Privacy Policy

informs you, as a visitor of our website and user of our services, about the data protection and data processing practices of our company.

What principles do we follow in our data processing?

In the course of data processing, our company adheres to the following principles:

We process personal data lawfully, fairly, and transparently to you.
We collect personal data only for specified, clear, and legitimate purposes, and we do not process them in a manner incompatible with these purposes.
The personal data we collect and process are appropriate, relevant, and limited to what is necessary for the purposes of processing.
We take all reasonable steps to ensure that the personal data we manage are accurate and, if necessary, up to date. Inaccurate data are promptly deleted or corrected.
We store personal data in a form that allows identification of the data subject only for as long as necessary for the purposes of the data processing.
We apply appropriate technical and organizational measures to ensure the security of personal data, protecting them against unauthorized or unlawful processing, accidental loss, destruction, or damage.
We process your personal data based on your prior informed and voluntary consent, to the necessary extent and always for a specific purpose—i.e., we collect, record, organize, store, and use them accordingly.
In some cases, processing of your data is required by law—in such instances, we will clearly inform you of this.
In certain cases, we process your personal data based on legitimate interests of our company or third parties, such as the operation, development, and security of our website.

2. Who are we?

Company name: ÁCHROME BRAND
Website: www.a-chrome.com
Postal address: 1133 Budapest, Pannónia 89.
Email address: info@a-chrome.com
Adószám:

Our hosting provider:

Name: Rackhost Zrt.

Address: 6722 Szeged, Tisza Lajos krt. 41.

Website: www.rackhost.hu

Email address: info@rackhost.hu

To provide quality service to our customers, we use the following data processors:

Data Processor (1): Stripe, Inc. – Payment Processor
• Address: 510 Townsend Street, San Francisco, CA 94103, USA
• Responsibility: Online payment processing

Data Processor (2): CookieYes Limited – Cookie Consent Manager
• Address: 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, UK
• Responsibility: Ensuring cookie compliance under GDPR, ePrivacy, and other regulations

Any changes to our data processors will be updated in this policy accordingly.

What are cookies and how do we handle them?

Cookies are small data files (hereinafter “cookies”) that are placed on your device through your browser when you use our website. Most commonly used browsers (e.g., Chrome, Firefox) by default accept and allow the use of cookies. However, you can modify your browser settings to reject or disable cookies, and you can delete cookies already stored on your computer.

For more detailed instructions, refer to the “Help” section of your browser.

Some cookies do not require your prior consent. These are explained upon your first visit to our website and include authentication, multimedia player, load-balancing, user interface customization session cookies, and user-focused security cookies.

For cookies that do require consent, we inform you and ask for your consent at the start of your visit if the data processing begins immediately.

We do not use or allow third-party cookies that collect data without your consent.

Please note: Accepting cookies is not mandatory. However, we are not responsible if our website does not function properly due to cookie refusal.

What cookies do we use?

Name	Purpose	Expiry	Type
_ga	Registers a unique ID for generating statistical data on how the visitor uses the site	2 years	HTTP
_gat	Used by Google Analytics to throttle request rate	Session	HTTP
_gid	Registers a unique ID for generating statistical data on how the visitor uses the site	Session	HTTP
_fbp	Used by Facebook to deliver advertising products (e.g., real-time bidding)	3 months	HTTP
fr	Used by Instagram for delivering a range of advertising products (e.g., real-time offers from third parties)	3 months	HTTP

You can find more information on third-party cookies on the relevant page of our website.

Additional Information About Website Data Processing

You provide your personal data voluntarily during registration or when contacting our company.
Therefore, please ensure that the data you provide are accurate, complete, and up to date, as you are responsible for their correctness.
Incorrect, inaccurate, or incomplete data may hinder access to our services.

If you provide personal data of another individual, we assume you have the necessary authorization to do so.

You may withdraw your consent to data processing at any time, free of charge by:

deleting your registration,
withdrawing your consent to data processing, or
revoking or requesting the blocking of consent for processing or using any mandatory data provided during registration.

We register consent withdrawals within 30 days due to technical constraints, but please note that in certain cases we may still process some data to fulfill legal obligations or protect our legitimate interests.

If false personal data are used or if a visitor commits a criminal offense or attacks our systems, we will immediately delete their registration and, where necessary, retain the data during civil or criminal proceedings.

What You Should Know About Direct Marketing and Newsletters

You may give your consent to marketing use of your personal data either during registration or later by modifying your data and preferences on our newsletter or direct marketing platforms.

If you consent, we may process your data for direct marketing and/or newsletter purposes and send you advertisements, promotional content, newsletters, and other offers—until you withdraw your consent (based on Section 6 of the Act on Commercial Advertising, “Grtv.”).

You can grant or withdraw consent separately for direct marketing and newsletters, or both together, at any time, free of charge.

Deleting your registration is always treated as withdrawal of consent.
However, withdrawing consent for direct marketing and/or newsletters does not automatically mean the withdrawal of consent for other forms of data processing (e.g., related to website registration).

Each consent applies to a specific purpose.
Thus, registering on the website and subscribing to the newsletter are two separate actions with separate databases—they are not linked.

We process consent withdrawals within 15 days due to technical reasons.

What You Should Know About Sweepstakes

Our company may organize promotional sweepstakes on a campaign basis.
Each sweepstake is governed by its own specific rules, which are always available on our website’s homepage via a prominently placed link.

Other Data Processing Issues

We only share your data under conditions defined by law.
In the case of data processors, we ensure by contractual terms that they do not use your personal data for purposes inconsistent with your consent.

(For more information, see Section 2.)

Our company does not transfer data abroad.

Authorities such as courts, prosecutors, the police, tax authorities, or the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) may request information, data, or documents from our company.
In such cases, we must comply—but only to the extent necessary for the purpose of the request.

Employees and partners involved in our data processing activities may access personal data only to the extent necessary for their tasks and under strict confidentiality obligations.

We protect your personal data using appropriate technical and organizational measures, ensuring data security and availability, and protecting them from unauthorized access, modification, damage, disclosure, or other unlawful use.

Organizational measures: We control physical access to our premises, regularly train our staff, and store paper-based documents securely.
Technical measures: We use encryption, password protection, and antivirus software.

⚠️ Note: While we do our best to secure data, data transmission over the internet can never be fully secure. We cannot accept full liability for data transmitted via the internet, but once we receive the data, we follow strict rules to protect them from unauthorized access.

Please help us protect your data by carefully storing your website login password and not sharing it with others.

Your Rights and Legal Remedies

You may:

request information about data processing,
request correction, amendment, or completion of your personal data,
object to data processing and request deletion or blocking of your data (except for mandatory data processing),
seek legal remedy in court,
file a complaint with or initiate a procedure at the supervisory authority.

Supervisory Authority:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
• Address: 1055 Budapest, Falk Miksa utca 9-11.
• Mailing address: 1363 Budapest, Pf. 9.
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• Email: ugyfelszolgalat@naih.hu
• Website: https://naih.hu

Upon request, we provide information about:

the data we process about you,
their source,
the purpose and legal basis of processing,
the duration of processing (or, if not possible, the criteria for determining this),
our data processors and their roles,
data protection incidents (causes, consequences, and preventive actions),
any data transfers (legal basis and recipients).

We respond within 15 days (maximum 1 month).
Information is free of charge unless you request the same information more than once per year.
If your data were processed unlawfully or the request led to correction, we refund any costs.

We may only deny requests if required by law, citing legal reasons and informing you of your right to judicial review or to contact the Authority.

We notify you and all recipients of any corrections, blocking, marking, or deletion of data—unless doing so would violate your legitimate interest.

If we deny your request for correction, blocking, or deletion, we will notify you of the reasons within 15 days (maximum 1 month), and inform you of legal remedies.

If you object to data processing, we will investigate your objection within 15 days and inform you of the decision.
If we accept the objection, we will stop data processing, block the data, and inform all parties involved.

We may only refuse your objection if we can prove that processing is based on compelling legitimate grounds that override your rights, or is necessary for legal claims.

If you disagree with our decision or receive no response, you may take the matter to court within 30 days.

Data protection lawsuits fall under the jurisdiction of the regional court. You may file the lawsuit at your place of residence or stay.
Foreign nationals may also contact their local data protection authority.

📩 Before taking legal action or contacting a supervisory authority, we kindly ask you to contact our company directly to resolve your issue quickly and amicably.

Applicable Laws

Our operations are governed by the following laws:

Regulation (EU) 2016/679 of the European Parliament and Council on the protection of personal data (GDPR)
Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)
Act V of 2013 on the Civil Code
Act CVIII of 2001 on Electronic Commerce and Information Society Services
Act C of 2003 on Electronic Communications
Act CLV of 1997 on Consumer Protection
Act CLXV of 2013 on Complaints and Whistleblowing
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising (Grtv.)

Modifications to This Privacy Policy

Our company reserves the right to modify this Privacy Policy.
All changes will be communicated appropriately.
Information related to data processing will be published at: info@a-chrome.com

Budapest, 2025.05.05.