Privacy Policy

Date of acceptance: 2025.11.11.

 

Data Controller

Name: Piller Ábel ev.

Registered office: 8521 Nagyacsád, Széchenyi utca 63.

Correspondence address, complaint handling: 8521 Nagyacsád, Széchenyi utca 63.

E-mail: crescentbudapest@gmail.com

Phone number: +36 20 431 3560

Website: https://www.crescent.hu/

 

Description of data processing carried out during the operation of the webshop

This document contains all relevant data processing information regarding the operation of the webshop, based on Regulation (EU) 2016/679 of the European Union (hereinafter: Regulation, GDPR) and Act CXII of 2011 (hereinafter: Infotv.).

 

Information on the use of cookies

 

What is a cookie?

The Data Controller uses so-called cookies during visits to the website. A cookie is a package of information consisting of letters and numbers, sent by our website to your browser with the aim of saving certain settings, facilitating the use of our website, and contributing to the collection of relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying individual users, while others contain an individual identifier - a secret, randomly generated string of numbers - stored by your device, thereby ensuring your identifiability. The operating duration of each cookie is specified in the relevant description of each cookie.

Legal background and legal basis of cookies:

Basically, we distinguish three types of cookies: strictly necessary cookies, which serve the proper functioning of the Website, and statistical and marketing cookies.

The legal basis for data processing is your consent, based on Article 6 (1) (a) of the Regulation, for statistical and marketing cookies, and the legitimate interest necessary to ensure the operation of the Website, according to Article 6 (1) (f) of the Regulation, for strictly necessary cookies.

 

Main characteristics of cookies used by the website:

Strictly necessary cookies:

If you do not accept the use of these cookies, certain functions may not be available to you.

Session cookie: These cookies store the visitor's location, browser language, and payment currency. Their lifespan is until the browser is closed, or a maximum of 2 hours.

Age-restricted content cookie: These cookies record the approval of age-restricted content and that the person concerned is over 18 years old. Their lifespan is until the browser is closed.

Recommended products cookie: Records the list of products to be recommended for the "recommend to a friend" function. Its lifespan is 60 days.

Mobile version, design cookie: Detects the visitor's device and switches to full view on mobile. Its lifespan is 365 days.

Cookie acceptance cookie: Upon arrival on the page, the user accepts the statement about cookie storage in the warning window. Its lifespan is 365 days.

Log out #2 cookie: According to option #2, the system logs out the visitor after 90 days. Its lifespan is 90 days.

Backend identifier cookie: Identifier of the backend server serving the site. Its lifespan is until the browser is closed.

Statistical cookies:

Google Analytics cookie: Google Analytics is a web analytics tool from Google that helps website and application owners understand how their visitors engage with their properties. The service may use cookies to collect information and report website usage statistics without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to generating reports on website usage statistics, Google Analytics – in conjunction with some of the advertising cookies described above – can also be used to show more relevant ads on Google products (like Google Search) and across the internet.

Referer cookies: These record from which external page the visitor arrived at the site. Their lifespan is until the browser is closed.

Last viewed product cookie: Records the products last viewed by the visitor. Their lifespan is 60 days.

Last viewed category cookie: Records the last viewed category. Its lifespan is 60 days.

Shopping cart cookie: Records the products placed in the shopping cart. Its lifespan is 365 days.

Smart offer cookie: Records the conditions for displaying smart offers (e.g., whether the visitor has been on the site before, whether they have an order). Its lifespan is 30 days.

Marketing cookies:

Google Adwords cookie: When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies – such as NID and SID cookies – to customize ads shown in Google products, such as Google Search. These cookies are used, for example, to remember your most recent searches, your previous interactions with an advertiser's ads or search results, and your visits to advertisers' websites. AdWords conversion tracking uses cookies. To track sales and other conversions resulting from an ad, it stores cookies on the user's computer when that person clicks on an ad. Some common uses of cookies include: selecting ads based on what is relevant to the user, improving performance reports for campaigns, and avoiding displaying ads that the user has already seen.

Facebook pixel (Facebook cookie): The Facebook pixel is a piece of code that helps create reports on conversions on the website, build custom audiences, and provides detailed analytical data to the page owner about visitors' website usage. With the help of the Facebook pixel, personalized offers and advertisements can be displayed to website visitors on the Facebook platform. You can find Facebook's data policy here: https://www.facebook.com/privacy/explanation

More information about deleting cookies can be found at the following links:

Google Consent Mode v2

The Data Controller has integrated Google Consent Mode v2 into its website and manages consents and rejections through its cookie panel based on the new version. According to Google Consent Mode v2, Google will use two additional flags in addition to the previous two (analytics_storage, ad_storage) for storing and reading cookies for statistical and advertising purposes:

  • ad_user_data: Any user data that can be sent to Google for advertising purposes.
  • ad_personalization: User data can be used for personalized advertising purposes, such as remarketing.

The function of these two switches is to determine whether storing and reading cookies for statistical and advertising purposes is permitted.

 

 

Data processed for contract conclusion and fulfillment

Several data processing cases may occur for contract conclusion and fulfillment. Please be informed that data processing related to complaint handling, warranty administration only takes place if you exercise one of the aforementioned rights.

If you do not make a purchase through the webshop, but are only a visitor to the webshop, the provisions regarding marketing data processing may apply to you if you provide marketing consent to us.

Data processing for contract conclusion and fulfillment in more detail:

Contact

For example, if you contact us with a question about a product via email, contact form, or phone. Prior contact is not mandatory; you can order from the webshop at any time without it.

Processed data
Name, Address, Phone number, Email address

Duration of data processing
The data will only be processed until the completion of the contact.

Legal basis for data processing

Your voluntary consent, which you provide to the Data Controller by contacting us. [Data processing according to Article 6 (1) (a) of the Regulation]

Website registration

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g., the data of the person concerned does not need to be re-entered for a new purchase). Registration is not a condition for concluding the contract.

Processed data
During data processing, the Data Controller processes your name, address, phone number, email address, the characteristics of the purchased Goods, and the date of purchase.

Duration of data processing
Until the withdrawal of your consent.

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by registering [Data processing according to Article 6 (1) (a) of the Regulation]

Order processing

During order processing, data processing activities are necessary for the performance of the contract.

Processed data
During data processing, the Data Controller processes your name, address, phone number, email address, the characteristics of the purchased Goods, the order number, and the date of purchase.

If you have placed an order in the webshop, then data processing and providing data are essential for the performance of the contract.

Duration of data processing
We process the data for 5 years according to the civil law statute of limitations.

Legal basis for data processing
Performance of the contract. [Data processing according to Article 6 (1) (b) of the Regulation]

Issuing the invoice

The data processing is carried out to issue an invoice in accordance with legal requirements and to fulfill the obligation to retain accounting documents. According to Section 169 (1)-(2) of the Accounting Act, economic societies must retain accounting documents directly and indirectly supporting accounting records.

Processed data
Name, address, email address, phone number.

Duration of data processing
Invoices issued must be retained for 8 years from the date of issue, according to Section 169 (2) of the Accounting Act.

Legal basis for data processing
According to Section 159 (1) of Act CXXVII of 2007 on value-added tax, issuing an invoice is mandatory, and according to Section 169 (2) of Act C of 2000 on accounting, it must be retained for 8 years [Data processing according to Article 6 (1) (c) of the Regulation].

Data processing related to goods delivery

Data processing is carried out for the purpose of delivering the ordered product.

Processed data
Name, address, email address, phone number.

Duration of data processing
The Data Controller processes the data until the ordered goods are delivered.

Legal basis for data processing
Performance of the contract [Data processing according to Article 6 (1) (b) of the Regulation].

Recipients and data processors of data processing related to goods delivery

Name of the recipient: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.

Registered office of the recipient: 2351 Alsónémedi, GLS Európa u. 2.

Phone number of the recipient: 06-29-88-67-00

Email address of the recipient: info@gls-hungary.com

Website of the recipient: https://gls-group.eu/HU/hu/home

 

The courier service, based on a contract with the Data Controller, participates in the delivery of the ordered goods. The courier service processes the personal data it receives according to the data processing information available on its website.

 Data processing for the storage of personal data

Name of the data processor: Shopify Inc.

Contact details of the data processor: support@shopify.com

Website: https://www.shopify.com

The Data Processor stores personal data based on a contract with the Data Controller. It is not entitled to access personal data.

Handling of warranty and guarantee claims

Warranty and guarantee claims must be handled according to the rules of NGM Decree 19/2014. (IV. 29.), which also defines how your claim should be handled.

Processed data

When handling warranty and guarantee claims, we must proceed according to the rules of NGM Decree 19/2014. (IV. 29.).

Based on the decree, we are obliged to draw up a record of your reported warranty or guarantee claim, in which we record:

  1. your name, address, and your statement that you consent to the processing of your data recorded in the record as specified in the decree,
  2. the name and purchase price of the movable property sold under the contract between you and us,
  3. the date of performance of the contract,
  4. the date of reporting the defect,
  5. a description of the defect,
  6. the right you wish to enforce based on your warranty or guarantee claim, and
  7. the manner of settling the warranty or guarantee claim, or the reason for rejecting the claim or the right you wish to enforce based on it.

If we take over the purchased Goods from you, we must issue a receipt, which must include:

  1. your name and address,
  2. data necessary for identifying the item,
  3. the date of receipt of the item, and
  4. the date when you can collect the repaired item.

Duration of data processing
The business is obliged to retain the record of the consumer's warranty or guarantee claim for three years from its date of creation and to present it at the request of the inspecting authority.

Legal basis for data processing
The legal basis for data processing is compliance with legal obligations under NGM Decree 19/2014. (IV. 29.) [Sections 4 (1) and 6 (1)] [Data processing according to Article 6 (1) (c) of the Regulation].

 

 

Handling of other consumer protection complaints

Data processing is carried out for the purpose of handling consumer protection complaints. If you have submitted a complaint to us, then data processing and providing data are essential.

Processed data
Customer's name, phone number, email address, content of the complaint.

Duration of data processing
Consumer protection complaints are retained for 3 years based on the Consumer Protection Act.

Legal basis for data processing
Whether you file a complaint with us is your voluntary decision; however, if you do, we are obliged to retain the complaint for 3 years based on Section 17/A (7) of Act CLV of 1997 on consumer protection [Data processing according to Article 6 (1) (c) of the Regulation].

 

Data processed in connection with the provability of consent

During registration, ordering, and newsletter subscription, the IT system stores IT data related to consent for later proof.

Processed data
Date of consent and the IP address of the data subject.

Duration of data processing
Due to legal requirements, consent must be verifiable later, so the data storage period is for the statute of limitations following the termination of data processing.

Legal basis for data processing
This obligation is stipulated by Article 7 (1) of the Regulation. [Data processing according to Article 6 (1) (c) of the Regulation]

Marketing data processing

Data processing related to newsletter sending

Data processing is carried out for the purpose of sending newsletters.

Processed data
Name, address, email address, phone number.

Duration of data processing
Until the data subject withdraws their consent.

Legal basis for data processing
Your voluntary consent, which you provide to the Data Controller by subscribing to the newsletter [Data processing according to Article 6 (1) (a) of the Regulation.

 

Data processing related to sending and displaying personalized advertisements

Data processing is carried out for the purpose of sending advertising content tailored to the interests of the data subject.

Data processed
Name, address, email address, phone number.

Duration of data processing
Until your consent is withdrawn.
Legal basis for data processing

Your voluntary, specific consent, which you provide to the Data Controller during data collection [data processing according to Article 6 (1) (a) of the Regulation]

Remarketing

Data processing as remarketing activity is carried out with the help of cookies.

Data processed
Data processed by cookies as defined in the cookie policy.

Duration of data processing
The data storage period of the specific cookie, more information available here:

Google general cookie policy:
https://www.google.com/policies/technologies/types/

Google Analytics policy:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook policy:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data processing
Your voluntary consent, which you give to the Data Controller by using the website [data processing according to Article 6 (1) (a) of the Regulation].

Prize draw

The data processing process takes place for the purpose of conducting the prize draw.

Data processed
Name, email address, phone number.

Duration of data processing
The data will be deleted after the prize draw has concluded, with the exception of the winner's data, which the Data Controller is obliged to retain for 8 years in accordance with the Accounting Act. 

Legal basis for data processing
Your voluntary consent, which you give to the Data Controller by using the website. [data processing according to Article 6 (1) (a) of the Regulation]

Data processing related to invoicing

Name of data processor: KBOSS.hu Kft.

Registered office of data processor: 1031 Budapest, Záhony utca 7/D.

Phone number of data processor:  

Email address of data processor: info@szamlazz.hu

Website of data processor: https://www.szamlazz.hu/

The Data Processor participates in the recording of accounting documents based on a contract concluded with the Data Controller. In doing so, the Data Processor processes the name and address of the data subject to the extent necessary for accounting records, for the period specified in Section 169 (2) of the Accounting Act, after which it deletes them.

Data processing related to online payment

Name of data controller: Shopify Payments

Registered office of data controller: 

Phone number of data controller: 

Email address of data controller: support@shopify.com

Website of data controller: https://www.shopify.com/

Based on a contract concluded with the Data Controller, the payment service provider participates in the execution of online payment, for which purpose data is transferred to the online payment service provider during the purchase process. In doing so, the online payment service provider processes the billing name and address of the data subject, the order number and date according to its own data processing rules.

Purpose of data transfer: to provide the online payment service provider with the transaction data necessary for the payment operation initiated by them in connection with the purchase.

Legal basis for data transfer: performance of the contract concluded between you and the Data Controller based on Article 6 (1) (b) of the Regulation, which includes payment by the buyer, and in the case of online payment, data transfer as per this point is necessary for the payment.

Your rights during data processing

Within the duration of data processing, you have the following rights according to the provisions of the Regulation:

  • right to withdraw consent
  • right of access to personal data and information related to data processing
  • right to rectification
  • right to restriction of processing,
  • right to erasure
  • right to object
  • right to data portability.

If you wish to exercise your rights, it will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, personal data will be required for identification (but identification can only be based on data that the Data Controller already processes about you), and your data processing complaints will be available in the Data Controller's email account within the period specified in this policy for complaints.

If you were our customer and wish to identify yourself for complaint handling or warranty handling, please provide your order ID for identification. Using this, we can also identify you as a customer.

The Data Controller will respond to data processing complaints within 30 days at the latest.

 

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, in which case the provided data will be deleted from our systems. However, please note that in the case of an unfulfilled order, withdrawal may result in us not being able to deliver to you. Furthermore, if the purchase has already taken place, according to accounting regulations, we cannot delete invoicing-related data from our systems, and if you have an outstanding debt to us, we may process your data even if consent is withdrawn, based on our legitimate interest in collecting the debt.

 

Right of access to personal data

You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to:

  • access the personal data processed and
  • be informed by the Data Controller about the following:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • information on the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Data Controller;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • your right to request from the Data Controller rectification or erasure of personal data or restriction of processing concerning you, and, in the case of processing based on legitimate interest, to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from you, any available information as to their source;
  • the existence of automated decision-making (if such a procedure is applied), including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising the right may be to establish and verify the lawfulness of the data processing, therefore, in the case of multiple requests for information, the Data Controller may charge a reasonable fee for fulfilling the information request.

The Data Controller ensures access to personal data by sending the processed personal data and information to you via email after your identification. If you have a registration, we provide access by allowing you to view and check your personal data processed about you by logging into your user account.

Please indicate in your request whether you are requesting access to personal data or information related to data processing.

 

Right to rectification

You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you.

 

Right to restriction of processing

You have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data, for a period enabling the Data Controller to verify the accuracy of the personal data; if the accurate data can be immediately determined, no restriction will be applied;
  • the processing is unlawful and you oppose the erasure of the personal data for any reason (e.g., because the data are important to you for legal claims), and therefore request the restriction of their use instead of their erasure;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to processing, but the Data Controller's legitimate interest may also justify the processing; in this case, until it is verified whether the legitimate grounds of the Data Controller override your grounds, the processing must be restricted.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

The Data Controller will inform you in advance (at least 3 working days before the lifting of the restriction) of the lifting of the restriction of processing.

 

Right to erasure - right to be forgotten

You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Data Controller;
  • you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
  • you object to processing based on legitimate interest, and there are no overriding legitimate grounds (i.e., legitimate interest) for the processing;
  • the personal data have been unlawfully processed by the Data Controller and this has been established based on the complaint;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.

If the Data Controller has made the personal data concerning you public for any legitimate reason, and is obliged to erase it for any of the reasons specified above, it shall take reasonable steps, including technical measures, taking into account available technology and the cost of implementation, to inform other controllers processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject (such as data processing within the framework of invoicing, as the retention of invoices is prescribed by law), or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for the establishment, exercise or defence of legal claims (e.g., if the Data Controller has a claim against you that has not yet been fulfilled, or if a consumer or data processing complaint is pending).

 

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interest. In this case, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

 

Right to data portability

Where processing is carried out by automated means, or if the processing is based on your voluntary consent, you have the right to request from the Data Controller that the data you have provided to the Data Controller be made available to you by the Data Controller in xml, JSON, or csv format, if technically feasible, you may request that the Data Controller transmit the data in this format to another controller.

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In these cases, the Data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

The above do not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and the Data Controller;
  • is authorised by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

Registration in the data protection register

According to the provisions of the Info Act, the Data Controller had to register certain data processing activities in the data protection register. This registration obligation ceased on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures to protect personal data from unauthorized access, alteration, transfer, disclosure, erasure or destruction, as well as from accidental destruction and damage, and from becoming inaccessible due to changes in the technology used.

The Data Controller makes every effort, within organizational and technical possibilities, to ensure that its Data Processors also take appropriate data security measures when handling your personal data.

Legal remedies

If you believe that the Data Controller has violated any legal provision regarding data processing or has not fulfilled any of your requests, you may initiate an investigation procedure by the National Authority for Data Protection and Freedom of Information to terminate the presumed unlawful data processing (mailing address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu, phone numbers: +36 (30) 683-5969 +36 (30) 549-6838; +36 (1) 391 1400).

Furthermore, we inform you that in case of violation of legal provisions regarding data processing, or if the Data Controller has not fulfilled any of your requests, you may initiate a civil lawsuit against the Data Controller before a court. 

Amendment of the data processing policy

The Data Controller reserves the right to amend this data processing policy in a way that does not affect the purpose and legal basis of data processing. By continuing to use the website after the amendment takes effect, you accept the amended data processing policy.

If the Data Controller intends to carry out further data processing with the collected data for a purpose other than the purpose for which they were collected, it shall inform you about the purpose of the data processing and the following information prior to the further data processing:

  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • your right to request from the Data Controller access to and rectification or erasure of personal data or restriction of processing concerning you, and, in the case of processing based on legitimate interest, to object to the processing of personal data, and, in the case of processing based on consent or contractual relationship, to request the right to data portability;
  • in the case of processing based on consent, that you have the right to withdraw consent at any time;
  • the right to lodge a complaint with a supervisory authority;
  • whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data;
  • the existence of automated decision-making (if such a procedure is applied), including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Data processing can only commence thereafter; if the legal basis for data processing is consent, you must also consent to the data processing in addition to being informed. 

Delivery to post office and parcel point

Please note that Magyar Posta Zrt. identifies the addressee according to the currently valid data processing policy, and therefore may request your personal data at the time of delivery for postal or parcel point collection.