PRIVACY POLICY
BERRIVIT Limited Liability Company
Version: 1.0
Effective: May 1, 2026
DATA CONTROLLER INFORMATION
Company Name: BERRIVIT Limited Liability Company
Abbreviated Company Name: BERRIVIT Kft.
Legal Form: Single-member limited liability company
Registered Office: 1013 Budapest, Pauler utca 11.
Company registration number: 01-09-455835
Tax ID number: 33039156-2-41
EU VAT number: HU33039156
Registering court: Company Registry of the Budapest Metropolitan Court
Representative / Managing Director: Richárd Király
Email:
berrivit@gmail.com
Phone number: +36 20 566 4758
(hereinafter: Data Controller)
The Data Controller declares that, in accordance with the GDPR, it will do everything in its power to ensure the lawful and secure processing of its customers’ data. Under the GDPR, the Data Controller is not required to appoint a Data Protection Officer (DPO); inquiries regarding data protection matters may be directed to the contact information provided above.
To ensure data protection, the ordering process is secured with SSL encryption.
1. LEGAL REFERENCES
Our data processing principles are in compliance with applicable data protection laws. The applicable laws are:
– Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) – Act CXII of 2011 on the Right to Self-Determination in Information and Freedom of Information (Infotv.) – Act V of 2013 on the Civil Code (Ptk.) – Act CVIII of 2001 on Electronic Commerce Services (Ekertv.) – Act XLVIII of 2008 on the Basic Conditions of Commercial Advertising Activities (Grtv.)
2. DATA PROCESSORS
The Data Controller engages the following data processors in the course of data processing:
Financial service provider (online credit card payments): OTP Mobil Kft. Registered office: 1093 Budapest, Közraktár u. 30-32.
Privacy Policy: https://simplepay.hu/adatkezeles-adatvedelmi-tajekoztato/
Web hosting provider GoDaddy.com, LLC Registered office: 14455 North Hayden Road Suite 219, Scottsdale, AZ 85260, USA
Tax ID: EU826010755
Newsletter and CRM provider: SalesAutoPilot Limited Liability Company
Registered office: 1016 Budapest, Zsolt utca 6/C, 4th floor, apt. 4
Company registration number: 01-09-286773
VAT number: HU25743500
Automatic invoicing KBOSS.hu Trading and Service Limited Liability Company Registered office: 1031 Budapest, Záhony Street 7.
Company registration number: 01-09-303201
Tax ID: 13421739-2-41
Website: https://www.szamlazz.hu
Privacy Policy: https://www.szamlazz.hu/adatvedelem/
Shipping General Logistics Systems Hungary Kft. (GLS): The terms and conditions of data processing can be found in the current GLS Privacy Policy.
SMS notifications Bip Communications Service Provider and Consulting Ltd. Registered office: 1134 Budapest, Bulcsú utca 23, Building B, 3rd Floor, Apartment 8.
Company registration number: 01-09-947432
Website: https://sms.bipkampany.hu
Statistical Analysis Google LLC (Google Analytics) Registered Office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy
Cookie Consent Management CookieYes (Gower Street Technologies Limited) Website: https://app.cookieyes.com
The Data Controller works exclusively with reliable partners who also prioritize security and legality.
3. SCOPE, LEGAL BASIS, AND PURPOSE OF PROCESSED PERSONAL DATA
3.1 VISITING THE WEBSITE
Legal basis: the data subject’s consent (Article 6(1)(a) of the GDPR; recorded via CookieYes)
Data processed: IP address, date and duration of visit, subpages visited, operating system, browser type, screen resolution
Purpose of data processing: to prepare statistical analyses, to monitor and improve the quality of the service
Retention period: 2 years
Data processor: Google Analytics (Google LLC)
Note: We analyze the data exclusively in aggregated, anonymous form; we do not link it to specific individuals.
3.2 ORDER FULFILLMENT (ONLINE STORE)
Legal basis: performance of a contract (GDPR Article 6(1)(b))
Data processed: last name, first name, email address, phone number, billing address, shipping address, IP address, order amount, date and time, any comments from the customer
Purpose of data processing: processing the order, delivering the product, maintaining contact with the customer, fulfilling obligations arising from the contract
Retention period: 8 years from the last day of the year in which the order was placed (accounting law requirement)
Data processors: CRM system (SalesAutoPilot), invoicing (KBOSS.hu / Számlázz.hu), shipping (GLS), financial service provider (OTP Mobil Kft. / SimplePay)
3.3 INVOICING
Legal basis: compliance with a legal obligation (GDPR Article 6(1)(c); VAT Act, Accounting Act)
Data processed: billing name, billing address, purchase amount and date
Purpose of data processing: compliance with the statutory obligation to issue invoices
Retention period: 8 years
Data processor: KBOSS.hu Kereskedelmi és Szolgáltató Kft. (Számlázz.hu)
3.4 NEWSLETTER AND DIRECT MARKETING
Legal basis: the data subject’s explicit consent (GDPR Article 6(1)(a); Section 6 of the Data Protection Act)
Processed data: last name, first name, email address Optional data: areas of interest (if multiple newsletter subscription options are available)
Purpose of data processing: notification of promotions, new products, and campaigns; general communication for business development purposes
Retention period: until consent is withdrawn or the user unsubscribes
Data processor: SalesAutoPilot Kft.
Consent may be withdrawn (unsubscription) at any time free of charge: – by clicking the unsubscribe link in the email, or – by sending a request to the email address berrivit@gmail.com. In the event of unsubscription, the data will be physically deleted from all our systems. Withdrawing consent for direct marketing purposes does not affect other legal bases for data processing related to the use of the webshop.
3.5 CONTACT (EMAIL, PHONE INQUIRY)
Legal basis: the data subject’s consent (GDPR Article 6(1)(a)) or the Data Controller’s legitimate interest (GDPR Article 6(1)(f))
Processed data: name, email address and/or phone number, content of the inquiry
Purpose of data processing: responding to the inquiry, customer service activities
Retention period: 1 year from the closure of the inquiry, unless a legal dispute justifies a longer retention period.
3.6 SMS NOTIFICATIONS
Legal basis: performance of a contract (GDPR Article 6(1)(b)) Data processed: phone number, notification details related to the order
Purpose of data processing: to notify you of the order status (e.g., shipping notification)
Retention period: 30 days from the fulfillment of the order
Data processor: Bip Communications Kft.
4. COOKIES
4.1 What is a cookie?
Cookies are small data files that your browser stores on your device (computer, smartphone). They contain a unique string of characters that allows the browser to be identified when you visit the website again. Their purpose is to make the website more user-friendly, provide certain features, and analyze visitor behavior.
4.2 Consent Regarding Cookies
The Data Controller informs the visitor about cookies requiring consent during the first visit and requests consent (via the CookieYes system). Providing consent is not mandatory and can be withdrawn at any time in your browser settings.
The Data Controller does not use or allow cookies that enable third parties to collect data without your consent.
4.3 Types of Cookies Used
Session cookies These are automatically deleted when you close your browser. They ensure the secure and efficient operation of the website. They do not require prior consent.
Persistent cookies These remain even after you close your browser; they are stored for a specified period of time and then automatically deleted. They save the visitor’s settings and preferences. They can be deleted in the browser’s security settings.
Third-party (tracking) cookies These come from partner companies (e.g., Google Analytics, Google Remarketing) and require explicit consent. They enable website optimization and the display of personalized content. Storage period: up to 180 days. Detailed information: https://www.google.com/policies/technologies/types/
5. PROFILING AND AUTOMATED DECISION-MAKING
The Data Controller does not engage in profiling and does not use decision-making or classification based solely on automated data processing.
6. DATA TRANSFER TO GOVERNMENT AGENCIES
The courts, the public prosecutor’s office, the police, the tax authority, the National Authority for Data Protection and Freedom of Information (NAIH), and other authorities may contact the Data Controller to request information, the disclosure of data, or the provision of documents. In such cases, we will fulfill our obligation to provide data, but only to the extent strictly necessary to achieve the purpose of the request.
7. RIGHTS OF DATA SUBJECTS
7.1 Right to information (Articles 13–14 of the GDPR)
The data subject has the right to receive concise, transparent, and easily understandable information regarding data processing. We will provide our response within 14 days of receiving the request (within a maximum of 1 month). This information is provided free of charge, unless you have already submitted a request regarding the same set of data in the current year.
7.2 Right of Access (GDPR Article 15)
The data subject has the right to request information regarding the personal data we process, its purpose, categories, retention period, recipients of any data transfers, the data subject’s rights, and the source of the data.
7.3 Right to Rectification (Article 16 of the GDPR)
The data subject may request the rectification of inaccurate or incomplete personal data.
7.4 Right to erasure (“right to be forgotten”) (Article 17 of the GDPR)
The data subject may request the erasure of their personal data if the purpose of the processing has ceased to exist, they have withdrawn their consent, or the processing is unlawful. Erasure may not be requested if the processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
7.5 Right to restriction of processing (GDPR Article 18)
The data subject may request restriction of processing if they contest the accuracy of the data, the processing is unlawful, the Data Controller no longer needs the data but the data subject requires it to assert a legal claim, or they have objected to the processing.
7.6 Right to Data Portability (GDPR Article 20)
The data subject has the right to receive the personal data concerning him or her, which he or she has provided, in a structured, machine-readable format, and to have it transmitted to another controller.
7.7 Right to Object (GDPR Article 21)
The data subject may object at any time to the processing of their personal data, particularly in the case of use for direct marketing purposes. In the event of an objection, the Data Controller may no longer process the personal data, unless compelling legitimate grounds for the continued processing exist.
7.8 Right to Withdraw Consent (GDPR Article 7(3))
In cases where data processing is based on consent, the data subject has the right to withdraw their consent at any time. Withdrawal does not affect the lawfulness of data processing carried out prior to withdrawal.
7.9 Right to bring a legal action
In the event of a violation of the data subject’s rights, the data subject may bring a legal action against the Data Controller. The adjudication of data protection disputes falls within the jurisdiction of the court; the action may also be brought before the court of the data subject’s place of residence or habitual residence, at the data subject’s discretion.
Please contact the Data Controller first via email (berrivit@gmail.com) or by mail (1013 Budapest, Pauler utca 11) before contacting a supervisory authority or a court, so that we can resolve the issue as quickly as possible.
8. RIGHT TO FILE A COMPLAINT – REGULATORY AUTHORITIES
Data subjects in Hungary may contact the National Authority for Data Protection and Freedom of Information (NAIH):
Address: 1055 Budapest, Falk Miksa utca 9–11. Postal address: 1363 Budapest, P.O. Box 9.
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu
Data subjects residing in other EU member states may also contact the data protection authority in their own country.
9. DATA SECURITY
The Data Controller protects personal data through appropriate technical and organizational measures, ensuring its security and availability, and safeguarding it against unauthorized access, alteration, damage, disclosure, and other unauthorized use. The ordering process is secured with SSL encryption.
10. FINAL PROVISIONS
The Data Controller notes that the data subject is responsible for the accuracy of the personal data provided. If the data subject provides personal data that does not belong to them, they are obligated to fully indemnify the Data Controller against any claims by third parties arising therefrom.
In matters not covered by this Privacy Notice, the provisions of applicable laws—in particular the GDPR—shall apply.
The Data Controller reserves the right to unilaterally amend this Notice, of which it will inform the data subjects in an appropriate manner (e.g., by posting a notice on the website). The amended provisions shall apply upon their entry into force.
Budapest, May 1, 2026
BERRIVIT Limited Liability Company
Represented by: Richárd Király, Managing Director
Copyright © 2026, BerriVit. All rights reserved.