cookie Use

  • Data Processed: IP address, browser data, visit timestamp, navigation path.
  • Purpose of Processing: Stable website operation, enhanced user experience, statistical analysis, and marketing.
  • Legal Basis: Necessary cookies: Data Controller’s legitimate interest (Article 6(1)(f) of the GDPR). All other cookies: User’s voluntary consent (Article 6(1)(a) of the GDPR).
  • Retention Period: Depending on cookie type, until end of session or up to 2 years maximum.

4. Data Processors and Potential Data Recipients

Personal data provided during website use may be accessed by the hosting provider as a data processor.

Data Processor ActivityName/TypeType of Data Processed
Hosting ServicesRackhost Zrt.Email address, phone number, log data.
Online Payment Service ProviderStripe / SimplePayTransaction ID, transaction timestamp.
Newsletter Distribution SystemBrevoEmail address, subscription data.
Web AnalyticsGoogle Ireland Limited (Google Analytics)IP address (anonymized), browser data.
Tax AuthorityNational Tax and Customs AdministrationContract-related billing data.
Web Designer and MarketingBoostYourBiz.ai(Data required for marketing tasks)

5. What Rights Do Users Have?

It is important to us that our data processing complies with the requirements of fairness, lawfulness, and transparency. Users may request free information about the details of their personal data processing, and may request rectification, erasure, restriction of processing, or blocking of such data, and may object to the processing of such personal data.

Requests may be submitted using the contact details provided in Section 2.

5.1. Data Subject Rights

  • Right of Access (Article 15 of the GDPR): You may receive confirmation regarding the processing of your personal data and access such data and details of their processing.
  • Right to Rectification (Article 16 of the GDPR): Upon request, we will rectify inaccurate personal data without undue delay, and you may request completion of incomplete data.
  • Right to Erasure (Article 17 of the GDPR): Upon request, we will erase data if we no longer need to process them, or if you withdraw consent, or object to data processing.
  • Right to Be Forgotten: Upon request for erasure, we will endeavor to notify all data controllers who may have accessed or become aware of your publicly disclosed data.
  • Right to Restriction of Processing (Article 18 of the GDPR): Upon request, we will restrict processing if the accuracy of personal data is contested or if processing is unlawful.
  • Right to Data Portability (Article 20 of the GDPR): You may receive your personal data provided to us in a structured, commonly used, machine-readable format, and may transmit such data to another data controller.

5.2. Response to Requests

  • We will examine requests within the shortest possible time from submission, but no later than 30 days (15 days in case of objection), and provide written notification of our decision.
  • Information and actions are provided free of charge.
  • If a User’s request is manifestly unfounded or excessive, particularly if repetitive, we may charge a reasonable fee or refuse to act on the request.
  • We will notify all recipients with whom we have shared User data of any rectification, erasure, or restriction of processing, unless this proves impossible or requires disproportionate effort.

5.3. Legal Remedies

  • Judicial Remedy: You may enforce your rights before a court pursuant to Act V of 2013 on the Civil Code (proceedings may be initiated before the regional court having jurisdiction over the User’s place of residence or habitual residence).
  • NAIH Complaint: You may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH). (Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c).
  • Before resorting to regulatory or judicial enforcement, we kindly request that you contact us to lodge a complaint so that any conflicts may be resolved amicably.

6. Data Security

We implement all technical and organizational security measures necessary to ensure data security. Only our employees and those of data processors are authorized to access personal data, to the extent necessary to perform their job-related duties.

6.1. Organizational Measures

  • Access allocation follows the principle of necessary and sufficient rights.
  • IT systems and services may only be used by employees to the extent necessary to perform their duties.

6.2. Technical Measures

  • Data is stored on our own equipment in a data center.
  • IT equipment storing data is kept in a separate locked server room, protected by a multi-level access control system with authorization verification.
  • We protect our internal network with multi-level firewall protection.
  • Data is stored redundantly (in multiple locations) to protect against failure, destruction, or loss.
  • The Website uses HTTPS protocol, which provides a higher level of data security compared to HTTP protocol.
  • During development, we implement systems in which operations performed can be controlled and tracked through logging, and incidents can be detected.

7. Other Provisions

7.1. Data Breach

  • In the event of a data breach, we are obligated to act in accordance with Articles 33 and 34 of the GDPR.
  • We maintain records of data breaches, documenting the facts related to the incident, its effects, and remedial measures taken.

7.2. Amendment of Privacy Policy

  • We reserve the right to unilaterally amend this Privacy Policy at any time.

8. Annexes

8.1. 1. Annex 1: Applicable Legislation

In developing this Privacy Policy, the Data Controller has taken into account applicable legislation and key international recommendations.

  • Act CXXX of 2016 on the Code of Civil Procedure (Pp.)
  • Act CLV of 1997 on Consumer Protection (Fogyvtv.)

Date: November 11, 2025

DENV-AIR Kft.