Data Privacy Policy

Valid from 27/07/2020

Wanadis Kereskedelmi és Szolgáltató Kft. (Hereinafter: the Service Provider) handles the data of the visitors to the Website and the registrants of the website (hereinafter: the Affected Party) during the operation of the website (hereinafter: the Website).

In connection with the processing of data, the Service Provider hereby informs the Data Subject about the personal data managed by it on the Website, about its principles and practices in the field of personal data processing, and about the way and possibilities of exercising the rights of the data subjects.

By using the Website, the Data Subject accepts the provisions of the Data Management Information and consents to the data processing specified below.


data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
personal data: data which may be linked to a data subject, in particular his or her name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the inference that can be drawn from the data;
special data:
personal data concerning racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,
personal data on health status, pathological passion and criminal personal data;
consent: the voluntary and firm expression of the will of the data subject, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;
protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;
data controller: a natural or legal person or an organization without legal personality – in this case the Service Provider – who, individually or together with others, determines the purpose of data processing, makes and implements decisions on data management (including the means used), or with the data processor entrusted by him;
data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or aggregation, blocking, erasure and destruction; and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics capable of identifying the person (eg fingerprint or palm print, DNA sample, iris image);
data transfer: making the data available to a specific third party;
data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;
data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
third party: a natural or legal person or an organization without legal personality who is not the same as the data subject or the controller
data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.
Purpose of data management
The Service Provider shall provide the data provided by the Data Subject for a specific purpose:

fulfillment of the order (surprise package with small beer content),
ensuring the contents of the subscription,
delivery of the surprise bag with small beer content,
complaint handling,
subsequent proof of the terms of the contract concluded, and
if the Data Subject has subscribed to the newsletter, it will be stored and managed for the purpose of sending the newsletter.
The purpose of the automatically recorded data is the production of statistics and the technical development of the IT system.

The Service Provider does not or may not use the personal data provided for purposes other than those specified above. The disclosure of personal data to third parties or authorities is possible, unless otherwise required by law, with the prior express consent of the Data Subject.

In all cases where the Service Provider wishes to use the provided data for a purpose other than the purpose of the original data collection, it shall inform the Data Subject thereof and obtain its prior, express consent, or provide him or her with an opportunity to prohibit the use.

Legal basis for data management
The data processing is carried out on the basis of a voluntary statement of the users of the Website, based on appropriate information, which statement contains the data subject’s express consent to the use of their personal data provided during the use of the Website.

CXII of 2011 on the right to information self-determination and freedom of information for data processing by the Service Provider. Pursuant to Section 5 (1) (a) of the Act (hereinafter:, on the basis of the voluntary consent of the Data Subject, and pursuant to Section CVIII. takes place on the basis of law.

The Service Provider does not check the personal data provided to him, their authenticity. The Contractor is solely responsible for the adequacy of the data provided. By providing the e-mail address of any Affected, you are also responsible for ensuring that only he / she uses the service from the e-mail address provided. In view of this responsibility, all liability in connection with access to a given e-mail address shall be borne solely by the Data Subject who registered the e-mail address.

Name of the service provider as data controller
Name: Wanadis Kereskedelmi és Szolgáltató Kft.
Head office: 1112 Budapest, Márvány utca 7. 4. Em. First
VAT number: 25992412-2-41
Court of Registry: Registry Court of the Metropolitan Court
Company registration number: 01-09-300462

Duration of data management
The processing of the personal data that must be provided during the registration or subscription order starts with the registration and lasts until it is deleted upon request.

The registration or the deletion of personal data can take place at any time after the cancellation request has been sent. Upon receipt of the request, the Service Provider will delete the personal data from its system within 5 working days from the receipt of the request.

In the case of a newsletter, the Service Provider manages the data provided during the subscription of the Affected Newsletter until the Subscriber unsubscribes from the newsletter by clicking the “Unsubscribe” button at the bottom of the newsletter or requests to be removed from the newsletter list by e-mail or post. . In case of unsubscribing, the Service Provider will not contact the Data Subject with further newsletters or offers.

The logged data is stored for 6 months from the date of logging, except for the date of the last visit, which is automatically overwritten.

The above provisions do not affect the fulfillment of retention obligations specified in legal regulations (eg accounting legislation) or the processing of data on the basis of additional consents given during registration on the Website or in any other way.

Scope of personal data processed
Data provided during registration

Registration is not required on the Website. However, in case of submitting a registration or order (surprise package with small beer content), the Data Subject must provide the following information:

Surname, First name, Mobile phone number, Email address, Billing address: Country, Postcode, County, City, Street, house number,

The data subject can change their details in their account after logging in.

Technical details

The data of the Data Subject’s computer that are generated during the use of the service and that are recorded by the Service Provider’s system as an automatic result of the technical processes. These are, in particular, the date and time of the visit, the IP address of the data subject’s computer, the type of browser, the address of the website visited and previously visited.

The data that is automatically recorded is automatically logged at entry and exit without a separate statement or action by the Data Subject. This data may not be linked to other personal user data, except in cases required by law. Only the Service Provider has access to the data.

The html code of the Website may contain links from and to an external server independent of the Service Provider. The providers of these links are able to collect user data due to the direct connection to their server.


In order to provide customized service, the Service Provider and the designated external service providers may send a small data package, the so-called a cookie is placed and read back. If the browser returns a previously saved cookie, the cookie service provider has the option to link the data saved during the current visits of the Data Subject to the previous ones, but only for its own content.

The Service Provider uses the following cookie:

Temporary (session) cookie: session cookies are automatically deleted after the Data Subject’s visit. These cookies are used to make the Service Provider’s Website more efficient and secure, so they are essential for certain functions of the Website or certain applications to function properly.
Persistent cookie: the Service Provider also uses a persistent cookie for a better user experience (eg providing optimized navigation). These cookies are stored in the browser’s cookie file for a longer period of time. The duration of this depends on the setting that the Data Subject uses in their Internet browser.
A cookie used for a password-protected session.
Shopping cart cookie.
Security cookie.
The “Help” function in the menu bar of most browsers provides information on whether the Data Subject’s own browser

how can you disable cookies
how to accept new cookies
how to instruct your browser to set a new cookie, or
how to turn off other cookies.
Cookies placed by Google Analytics (cookies)

Google Analytics is a service provided by Google, Inc. (“Google”). Google Analytics uses cookies (cookies) stored on users’ computers to analyze user interactions on the Website. The legal basis for data management for web analytical purposes is the voluntary consent of the user of the Website. Cookies for analytical purposes are anonymized and aggregated data that make it difficult to identify a computer, but cannot be ruled out.

Analytical information collected by Google Analytics cookies (cookies) is transmitted to and stored on Google’s servers. Google processes this information on behalf of the Website Operator to evaluate users’ habits of visiting tomorrow, to compile reports on the frequency of use of the Website, and to provide additional services related to the use of the Website to the Website Operator. In the context of Google Analytics – the IP address transmitted through the browser is not linked by Google to other data.

Google Analytics uses the following cookies for analytical purposes:

web tracking __utma is used to differentiate between visitors and sessions saved by the web tracking service, Google Analytics (3rd party) 2 years
web tracking __utmt to control the fetch rate saved by the Google Analytics web tracking service (3rd party) 10 minutes
web tracking __utmv for user-level storage of custom variable data saved by Google Analytics web tracking service (3rd party) 2 years
web tracking __utmb to identify new sessions and visitors saved by Google Analytics web tracking (3rd party) 30 minutes
web tracking __utmc not currently used to work with urchin.js, which was saved by the Google Analytics web tracking service (3rd party) end of browser session
web tracking __utmz is used to store the traffic source or campaign that identifies the source of the visit that was tracked by the Google Analytics web tracking service (3rd party) 6 months
web tracking ga-disable- <ID> is saved when using the opt-out feature, which overrides tracking by Google Analytics until 2100

More information about the cookies used by Google can be found at the following link:

You can view Google’s privacy statement at

Google Adwords

The Website uses Google Adwords remarketing tracking codes. This is based on the fact that visitors to the site can later be accessed by remarketing ads on websites in the Google Display Network. The remarketing code uses cookies to tag visitors. Users of the Website may disable these cookies by visiting the Google Ads Preferences Manager and following the instructions there. After that, they will not receive personalized offers from the Service Provider.

The Website may also contain links to external servers (not managed by the Service Provider) and the pages available on these links may place their own cookies or other files on your computer, collect data or request personal data. The Service Provider excludes all liability for these.


In case of a newsletter subscription, the Data Subject is obliged to provide the Service Provider’s email address and full name.

The newsletter has direct marketing elements and contains advertising. The Service Provider handles the data provided by the Data Subject during the use of the newsletter.

The purpose of the newsletter is for the Service Provider to inform the Data Subject about current information, products, promotions, new functions, etc. in the form of an electronic message containing advertising.

The Service Provider sends letters containing an advertisement (newsletter) to the e-mail addresses provided during registration only and exclusively with the express consent of the Data Subject, in cases and in a manner that complies with legal regulations.

The range of persons who get to know the data, data transmission, data processing
The data are primarily available to the Service Provider or the Service Provider’s internal employees, however, they are not published or passed on to third party (ies).

The Service Provider may use a data processor (eg: system operator, transport company, accountant) to fulfill the orders and settle the settlement. Service Provider is not responsible for the data management practices of such external actors.

Name of data processors:

Name: DPD Hungária Kft.

E-mail address:

Activity: courier services

Hosting provider details:

Name: Tárhely.Eu Szolgáltató Kft.

E-mail address:


In addition to the above, the transfer of personal data concerning the Data Subject may only take place in cases specified by law or on the basis of the Data Subject’s consent.

Rights and enforcement of the data subject
7.1 Right to information

The Data Subject is entitled to request information on the personal data processed by the Service Provider at any time.

At the request of the Data Subject, the Service Provider shall provide information on the data processed by it, the data processed by the data processor entrusted by it or at its disposal, their source, the purpose, legal basis, duration of the data processing, as well as the name, address and the circumstances of the incident, its effects and the measures taken to remedy it, as well as, in the case of the transfer of the data subject’s personal data, the legal basis and the recipient of the transfer. The Service Provider shall provide the requested information in writing within 25 days from the submission of the request.

If the Service Provider has an internal data protection officer, through the internal data protection officer, a register is kept for the purpose of monitoring the measures related to the data protection incident and informing the Data Subject, including the scope of the data subject’s personal data, the scope and number of data subjects. , its circumstances, effects and the measures taken to eliminate it, as well as other data specified in the legislation prescribing data processing.

The Data Subject may contact the employee of the Service Provider with any questions or remarks related to data management via the contact details indicated in point 3.

7.2 The data subject may request the deletion, correction or blocking of his / her data

The Data Subject has the right at any time to request the correction or deletion of incorrectly recorded data at one of the contact details indicated below. The Service Provider deletes the data within 5 working days from the receipt of the request, in which case they will not be recoverable. The deletion does not apply to the data processing required by law (eg accounting regulations), the Service Provider will keep them for the required period of time.

The Data Subject may also request the blocking of his / her data. The Service Provider shall block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it can be assumed that the deletion would harm the legitimate interests of the Data Subject. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists.

The data subject shall be notified of the rectification, blocking and erasure, as well as to all persons to whom the data have previously been transmitted for data management purposes. The notification may be omitted if it does not infringe the legitimate interests of the Data Subject with regard to the purpose of the data processing.

If the Service Provider does not comply with the Data Subject’s request for rectification, blocking or deletion, it shall notify the factual and legal reasons for the rejection of the request for rectification, blocking or deletion in writing within 25 days of receipt of the request.

7.3 The data subject may object to the processing of his / her personal data

The Data Subject may object to the processing of his or her personal data. The Service Provider shall examine the protest within the shortest time from the submission of the application, but not later than within 15 days, make a decision on the merits of the application and inform the applicant of its decision in writing.

The Data Subject may exercise his / her rights at the contact details indicated in point 3.

7.4 The Data Subject is based on and the Civil Code (Act V of 2013)

You can contact the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; or
You can assert your rights in court.
If you have provided the data of a third party during the registration for the use of the Affected Service or have caused damage in any way during the use of the Website, the Service Provider is entitled to enforce compensation against the Affected. In such a case, the Service Provider shall provide all possible assistance to the acting authorities in order to establish the identity of the infringing person.

Use of email addresses
The Service Provider pays special attention to the legality of the use of the e-mail addresses managed by it, so it is used only in the manner specified below (for information or advertising) for sending e-mails.

The management of e-mail addresses primarily serves the identification of the Data Subject, the contact during the fulfillment of orders and the use of services, so e-mail is sent primarily for this purpose. If the Data Subject has subscribed to the newsletter, the Service Provider will also use the Data Subject’s e-mail address in order to send the newsletter.

data Security
The Service Provider undertakes to ensure the security of the data, and to take the technical measures to ensure that the recorded, stored and managed data are protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration. It also undertakes to call on any third party to whom the data may be transmitted or transferred to fulfill its obligations in this regard.

Other provisions
The Service Provider reserves the right to unilaterally amend this Data Management Information with prior notice to the Data Subject via the Website. After the entry into force of the amendment, the Data Subject accepts the contents of the amended Data Management Information by implicitly using the Website.

This Data Management Information is valid from 27.07.2020.