Privacy policy
informing you, as a visitor to our website and as a user of our services, about our company’s data processing and data protection rules.
What fundamental principles do we follow in our data processing?
Our company adheres to the following principles when processing personal data:
We process personal data lawfully, fairly, and in a transparent manner for you.
We collect personal data only for specified, explicit, and legitimate purposes and do not process them in a way incompatible with these purposes.
The personal data we collect and process are adequate, relevant, and limited to what is necessary for the purposes of data processing.
We take all reasonable steps to ensure that the personal data we process are accurate and, where necessary, kept up to date; inaccurate personal data are deleted or rectified without delay.
We store personal data in a way that permits your identification only for as long as necessary to fulfil the purposes of processing.
We ensure the appropriate security of personal data through suitable technical and organisational measures, protecting them against unauthorised or unlawful processing, accidental loss, destruction, or damage.
Our company processes your personal data:
based on your prior informed and voluntary consent, only to the extent necessary, and always in a purpose-bound manner—that is, we collect, record, organise, store, and use them strictly as required;
in certain cases based on statutory requirements, in which case we will draw your attention to this;
and in certain cases based on the legitimate interest of our company or a third party, such as for the operation, development, and security of our website.
Who are we?
Company Name
Lillyneir Kft.
Registered Seat
Törökbálint, Tópark u. 1/A, 2045
Website
lillyneir.hu
Company Name
Lillyneir Kft.
Postal Address
Törökbálint, Tópark u. 1/A, 2045
info@lillyneir.hu
Tax Number
23567296-2-43
Company Registration Number
13 09 151111
Our company is not obliged to appoint a Data Protection Officer under Article 37 of the GDPR.
Data processors engaged by our company to ensure high-quality customer service:
Data Processor
Address
Responsibilities
Molnár Attila József
4150 Püspökladány, Tompa Mihály utca 4.
All activities
Morvay Tamás
2040 Budaörs, Őszirózsa utca 63.
All activities
dr. Oláh Dóra
1201 Budapest, Átlós utca 102.
All activities
Any future changes to our data processors will be reflected in this notice.
Data We Process
Activity & Purpose
Legal Basis
Data Processed
Retention Period
Website Visit
Purpose: ensuring proper and high-quality website operation; monitoring and improving services; identifying malicious visitors attacking the website; traffic measurement and statistics
Legitimate interest
IP address, time of visit, data of visited subpages, operating system and browser type
1 month
Website Registration
Purpose: providing a richer user experience; notifications about outages, changes in contact details, etc.
Consent
Last name, first name, date of birth (to verify age 16 or 18), email address
Until registration is deleted or consent is withdrawn
Newsletter Service
Purpose: maintaining contact; informing you about new promotions and products
Consent
Full name, date of birth (age verification), email address, optional data (interests, residence, etc.)
Until newsletter unsubscribe
Direct Marketing Service
Purpose: personalised offers based on purchasing habits; business acquisition; sending information about our products and services
Consent
Full name, date of birth, email, optional phone number, other optional data (interests, residence, etc.)
Until direct marketing unsubscribe
Customer Service, Complaints
Purpose: responding to comments or complaints
Legal obligation
Full name, email, phone number, mailing address, other personal message
5 years
We request personal data from visitors only when they wish to register, log in, or participate in a prize game.
Personal data provided for registration or marketing cannot be linked together; identifying visitors is not our primary purpose.
You may request further information regarding data processing at info@lillyneir.hu or by post; we will respond within 15 days (at most 1 month) to the contact details you provided.
What are cookies and how do we use them?
Cookies are small data files placed on your computer through the website and stored by your browser. Most browsers (Chrome, Firefox, etc.) accept cookies by default, but you may modify your browser settings to refuse or disable them, and you can delete cookies already stored. Further information is available in your browser’s “Help” menu.
Some cookies do not require your prior consent. We provide short information about these during your first visit. These include authentication cookies, multimedia player session cookies, load-balancing cookies, user-interface customisation cookies, and user-centric security cookies.
For cookies requiring consent—when processing begins during the visit—we inform you during your first visit and ask for your consent.
We do not use or permit cookies that would allow third parties to collect data without your consent.
Accepting cookies is not mandatory, but we are not liable if certain website functions fail to operate as expected without them.
Cookies Used
Name
Provider
Purpose
Expiry
Type
_ga
lillyneir.hu
Registers unique ID for statistics on website usage
2 years
HTTP
_gat
lillyneir.hu
Stores throttle request rate used by Google Analytics
Session
HTTP
_gid
lillyneir.hu
Registers unique ID for usage statistics
Session
HTTP
_fbp
lillyneir.hu
Used by Facebook to deliver advertising to third parties (e.g., real-time ads)
3 months
HTTP
fr
facebook.com
Facebook cookie providing various advertising products (e.g., real-time bidding)
3 months
HTTP
More about third-party cookies: https://policies.google.com/technologies/types?hl=hu
Additional Information on Website-Related Data Processing
You provide personal data voluntarily during registration or when contacting our company; therefore, please ensure accuracy and completeness, as you are responsible for them. Incorrect or incomplete data may hinder our ability to provide services.
If you provide someone else’s data, we assume you are authorised to do so.
You may withdraw your consent at any time, free of charge:
by deleting your registration,
by withdrawing consent to data processing,
by withdrawing or requesting the blocking of consent required for mandatory fields during registration.
We register the withdrawal of consent within 30 days for technical reasons. Certain data may still be processed afterward to fulfil legal obligations or legitimate interests.
In cases of misleading personal data or criminal activity (e.g., attacking our systems), we immediately delete or, if necessary, retain data for civil or criminal proceedings.
What should you know about direct marketing and newsletter data processing?
You may give consent during registration or later (by modifying your stored data) to allow your data to be used for marketing purposes. Until consent is withdrawn, we process your data for direct marketing and/or newsletter purposes and send advertisements, communications, and offers (in accordance with Grtv. §6).
You may grant or withdraw consent for direct marketing and newsletters together or separately, at any time and free of charge.
Deleting your registration is always considered withdrawal of consent. Withdrawal of marketing consent does not automatically mean the withdrawal of consent related to website registration—because each consent applies to a specific purpose and refers to separate databases.
We register consent withdrawals within 15 days for technical reasons.
What should you know about prize games?
Our company may organise promotional prize games, governed by separate rules. The applicable rules are always available on the main page of our website via a central link.
Other Data Processing Information
We transfer your data only as permitted by law. For our data processors, contractual terms ensure they cannot use your data contrary to your consent. Additional information is found in Section 2.
We do not transfer data abroad.
Authorities (courts, prosecution, police, tax office, National Authority for Data Protection and Freedom of Information, etc.) may request information or documents from our company. We comply only to the extent necessary for the request.
Our contributors and employees participating in data processing are bound by confidentiality and may access personal data only to a predetermined extent.
We protect personal data through appropriate technical and organisational measures, ensuring availability and security, and preventing unauthorised access, alteration, damage, disclosure, or misuse.
Organisational measures: controlled physical access, continuous employee training, secure storage of paper documents.
Technical measures: encryption, password protection, antivirus software.
Please note that data transmission over the Internet cannot be fully secured. We take all reasonable steps to secure our systems, but cannot take full responsibility for transmission-related risks; however, strict internal rules protect all data received.
For security reasons, please keep your password confidential and do not share it.
Your Rights and Remedies
You may:
request information about data processing;
request rectification, modification, or supplementation of your data;
object to processing and request deletion or blocking (except for mandatory processing);
seek judicial remedy;
lodge a complaint with the supervisory authority:
Supervisory Authority: National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal Address: 1530 Budapest, Pf. 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website: https://naih.hu/
Upon your request, we provide information about:
your data processed by us or our data processors;
their source;
the purpose and legal basis of processing;
the duration or criteria of storage;
names, addresses, and roles of data processors;
circumstances and effects of data incidents, and measures taken;
legal basis and recipients of any data transfers.
We respond within 15 days (maximum 1 month). Information is free unless you request it multiple times in one year for the same data set.
We may deny information only in cases permitted by law, stating the legal reason and informing you about judicial and supervisory remedies.
Requests for rectification, blocking, marking, or deletion will be communicated to you and to all recipients unless doing so does not affect your legitimate interests.
If we reject your request, we provide reasons within 15 days (maximum 1 month) and inform you of available remedies.
If you object to processing, we examine your request within 15 days (maximum 1 month) and inform you of the outcome. If your objection is justified, we stop processing and notify all relevant recipients.
We may refuse your objection if we demonstrate compelling legitimate grounds or if processing relates to legal claims.
You may go to court within 30 days if you disagree with our decision or if we miss the deadline.
Data protection cases fall under the jurisdiction of courts; proceedings may be initiated before the court of your residence. Foreign citizens may lodge complaints with their competent supervisory authority.
Before contacting authorities or courts, we kindly request you to contact us first for quick resolution.
Main Applicable Laws
Regulation (EU) 2016/679 (GDPR)
Act CXII of 2011 on Informational Self-Determination and Freedom of Information
Act V of 2013 on the Civil Code
Act CVIII of 2001 on Electronic Commerce and Information Society Services
Act C of 2003 on Electronic Communications
Act CLV of 1997 on Consumer Protection
Act CLXV of 2013 on Complaints and Public Interest Disclosures
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grtv.)