Privacy Statement

WEBSITE PRIVACY POLICY

This document contains a description of how the website https://www.epta-international.com/en (hereinafter also ‘Site’) is managed, with reference to the processing of the personal data of visitors and users who use it.

Following the consultation of this Site, data relating to identified and identifiable persons can be processed. For the purposes and effect of Art. 13 of EU Regulation 2016/679 (the “GDPR”), Epta International Kft., as the Data Controller, is required to provide this Policy - regarding the processing of personal data of natural persons - that they access through this website. The information is provided only for this website and not also for other websites that may be consulted by the user through links.

The purpose of this document is to provide information on the methods, purposes, the retention times, the place of processing and the rights of the data subjects.

  1. Data Controller

The Data Controller of the processing of personal data is EPTA International Kft., VAT No.  23142752-2-44, with registered office in 1134 Budapest, Dózsa György út 146-148. A. ép. (hereinafter also ‘EPTA’, ‘Company’ or even ‘Controller’).

  1. What types of data are processed on the Site, for what purposes and on what legal basis

The following types of personal data are processed on the Site, for the following purposes:

  1. Navigation data

     

    1. Purpose of the processing 

Operating a secure Site, verifying its proper functioning and having statistical information on its use. 

  1. Categories of personal data processed 

This category of data includes the IP addresses or domain names of the computers used by the users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.

An indicative list of the information that we may collect is as follows:

  • Internet Protocol (IP) address;

  • browser type and device parameters used to connect to the site;

  • name of the internet service provider (ISP);

  • date and time of the visit;

  • web page from which the visitor came (referral) and from which he left the website;

  • the number of clicks, if any.

 

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, enable users to be identified.

The collection of such personal data takes place automatically during the navigation of the Site and their delivery is therefore mandatory for all users and visitors of the Site.

  1. Legal basis of processing

Our legitimate interest in ensuring the security of the Site and ascertaining liability in case of hypothetical computer crimes against the Site, verify its proper functioning and have statistical information on its use (Article 6(1)(f) GDPR). During their normal operation, the computer systems and software procedures used to operate this website acquire certain personal data. The transmission of such personal data implicit in the use of Internet communication protocols.

  1. Period of data processing

The Data Controller keeps the personal data as long as they are necessary for the achievement of the purpose for which they were collected, and in particular for a maximum period of 6 months, unless further retention is necessary to establish liability in the event of hypothetical computer crimes against the Site or to comply with requests from the judicial or police authorities.

  1. Recipients of personal data (data processor, business partners)

Your data are known to the employees and collaborators, as authorised persons, of the Data Controller and other third parties as data processors (companies providing assistance/services such as: financial consulting services, communication, data processing, hosting and co-location servers, computer security and other IT services, web analysis). 

The data may also be shared with the other companies of the Epta Group, the list of which is available on the Website at: https://www.eptarefrigeration.com/en/contacts or on request contacting us at compliance@eptarefrigeration.com, with other third parties as well as with police forces or judicial authority where necessary required by legal obligation and/or following a binding judicial or administrative decision, as well as with our legal advisers.

  1. Communication data

  1. Purpose of the processing

Communicating with you via the emails spontaneously sent to us and in the contact/request forms information on the Site: the optional, explicit and voluntary sending of your e-mail to the addresses indicated on the Site or the filling out of the appropriate forms.

  1. Categories of personal data processed

Your address and the personal data necessary to provide the requested service and/or reply to the requests, as well as any other personal data inserted in the message (and in the annexes to it) or in the appropriate forms.

Please do not send us under any circumstances any information that can be included in the special categories of data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person) as we will be forced to delete them.

The provision of personal data is optional but necessary, since in case of non-provision we may not be able to provide you with the requested information.   

The contact data you voluntarily provide will be processed by us exclusively to provide you with what you have requested, unless you have optionally given your consent to their processing also for the  marketing purposes referred to in section 2.6. below. 

  1. Legal basis of processing

To perform a contract to which you are party and/or pre-contractual measures taken at your request (Article 6(1)(b) GDPR).

  1. Period of data processing

The Data Controller keeps the personal data as long as they are necessary for the achievement of the purpose for which they were collected, and in particular for 6 months from the time when we have supplied you with the services/information requested by you, in order to ensure that your request is complied with and to provide you with any further clarification you may need.

  1. Recipients of personal data (data processor, business partners)

Your data are known to the employees and collaborators, as authorised persons, of the Data Controller and other third parties as data processors (companies providing assistance/services such as: financial consulting services, communication, data processing, hosting and co-location servers, computer security and other IT services, web analysis). 

The data may also be shared with the other companies of the Epta Group, the list of which is available on the Website at: https://www.eptarefrigeration.com/en/contacts or on request contacting us at compliance@eptarefrigeration.com, with other third parties as well as with police forces or judicial authority where necessary required by legal obligation and/or following a binding judicial or administrative decision, as well as with our legal advisers.

  1.  Data from social networks

     

    1. Purpose of the processing

Communicating with you via social networks in case you contact us via the EPTA social pages (Facebook, Instagram, LinkedIn and YouTube), leaving a message on our profiles or entering your personal data in the contact forms that may be present there.

  1. Categories of personal data processed

We will only process the personal data you have communicated to provide you with technical assistance or information requested. The privacy policies of the respective social networks to which you are registered that govern the processing of your personal data carried out through the relevant social platforms remain applicable.

  1. Legal basis for processing

To perform a contract to which you are party and/or pre-contractual measures taken at your request (Article 6(1)(b) GDPR).

  1. Period of data processing

The Data Controller keeps the personal data as long as they are necessary for the achievement of the purpose for which they were collected, and in particular for 6 months from the time when we have supplied you with the services/information requested by you, in order to ensure that your request is complied with and to provide you with any further clarification you may need.

  1. Recipients of personal data (data processor, business partners)

Your data are known to the employees and collaborators, as authorised persons, of the Data Controller and other third parties as data processors (companies providing assistance/services such as: financial consulting services, communication, data processing, hosting and co-location servers, computer security and other IT services, web analysis). 

The data may also be shared with the other companies of the Epta Group, the list of which is available on the Website at: https://www.eptarefrigeration.com/en/contacts or on request contacting us at compliance@eptarefrigeration.com, with other third parties as well as with police forces or judicial authority where necessary required by legal obligation and/or following a binding judicial or administrative decision, as well as with our legal advisers.

  1. Enforcement

     

    1. Purpose of the processing

We may process your personal data in order to pursue our legitimate interest in exercising or defending a right in a judicial or extrajudicial procedure, even in the case of possible pre-contractual liability.

  1. Categories of personal data processed

Navigation data and communication data as above detailed. 

  1. Legal basis for processing

Our legitimate interest in exercising or defending a right in judicial or extrajudicial proceedings (Article 6(1)(f) GDPR).

  1. Period of data processing

In case of accounting documents 8 years after the issuance of the accounting document. In case of tax declarations, 5 years from the last day of the calendar year of the tax declaration or tax payment obligation. Otherwise, for the general limitation period of 5 years for contractual actions.

  1. Recipients of personal data (data processor, business partners)

Your data are known to the employees and collaborators, as authorised persons, of the Data Controller and other third parties as data processors (companies providing assistance/services such as: financial consulting services, communication, data processing, hosting and co-location servers, computer security and other IT services, web analysis). 

The data may also be shared with the other companies of the Epta Group, the list of which is available on the Website at: https://www.eptarefrigeration.com/en/contacts or on request contacting us at compliance@eptarefrigeration.com, with other third parties as well as with police forces or judicial authority where necessary required by legal obligation and/or following a binding judicial or administrative decision, as well as with our legal advisers.

  1. Marketing

     

    1. Purpose of the processing

If provided at the end of each proposed form, we will process your data for sending you marketing communications (direct sale, sending of advertising materials, carrying out market research and commercial communication) in order to send you – based on your choice, by e-mail(automated mode) - advertising communications, offers and promotions related to the products and services offered by EPTA. 

  1. Categories of personal data processed

First name, Last name, E-mail, Country, Market, Telephone

  1. Legal basis for processing 

Your optional, prior, express consent (Art. 6 (1) (a)GDPR).

You may in any case freely and free of charge revoke your consent to the processing of your personal data at any time totally or even partially, for example, in relation to automated methods only, by making a request to EPTA in the manner indicated below. In relation to marketing communications sent by e-mail, you may also object to the processing of your personal data by clicking on the appropriate link in each promotional e-mail.

If you do not consent to the processing of your personal data for marketing purposes, the possibility of making a request for information on the Site, registering your account, placing an order for the purchase of our products and services, and using the additional functionalities of the Site will not be affected in any way, nor will you suffer any detrimental consequences. We simply will not be able to broadcast our promotional and commercial offers.

  1. Period of data processing

Until you revoke your consent. Otherwise, for 3 years after the release of the data, as the deadline approaches you will be asked if you are still interested in receiving such communications and, if so, the retention period mentioned will be renewed. Otherwise, upon expiry of the deadline your data will be deleted.

  1. Recipients of personal data (data processor, business partners)

Your data are known to the employees and collaborators, as authorised persons, of the Data Controller and other third parties as data processors (companies providing assistance/services such as: financial consulting services, communication, data processing, hosting and co-location servers, computer security and other IT services, web analysis). 

The data may also be shared with the other companies of the Epta Group, the list of which is available on the Website at: https://www.eptarefrigeration.com/en/contacts or on request contacting us at compliance@eptarefrigeration.com, with other third parties as well as with police forces or judicial authority where necessary required by legal obligation and/or following a binding judicial or administrative decision, as well as with our legal advisers

  1. Communication to third parties, data transfers outside the EEA 

Any transfer of your personal data to countries outside the European Union or the European Economic Area (third countries) will take place with those third countries that are recognized by the European Commission as having an adequate level of protection of personal data or, if not, if a level of protection of personal data is guaranteed contractually by those entities located in the third country that is adequate in relation to that of the European Union (e.g. by signing standard contractual clauses provided by the European Commission) and that the exercise of the rights of the data subjects is always ensured. 

Further information can be obtained by writing to compliance@eptarefrigeration.com.

  1. Rights of data subjects (Articles 15 to 22 of the GDPR)

We inform you that you have the right to exercise at any time, free of charge and without formality, the following rights set out in Articles 15 to 22 of the GDPR: 

  • the right to request access to personal data, i.e. the right to obtain confirmation whether or not data concerning you are being processed and, if so, to obtain access to personal data and to obtain copies of them (Article 15); 

  • the right to rectification, i.e. the right to obtain rectification of inaccurate data concerning you or to supplement incomplete data (Article 16); 

  • the right to erasure (“right to be forgotten”), i.e. the right to obtain the erasure of data concerning you, if one of the reasons mentioned by the norm exists (Article 17) exists; 

  • the limitation to the processing or the right to obtain, in the cases indicated by the norm, the marking of the data retained with the aim of limiting its processing in the future (Article 18);

  • the right to be notified in case of rectification, erasure of personal data or limitation of processing (Article 19); 

  • the right to data portability, or the right to data portability, in the cases indicated by art. 20 of the GDPR, to receive in a structured, commonly used and machine-readable format the data concerning you, and to transmit those data to another controller without hindrance (Article 20); 

  • the right to object, or to oppose at any time, for reasons related to your particular situation, the processing of your personal data carried out on the basis of our legitimate interest (Article 21). 

    1. Right of access

You have the right to obtain from us confirmation as to whether or not your personal data are being processed. If your personal data is processed, you have the right to access to the personal data (or obtain a copy) and to receive information about the circumstances of the data processing. The information requested may include, but are not limited to the following: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed by us; the planned period for which the personal data will be stored; where the personal data are not collected from you, any available information as to their source.

  1. Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed.

  1. Right to erasure (“right to be forgotten”)

You have the right to request from us the erasure of your personal data without undue delay where one of the following applies:

  • the personal data are no longer necessary;

  • the consent on which the processing is based is withdrawn, and where there is no other legal grounds for the processing;

  • you object to the processing and there are no overriding legitimate grounds for the processing;

  • the personal data have been unlawfully processed by us;

  • the personal data have to be erased for compliance with a legal obligation.

We do not erase the personal data where the processing is necessary for any of the following reasons: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing; (iii) for the establishment, exercise or defence of legal claims.

  1. Right to restriction of processing

You have the right to obtain from us a restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data. In this case the restriction applies for a period enabling us to verify the accuracy of the personal data;

  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  • we no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;

  • you have objected to the processing. In this case the restriction applies for the period of the verification whether the legitimate grounds of us override yours.

Where processing has been restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You will be informed by us before the restriction of processing is lifted.

  1. Right to object to processing

You have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data, which is based on the legitimate interests pursued by us. In this case, we will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the establishment, exercise or defence of legal claims.

  1. Right to data portability

If it does not adversely affect the rights and freedoms of others, you have the right to receive your personal data (which you provided to us) in a structured, commonly used and machine-readable format. You also have the right to have the personal data transmitted directly from us to another controller, if the following cumulative conditions are fulfilled:

  • the processing is based on your consent, or it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; and

  • the processing is carried out by automated means, i.e. the processing is carried out via an IT system instead of a paper form.

    1. Remedies

If you do not agree with the communication or actions taken by us, you have the right to lodge a complaint with the data protection supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement, in particular, with the Hungarian National Authority for Data Protection and Freedom of Information (address: Budapest, Falk Miksa u. 9-11, 1055; mailing address: 1363 Budapest, Pf. 9.; tel.: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu). Furthermore, you may lodge a complaint before a tribunal (in Hungarian: “Törvényszék”) competent based on your place of residence or the registered seat of the Data Controller which is the Metropolitan Court of Budapest.

Requests to exercise your rights, as indicated above, can be submitted by post to EPTA International Kft. 1134 Budapest, Dózsa György út 146-148. A. ép. or by email to compliance@eptarefrigeration.com

  1. Use of Cookies

For further information about cookies and their processing, with extended and comprehensive information, please refer to the Cookie Policy at Cookie Policy | Epta International

  1. Existence of automated decision making, including profiling

  2. You will not be subject to decisions based on automated data processing without your prior consent. 

  3. Amendments

This Privacy Policy may be subject to changes or updates in accordance with regulatory and technological developments. In the event of substantial changes to the Privacy Policy, we will send you the new version of the Privacy Policy by e-mail or bring the new Privacy Policy to your attention at the first time you access the Site after the date of the modification of the Privacy Policy, and, where appropriate, collect a new consent.

 

Last Updated: August 07, 2025.