Privacy Policy

1. Data Controller Information

Bonus Agricultural and Trading Ltd.
Registered office: 6000 Kecskemét, Borbás 10.
Tax number: 11572107-2-03
Email: office@bonus.co.hu
Website: www.bonus.co.hu

If the Service Provider requests personal data from the visitor of the Website (hereinafter: User) for any purpose, the following provisions shall apply.

This document contains basic information on the management, processing, and registration of personal data that may be provided by the User while using the Service Provider’s Website. If you have any questions regarding data management, please contact the Service Provider before providing any data.

LEGAL BASIS FOR DATA PROCESSING

The data processing by the Service Provider is carried out based on the voluntary consent of the Users in accordance with Section 3 (1) point a) of Act LXIII of 1992 on the protection of personal data and the publicity of data of public interest (hereinafter: Data Protection Act), as well as Act CVIII of 2001 on certain issues of electronic commerce services and information society services. The User provides consent for each data processing activity by using the Website, registering, or voluntarily providing the relevant data.

Pursuant to Section 6 (1) of the Info Act, the data subject must also be informed that personal data may be processed without their consent if obtaining such consent is impossible or would involve a disproportionate cost, and if the data processing is

  • necessary for compliance with a legal obligation of the data controller, or
  • necessary for the enforcement of the legitimate interests of the data controller or a third party,

and this interest is proportionate to the restriction of the right to the protection of personal data. The information must also cover the data subject’s rights and remedies related to data processing.

DEFINITIONS

User: any natural person identified or – directly or indirectly – identifiable on the basis of any personal data;

Personal Data: any data relating to the data subject – especially the name, identification number of the data subject, or one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity – and any conclusion that can be drawn from the data concerning the data subject;

Data Controller: any natural or legal person, or organization without legal personality, who alone or jointly with others determines the purposes of data processing, makes and executes decisions regarding data processing (including the means used), or has them executed by a data processor;

Data Processing: any operation or set of operations performed on data, regardless of the method used, such as collecting, recording, organizing, storing, altering, using, retrieving, transmitting, disclosing, aligning or combining, blocking, deleting, and destroying data, as well as preventing further use of the data, making audio, photo, or video recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprint, palm print, DNA sample, iris scan);

Data Processing Task: the performance of technical tasks related to data processing operations, regardless of the method and means used or the location of the application, provided that the technical task is performed on the data;

Data Processor: any natural or legal person, or organization without legal personality, who processes data based on a contract concluded with the data controller – including contracts concluded under legal provisions;

Data Protection Incident: unlawful processing or handling of personal data, including unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage.

2. Legal Background, Legal Basis, Purpose of Data Processing on the Website, Scope of Processed Personal Data, and Duration of Data Processing

Information Regarding the Use of Cookies

What is a cookie?
The Data Controller uses so-called cookies during your visit to the website. A cookie is a package of information consisting of letters and numbers that our website sends to your browser with the purpose of saving certain settings, making the use of our website easier, and helping us collect some relevant statistical information about our visitors. Cookies do not contain personal information and are not suitable for identifying individual users. Cookies often contain a unique identifier — a secret, randomly generated number sequence — that is stored on your device. Some cookies expire after closing the website, while others are stored on your computer for a longer period.

Legal background and legal basis for cookies:
The legal background for data processing is provided by Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act), and Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services. The legal basis for data processing is your consent, in accordance with Section 5 (1) point a) of the Info Act.

Main characteristics of the cookies used by the website:

If you do not accept the use of cookies, certain functions may not be available to you. For more information on deleting cookies, please visit the links below:

  • Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
  • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Chrome: https://support.google.com/chrome/answer/95647?hl=en

Use of Data Processor and Their Activities Related to Data Processing

a. Data processing for the purpose of personal data storage – Hosting service

Name of the data processor: VeltrixHosting Szilvia Gombos
Contact details of the data processor: Phone: +36708030078
Email address: contact@veltrixhosting.com

The Data Processor performs the storage of personal data based on a written contract with the Data Controller.
They are not entitled to access the personal data.

3. Data Security Measures

The Data Controller declares that appropriate security measures have been implemented to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage, and from becoming inaccessible due to changes in the applied technology.

The data is stored on servers located in the Doclernet server room and protected with DDOS protection. The CloudLinux-based servers are secured by a ConfigServer firewall, and CXS scanning is also active on the servers. The hosting provider performs daily backups, retaining and making the last two backups available to its customers.

The Service Provider takes all necessary steps to ensure the security of personal data provided by Users during both network communication and data storage. Access to personal data is strictly limited to prevent unauthorized disclosure, alteration, or use of personal information.

The Service Provider does not collect any special categories of personal data under any circumstances (such as data revealing racial or ethnic origin, political opinions, party affiliation, religious or philosophical beliefs, trade union membership, health status, or criminal record).

COOKIES AND COOKIE MANAGEMENT

1. Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following must be defined with regard to cookie data processing on the website:
2. The fact of data processing, scope of processed data: Unique identification number, dates, timestamps
3. Scope of data subjects: All individuals visiting the website.
4. Purpose of data processing: Identifying users and tracking visitors.
5. Duration of data processing, deadline for data deletion: The duration of processing for session cookies lasts until the end of the website visit.
6. Potential data controllers authorized to access the data: The data controller does not process personal data through the use of cookies.
7. Description of data subjects’ rights related to data processing: The data subject can delete cookies in the browser’s Tools/Settings menu, typically under Privacy settings.
8. Legal basis for data processing: No consent is required from the data subject if the sole purpose of using cookies is to transmit communication via an electronic communications network or if the use of cookies is strictly necessary for the service provider to deliver an information society service explicitly requested by the subscriber or user.

USE OF GOOGLE ADWORDS AND CONVERSION TRACKING

1. The data controller uses the online advertising program “Google AdWords” and within its scope utilizes the Google conversion tracking service. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
2. When a User reaches the website via a Google ad, a cookie necessary for conversion tracking is placed on their computer. These cookies are limited in validity and do not contain any personal data, so the User cannot be personally identified.
3. If the User visits certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User clicked on the ad.
4. Each Google AdWords client receives a different cookie, so cookies cannot be tracked across the websites of AdWords clients.
5. The information obtained using conversion tracking cookies serves the purpose of compiling conversion statistics for AdWords clients who have opted for conversion tracking. Clients learn how many users clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information by which any user could be personally identified.
6. If you do not wish to participate in conversion tracking, you can opt out by disabling the installation of cookies in your browser settings. In that case, you will not be included in conversion tracking statistics.
7. For more information and Google’s privacy policy, please visit: www.google.de/policies/privacy/

SOCIAL MEDIA – FACEBOOK

1. Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, the following must be defined in relation to data processing on social media platforms:
2. The fact of data collection, scope of processed data: The User’s registered name on Facebook and their public profile picture.
3. Scope of data subjects: All users who have registered on Facebook and have “liked” the website.
4. Purpose of data collection: Sharing, liking, and promoting certain content elements, services, articles of the website, or the website itself on social media platforms.
5. Duration of data processing, deadline for data deletion, persons authorized to access the data, and description of data subjects’ rights: The data subject can find information about the source of data, its processing, transfer method, and legal basis on the relevant social media platform. Data processing takes place on the social platform, therefore its duration, method, and deletion/modification options are governed by the regulations of the given platform.
6. Legal basis for data processing: The data subject’s voluntary consent to the processing of their personal data on social media platforms.

4. Your Rights During Data Processing

During the data processing period, you have the right to:

  • access information,
  • request rectification of your data,
  • request deletion of your data,
  • request restriction (blocking) of data processing,
  • object to data processing.

During the data processing period, you may request information from the Data Controller regarding the processing of your personal data. The Data Controller will respond to your request in the shortest possible time, but no later than within 25 days, in writing and in a clear and understandable format, providing information on the data processed, the purpose, legal basis, and duration of the processing, and, if the data has been transferred, who received or may receive the data and for what purpose.

You may request the rectification of your personal data during the data processing period. The Data Controller will fulfill your request within a maximum of 15 days.

You have the right to request the deletion of your personal data, which the Data Controller will carry out within 15 days at the latest. The right to deletion does not apply if the Data Controller is legally obligated to retain the data or, in accordance with Section 6 (5) of the Hungarian Information Act (Infotv.), is entitled to further process the data (e.g., in relation to invoicing).

You may request the restriction (blocking) of your personal data if its permanent deletion would violate your legitimate interests. The restricted personal data may only be processed as long as the purpose preventing deletion exists.

You may object to the processing of your personal data:

  • if the processing or transfer of personal data is solely necessary for the fulfillment of the Data Controller’s legal obligations or for the enforcement of the legitimate interests of the Data Controller, data recipient, or a third party, except in cases of mandatory data processing and as specified in Section 6 (5) of Infotv.;
  • if the personal data is used or transferred for purposes such as direct marketing, public opinion polling, or scientific research without your consent.

The Data Controller will review the objection within the shortest possible time, but no later than 15 days after receiving the request, and will make a decision regarding its validity. You will be informed of the decision in writing. If the Data Controller does not fulfill your request for rectification, restriction, or deletion, the reasons for the refusal, both factual and legal, will be communicated to you in writing or, with your consent, electronically within 25 days of receiving the request.

METHOD OF DATA PROCESSING

The Data Controller ensures the security of data (via SSL encryption), implements appropriate technical and organizational measures, and establishes procedural rules necessary to enforce the Hungarian Information Act (Infotv.) and other applicable data and secrecy protection regulations.

The Data Controller protects the data in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental loss or damage, and becoming inaccessible due to changes in the applied technology.

Appropriate technical solutions are in place to ensure that data stored in the records cannot be directly linked to or assigned to a specific individual.

The IT systems of the Data Controller and its hosting provider are protected against computer fraud, espionage, viruses, spam, hacking, and other attacks.

5. Legal Remedies

USER RIGHTS

The User has the right to request information at any time about the personal data processed by the Service Provider concerning them, and may also modify such data at any time. The User also has the right to request the deletion of their data via the contact details provided in this section.

Upon request, the Service Provider will provide information regarding the data it processes about the User, the purpose, legal basis, and duration of the processing, as well as who receives or has received the data and for what purpose. The Service Provider will respond to such requests in writing within 30 days of receipt.

At the User’s request, the Data Controller shall provide information about the data it processes concerning the User, including data processed by any data processor on its behalf or according to its instructions, the source of the data, the purpose and legal basis of processing, the duration of the processing, the name and address of the data processor and their activities related to data processing, the circumstances and effects of any data protection incident, the measures taken to address it, and — in the case of data transfer — the legal basis and the recipient of the transfer.

The User may exercise their rights via the following contact details:

Postal address: 6785 Pusztamérges, Temető u. 2.
Email: office@bonus.co.hu

If you believe that the Data Controller has violated any legal provisions concerning data processing, or has failed to fulfill your request, you may initiate an investigation by the National Authority for Data Protection and Freedom of Information to eliminate the presumed unlawful data processing (postal address: 1530 Budapest, P.O. Box 5; email: ugyfelszolgalat@naih.hu).

You are also informed that in the event of a breach of the legal provisions concerning data processing, or if the Data Controller fails to fulfill your request, you may seek remedy through the courts.

Modifications to the Privacy Notice / OTHER PROVISIONS

The Service Provider reserves the right to unilaterally modify this Privacy Notice with prior notification to the Users. By continuing to use the service after the changes take effect, the User is deemed to have accepted the modified Privacy Notice.

This Privacy Notice is governed by Hungarian law, in particular the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

May 26, 2025