Privacy Notice

Date of acceptance: 2025-09-29

Data Controller

Name: Human Medical Center Korlátolt Felelősségű Társaság
Registered office: 1081 Budapest, Népszínház utca 22. Fsz. 5. ajtó
Postal address / complaint handling: 1081 Budapest, Népszínház u. 22. fsz. 5.
E-mail: info@vl1200.com
Telephone: 0670-702-7503, 0630-488-0498
Website: www.vl1200.com

Hosting Provider

  • Provider: RACKFOREST ZRT.
  • Registered office / site: 1132 Budapest, Victor Hugo utca 11. 5. em. B05001.
  • E-mail: info@rackforest.hu
  • Website: rackforest.com

Description of Processing Activities Carried Out During the Operation of the Webshop

This document contains all relevant data processing information in connection with the operation of the webshop pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.).

Information on the Use of Cookies

What is a cookie?

During visits to the website, the Data Controller uses so-called cookies. A cookie is a package of information consisting of letters and numbers that our website sends to your browser in order to save certain settings, facilitate the use of our website, and help us collect certain relevant, statistical information about our visitors.

Some cookies do not contain personal data and are not suitable for identifying individual users, while others contain an individual identifier — a secret, randomly generated number sequence — that is stored on your device and may enable your identification. The operating lifetime of each cookie is set out in the description of the respective cookie.

Legal background and legal basis for cookies

In general, three types of cookies are distinguished: strictly necessary (functional) cookies that ensure proper operation of the Website, statistical cookies, and marketing cookies.

  • The legal basis for processing statistical and marketing cookies is your consent under Article 6(1)(a) GDPR.
  • The legal basis for strictly necessary cookies required to ensure the operation of the Website is the Data Controller’s legitimate interest under Article 6(1)(f) GDPR.

Main characteristics of cookies used by the Website

Cookies essential for operation

If you do not accept the use of these cookies, certain functions may not be available to you.

  • Strictly necessary cookies: indispensable for the use of the website and enable the use of its basic functions. Without them, many features of the site will not be available. Their lifetime is limited to the duration of the session.
  • Session cookie: stores the visitor’s location, browser language, and payment currency; lifetime: until the browser is closed, or maximum 2 hours.
  • Age-restricted content cookie: records the fact of approval for age-restricted content and that the data subject is over 18; lifetime: until the browser is closed.
  • Recommended products cookie: records the list of products to be recommended via the “recommend to a friend” function; lifetime: 60 days.
  • Mobile version / design cookie: detects the visitor’s device and switches to full view on mobile; lifetime: 365 days.
  • Cookie-consent cookie: records acceptance of the statement on cookie storage shown in the warning window on landing; lifetime: 365 days.
  • Auto-logout #2 cookie: according to option #2, logs the visitor out after 90 days; lifetime: 90 days.
  • Backend identifier cookie: identifier of the backend server serving the site; lifetime: until the browser is closed.

Statistical cookies

  • Google Analytics cookie: Google Analytics helps website and app owners gain a more accurate picture of visitor activity. The service may use cookies to collect information and compile statistics on website usage without individually identifying visitors for Google. The primary cookie used by Google Analytics is “__ga”. In addition to usage reports, Google Analytics — together with certain advertising cookies described above — may also be used to display more relevant ads within Google products (e.g., Google Search) and across the internet.
  • User-experience improvement cookies: collect information about how users use the website (e.g., which pages are visited most often, what error messages are received). These cookies do not collect information that identifies visitors; they work with completely general, anonymous information. Data obtained are used to improve website performance. Lifetime: session only.
  • Referrer cookies: record from which external page the visitor arrived; lifetime: until the browser is closed.
  • Last viewed product cookie: records products last viewed by the visitor; lifetime: 60 days.
  • Last viewed category cookie: records the last viewed category; lifetime: 60 days.
  • Cart cookie: records products placed in the cart; lifetime: 365 days.
  • Smart offer cookie: records the conditions for displaying smart offers (e.g., whether the visitor has been on the site before, whether they have an order); lifetime: 30 days.

Marketing cookies

  • Google Ads (AdWords) cookies: When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies — such as NID and SID — to customize ads in Google products (e.g., Google Search). Such cookies remember your most recent searches, prior interactions with particular ads or search results, and visits to advertisers’ websites. The AdWords conversion tracking function uses cookies, storing them on the user’s computer when the person clicks an ad, to track sales and other conversions arising from ads. Common uses include selecting ads relevant to the user, improving campaign performance reports, and avoiding the display of ads the user has already seen.
  • Remarketing cookies: Enable ads to be shown to previous visitors or users while they browse other websites on the Google Display Network, or when they search for terms related to your products or services.
  • Facebook Pixel (Facebook cookie): A code that enables reporting on conversions, building target audiences, and providing the site owner with detailed analytics on visitors’ use of the website. With the Facebook Pixel, personalized offers and ads can be displayed to website visitors on the Facebook platform. Facebook’s data policy is available here: https://www.facebook.com/privacy/explanation

Further information on deleting cookies

More detailed information on deleting cookies can be found at the links below:

Google Consent Mode v2

The Data Controller has integrated Google Consent Mode v2 into its website and, via its cookie panel, manages consents and refusals in accordance with the new version. Under Consent Mode v2, in addition to the previous two flags (analytics_storage, ad_storage), Google uses two additional flags for the storage and reading of cookies for statistical and advertising purposes:

  • ad_user_data: Any user data that may be sent to Google for advertising purposes.
  • ad_personalization: The user’s data may be used for personalized advertising, e.g., for remarketing.

These two switches determine whether cookies for statistical and advertising purposes are permitted to be stored and read.

Data Processing for the Conclusion and Performance of Contracts

Multiple data processing scenarios may occur for the conclusion and performance of a contract. Please note that data processing related to complaint handling and warranty administration will take place only if you exercise one of the aforementioned rights.

If you do not purchase via the webshop and only visit it as a visitor, the provisions under marketing data processing may apply to you if you provide us marketing consent.

Detailed processing activities related to the conclusion and performance of contracts

Contacting Us

For example, when you contact us by email, contact form, or telephone with a question about a product. Prior contact is not required; you may place an order from the webshop at any time without it.

  • Data processed: The data you provide during contact.
  • Retention period: We process the data only until the contact is concluded.
  • Legal basis: Your voluntary consent, which you grant by initiating contact with the Data Controller. (GDPR Article 6(1)(a)).

Registration on the Website

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g., your details need not be re-entered for subsequent purchases). Registration is not a precondition for concluding a contract.

  • Data processed: Your name, residential address, telephone number, email address, the characteristics of the purchased product, and the time of purchase.
  • Retention period: Until you withdraw consent.
  • Legal basis: Your voluntary consent, granted by registering with the Data Controller. (GDPR Article 6(1)(a)).

Order Processing

During order processing, certain data processing activities are necessary for performance of the contract.

  • Data processed: Your name, address, telephone number, email address, the characteristics of the purchased product, the order number, and the time of purchase. If you place an order in the webshop, providing this data is indispensable for the performance of the contract.
  • Retention period: 5 years pursuant to the civil-law limitation period.
  • Legal basis: Performance of a contract. (GDPR Article 6(1)(b)).

Issuing Invoices

This processing is carried out to issue legally compliant invoices and to fulfil the accounting record-retention obligation. Under Section 169(1)–(2) of Act C of 2000 on Accounting, business entities must retain accounting documents that directly or indirectly support bookkeeping.

  • Data processed: Name, address, email address, telephone number; where applicable, health fund membership ID; in the case of companies, tax number.
  • Retention period: 8 years from the date of invoice issuance, pursuant to Section 169(2) of the Accounting Act.
  • Legal basis: Legal obligation to issue and retain invoices under Act CXXVII of 2007 on VAT, Section 159(1), and Act C of 2000 on Accounting, Section 169(2). (GDPR Article 6(1)(c)).

Data Processing Related to the Delivery of Goods

This processing is carried out for the delivery of the ordered product.

  • Data processed: Name, address, email address, telephone number.
  • Retention period: For the duration of delivery of the ordered goods.
  • Legal basis: Performance of a contract. (GDPR Article 6(1)(b)).

Recipients / Processors involved in delivery

  • Recipient: GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.
  • Registered office: 2351 Alsónémedi, GLS Európa u. 2.
  • Telephone: 06-29-88-67-00
  • E-mail: info@gls-hungary.com
  • Website: https://gls-group.eu/HU/hu/home

Courier Service Data Processing

The courier service, acting under a contract concluded with the Data Controller, assists in the delivery of the ordered goods. The courier service processes the personal data it receives in accordance with its own privacy notice available on its website.

  • Recipient: DHL Express Magyarország
  • Registered office: BUD International Airport Terminal 1, DHL Building 302, 1185 Budapest
  • Telephone: 06 1 245-4545
  • E-mail: ugyfelszolgalat.hu@dhl.com
  • Website: (Not specified)

The courier service cooperates with the Data Controller under a contractual arrangement to ensure the delivery of ordered goods. It processes the personal data received in accordance with the terms described in its publicly available privacy policy.

Handling of Warranty and Guarantee Claims

Warranty and guarantee claims are processed in accordance with Decree No. 19/2014 (IV.29.) NGM, which also defines how such claims must be handled.

Data Processed

In the course of handling warranty and guarantee claims, the Data Controller proceeds under Decree No. 19/2014 (IV.29.) NGM, and must record a report of the claim, which includes:

  1. a) the name and address of the claimant, as well as a declaration of consent to the processing of their data as required by the Decree,
    b) the name and purchase price of the movable item sold under the contract concluded between the parties,
    c) the date of performance of the contract,
    d) the date of the defect report,
    e) a description of the defect,
    f) the right the claimant seeks to exercise under warranty or guarantee, and
    g) the method of settlement of the claim or the reason for rejection.

If the purchased product is received from the customer, a receipt of acknowledgment must be issued containing:

  1. a) the name and address of the customer,
    b) the identifying details of the product,
    c) the date of receipt, and
    d) the expected date when the repaired item can be collected.

Retention Period

The business must retain the record of the consumer’s warranty or guarantee claim for three (3) years from the date of recording and must present it to the supervisory authority upon request.

Legal Basis

The legal basis for this data processing is compliance with legal obligations under Sections 4(1) and 6(1) of Decree No. 19/2014 (IV.29.) NGM.
(GDPR Article 6(1)(c)).

Handling of Other Consumer Protection Complaints

This data processing is carried out for the purpose of handling consumer protection complaints. If you submit a complaint, providing your personal data is essential for processing.

Data Processed

Customer’s name, telephone number, email address, and the content of the complaint.

Retention Period

Warranty-related complaints are retained for five (5) years in accordance with consumer protection legislation.

Legal Basis

While submitting a complaint is a voluntary act, once submitted, the Data Controller is legally obliged to retain it for three (3) years under Section 17/A(7) of Act CLV of 1997 on Consumer Protection.
(GDPR Article 6(1)(c)).

Data Processed in Connection with Proof of Consent

During registration, ordering, or newsletter subscription, the IT system stores information relating to consent in order to ensure future verifiability.

Data Processed

The time of consent and the IP address of the data subject.

Retention Period

Due to statutory requirements to demonstrate valid consent at a later date, such data are retained for the limitation period following the termination of the processing.

Legal Basis

This obligation arises from Article 7(1) of the GDPR.
(GDPR Article 6(1)(c)).

Marketing Data Processing

Newsletter Subscription

This data processing is conducted for the purpose of sending newsletters.

  • Data processed: Name, address, email address, telephone number.
  • Retention period: Until the withdrawal of consent by the data subject.
  • Legal basis: Voluntary consent given by subscribing to the newsletter. (GDPR Article 6(1)(a)).

Remarketing

This processing takes place as a remarketing activity using cookies.

Prize Draws

This data processing is conducted for the organization and execution of prize draws.

  • Data processed: Name, email address, postal address, telephone number.

Duration and Legal Basis of Data Processing

Prize Draws

  • Duration of processing:
    The data are deleted following the conclusion of the prize draw, except for the data of the winner, which the Data Controller is required to retain for 8 years in accordance with the provisions of the Accounting Act.
  • Legal basis:
    Your voluntary consent, granted by using the website. (GDPR Article 6(1)(a)).

Processing under the Medical Devices Regulation

  • Legal basis:
    Decree 4/2009 (III.17.) of the Ministry of Health (EüM) on Medical Devices.
  • Data processed: For example, name, email address, etc.
  • Duration of processing: As required under the relevant legal provisions.

Additional Data Processing

If the Data Controller intends to carry out further data processing, you will be provided with prior information on the essential circumstances of such processing (including the legal basis, purpose, scope of processed data, and duration of processing).

Data Processors

Newsletter Service Provider

  • Processor name: Mailchimp
  • Company name: The Rocket Science Group, LLC
  • Registered office: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
  • Website: mailchimp.com

The Data Processor cooperates with the Data Controller in the distribution of newsletters under a contractual arrangement. During this process, the Processor manages the name and email address of the data subject to the extent necessary for newsletter delivery.

Accounting Services

  • Processor name: Akta Könyvelő Iroda
  • Registered office: 2030 Érd, Bajcsy-Zs. út 116.
  • Telephone: +36 30 202 7140
  • E-mail: info@aktakontroll.hu

The Data Processor assists the Data Controller under a written agreement with bookkeeping of accounting documents. It processes the name and address of the data subject to the extent necessary for accounting purposes and retains such data in accordance with Section 169(2) of Act C of 2000 on Accounting, after which it deletes the data without delay.

Invoicing Services

  • Processor name: Számlázz.hu
  • Registered office: 1031 Budapest, Záhony utca 7.
  • Telephone: +36 30 35 44 789
  • E-mail: info@szamlazz.hu

The Data Processor cooperates with the Data Controller in the recording and storage of accounting documents under a contractual arrangement. It processes the name and address of the data subject to the extent necessary for accounting purposes and retains such data in accordance with Section 169(2) of Act C of 2000 on Accounting, after which it deletes the data.

Online Payment Services

  • Processor name: Stripe Inc.
  • Registered office: 354 Oyster Point Blvd, South San Francisco, CA 94080, United States
  • E-mail: support@stripe.com
  • Website: stripe.com

The payment service provider cooperates with the Data Controller under a contract to facilitate online payment transactions, during which data transfer occurs to the payment processor.
The payment processor manages the data subject’s billing name, address, order number, and order date in accordance with its own data protection policy.

  • Purpose of data transfer:
    To provide the payment processor with the necessary transaction data required for completing the initiated payment.
  • Legal basis:
    Performance of the contract between the Data Controller and the data subject, of which payment is an essential part. (GDPR Article 6(1)(b)).

Deferred Payment Services

Mailchimp (as data processor) may also cooperate with the Data Controller regarding deferred payment solutions.
Access to personal data is limited to the duration of the contractual relationship between the Data Controller and the Processor, but no longer than until the withdrawal of consent by the data subject.

“Trusted Shop” Program

For the operation of the Trusted Shop Program of www.arukereso.hu
(Online Comparison Shopping Kft., 1074 Budapest, Rákóczi út 70–72., Tax No.: 24868291-2-42, Company Reg. No.: 01-09-186759*),
the customer’s email address and the name of the purchased product are transferred to arukereso.hu following purchases made through this webshop.

  • Purpose of data transfer:
    To request and display customer feedback.
  • Controller of the transferred data:
    Online Comparison Shopping Kft.
  • Legal basis:
    The company processes personal data in accordance with the Privacy and Data Management Policy of www.arukereso.hu.

Rights of the Data Subject

Throughout the duration of data processing, you have the following rights under the GDPR:

  • Right to withdraw consent
  • Right of access to personal data and related information
  • Right to rectification
  • Right to restriction of processing
  • Right to erasure (“right to be forgotten”)
  • Right to object to processing
  • Right to data portability

If you wish to exercise any of these rights, this requires your identification, and the Data Controller must communicate with you. Accordingly, certain personal data will be required for verification (only data already processed by the Controller may be used for this purpose).

Your data protection complaints will be stored in the Data Controller’s email system for the retention period specified in this notice.
If you are a customer contacting the Controller for complaint handling or warranty services, please provide your order reference number to facilitate identification.

The Data Controller will respond to any data protection complaints within 30 days at the latest.

Right to Withdraw Consent

You have the right to withdraw your consent to data processing at any time. In such cases, your personal data will be deleted from our systems.
However, please note that if your order has not yet been fulfilled, withdrawal of consent may result in our inability to complete delivery.
Additionally, if the purchase has already been made, we are legally obliged under accounting regulations to retain invoicing data.
If you have any outstanding debts toward us, we may continue to process your data based on our legitimate interest in enforcing such claims, even after the withdrawal of consent.

Right of Access to Personal Data

You have the right to obtain confirmation from the Data Controller as to whether your personal data are being processed, and, if so, you are entitled to:

  • Access the personal data processed, and
  • Receive the following information:
    • The purposes of data processing;
    • The categories of personal data concerned;
    • The recipients or categories of recipients to whom your data have been or will be disclosed;
    • The planned retention period of the personal data, or, if not possible, the criteria used to determine that period;
    • Your rights to request rectification, erasure, or restriction of processing, and to object to processing based on legitimate interest;
    • Your right to lodge a complaint with the supervisory authority;
    • If data were not collected directly from you, any available information on their source;
    • The existence of automated decision-making, including profiling, and—at least in such cases—meaningful information about the logic involved and the potential consequences of such processing for you.

The purpose of exercising this right is to verify the lawfulness of the data processing. Therefore, in the case of repeated requests, the Data Controller may charge a reasonable fee for providing such information.

Access will be granted after your identity is verified, and the requested data and information will be sent to you by email.
If you hold a registered account, you may also view and verify your stored personal data directly within your user profile.

Please specify in your request whether you seek access to the personal data themselves or to information related to data processing.

Right to Rectification

You have the right to request that the Data Controller rectify any inaccurate personal data concerning you without undue delay.

Right to Restriction of Processing

You have the right to request that the Data Controller restrict processing of your data if any of the following conditions apply:

  • You contest the accuracy of your personal data; restriction shall apply for the period during which the Data Controller verifies the accuracy of the data. If the data are immediately confirmed as accurate, restriction will not be applied.
  • The processing is unlawful, but you oppose deletion of the data (e.g., because they are needed for legal claims), and instead request restriction of their use.
  • The Data Controller no longer requires the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims.
  • You have objected to processing based on legitimate interest, and it is pending determination whether the Data Controller’s legitimate grounds override your own.

Where processing is restricted, the data may—apart from storage—be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another person, or for reasons of important public interest of the EU or a Member State.

The Data Controller will notify you in advance (at least three working days prior) of any decision to lift the restriction.

Right to Erasure (“Right to be Forgotten”)

You have the right to request that the Data Controller erase your personal data without undue delay if any of the following apply:

  • The data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You withdraw consent, and there is no other legal basis for processing;
  • You object to processing based on legitimate interest, and there are no overriding lawful grounds for processing;
  • The data have been processed unlawfully, as determined through a complaint procedure;
  • The data must be erased to comply with a legal obligation under EU or Member State law.

If the Data Controller has made the data public and is obliged to erase them for one of the above reasons, it must, taking into account available technology and implementation costs, take reasonable steps—including technical measures—to inform other controllers processing such data that you have requested the erasure of any links, copies, or replications of those personal data.

Exceptions

Erasure does not apply where processing is necessary for:

  • The exercise of the right to freedom of expression and information;
  • Compliance with a legal obligation requiring processing under EU or Member State law (e.g., retention of invoices under accounting rules), or for the performance of a task carried out in the public interest or in the exercise of official authority;
  • The establishment, exercise, or defense of legal claims (e.g., where the Data Controller has an outstanding claim against you, or if a consumer or data protection complaint is still under investigation).

Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data where such processing is based on legitimate interest.
In this case, the Data Controller shall no longer process the personal data, unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such purposes, including profiling to the extent that it relates to direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for that purpose.

Right to Data Portability

Where data processing is carried out by automated means or based on your voluntary consent, you have the right to request that the Data Controller provide the personal data you have supplied to it in a structured, commonly used, and machine-readable format (e.g., XML, JSON, or CSV).
If technically feasible, you may also request that the Data Controller transmit the data directly to another controller in the same format.

Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
In such cases, the Data Controller must take appropriate measures to safeguard your rights, freedoms, and legitimate interests, including the right to:

  • obtain human intervention on the part of the Data Controller,
  • express your point of view, and
  • contest the decision.

This right does not apply if the decision:

  • is necessary for entering into or performing a contract between you and the Data Controller;
  • is authorized by Union or Member State law, which also lays down suitable measures to safeguard your rights and freedoms; or
  • is based on your explicit consent.

Data Protection Registration

Under the former Hungarian Infotv. (Act CXII of 2011 on Informational Self-Determination and Freedom of Information), certain data processing activities were required to be registered in the Data Protection Register.
This obligation ceased to apply as of 25 May 2018, following the entry into force of the GDPR.

Data Security Measures

The Data Controller declares that it has implemented appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, deletion, destruction, and accidental loss or damage, as well as against inaccessibility due to technological changes.

The Data Controller makes every reasonable effort to ensure that its data processors likewise implement appropriate security measures when handling your personal data.

Remedies and Legal Recourse

If you believe that the Data Controller has violated any data protection provisions or has failed to comply with your request, you may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) to address the presumed unlawful processing.

  • Mailing address: 1363 Budapest, Pf. 9.
  • E-mail: ugyfelszolgalat@naih.hu
  • Telephone: +36 (30) 683 5969, +36 (30) 549 6838, +36 (1) 391 1400

Additionally, you may bring a civil lawsuit before a court of law if your rights under data protection legislation have been infringed or if the Data Controller has failed to act upon your request.

Amendment of the Privacy Notice

The Data Controller reserves the right to amend this Privacy Notice, provided that such amendments do not affect the purpose or legal basis of data processing.
By continuing to use the website after the amendments take effect, you accept the modified Privacy Notice.

If the Data Controller intends to process collected data for a purpose other than that for which they were originally collected, you will be informed in advance of the new processing purpose and the following details:

  • The retention period of the personal data, or the criteria used to determine it;
  • Your rights to request access, rectification, erasure, or restriction of processing, to object to processing based on legitimate interest, and, where applicable, to data portability;
  • In cases of consent-based processing, your right to withdraw consent at any time;
  • Your right to lodge a complaint with a supervisory authority;
  • Whether providing personal data is a statutory or contractual requirement, or a precondition for entering into a contract, and whether you are obliged to provide the data, as well as the possible consequences of failing to do so;
  • The existence of automated decision-making, including profiling, and—at least in such cases—meaningful information about the logic involved and its potential effects on you.

Any such additional processing may begin only after you have been duly informed and, where the legal basis is consent, after you have explicitly given your consent.

Go top
Select your currency
EUR Euro
HUF Hungarian forint
PLN Polish złoty
RON Romanian leu