Data control


General provisions

FWB Friends Kft. (registered seat: 1054 Budapest, Aulich utca 7, reg. no.: 01-09-895863, tax no.: 14257896-2-41) and Gerő Kata responsible party (registered seat: 1125. Budapest, Trencséni street 37., reg. no.: 37795897, tax no.: 66697389132, hereinafter Data Controllers) respect the informational self-determination and rights on personal data of the persons visiting the website (hereinafter Website) and the respective webshop (hereinafter Webshop). Data Controllers are performing their data controlling activities concerning personal data and special data in accordance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter Info Act) and other laws and regulations in force.

This regulation – in accordance with provision set forth in Section 20, Info Act – provides a preliminary information of the data subject what kind of data are collected by Data Controllers, and for what purposes, on what legal basis, how and until when these data are processed, whom these data might be disclosed to, and who can access these data. This Privacy Policy – and the provisions of the law mentioned above – is for You to know how You can ask for the rectification of the controlled data, and how You can ask to blockor delete these from the registry of Data Controllers, and what options for remedy You have concerning the breach of your rights on data control.

By accepting Privacy Policy, user of the Website explicitly permits his/her personal data to be registered, controlled and transferred as detailed below.

Privacy Policy does not apply to those websites – under different domains – that can be accessed via links from Data Controllers do not take any responsibility for data controlling or other activities performed by the operators of these websites.

Contents of Website (notes, studies, other documents, graphics, images, etc.)are the intellectual properties of the named authorsand are protected by copyright according to Act LXXVI of 1999 on Copyright, therefore any rights for use or utilize these intellectual properties belong to Data Controllers and the explicitly indicated authors.


Set of controlled personal data

Data Controllers register and control only such kind of personal data (first and last name, home address, delivery and invoice address, e-mail, password and phone number, sex, age of the user) which have been voluntarily provided by the user for the discretion of Data Controllers – during the course of registration or order made on the Website – or which have been explicitly permitted by the user to be registered, controlled and transferred by Data Controllers.Submitting a registration or an order includes a filling of a form containing personal data and accepting the provisions of Privacy Policy.Permission during the course of submitting a registration or an order to register, control and transfer personal data by Data Controllers is considered as a written consent.

Users are responsible for the accuracy of data put by the users at the disposal of Data Controllers.

During the course of visiting the Website, the server of the Website automatically saves and stores certain kinds of data for system administration, statistical or safety purposes. These are: the internet provider of the user, sometimes the so-called IP address of the user, version number of the browser, type of operation system, pages visited by the user on the Website, and those search words that were used to access the Website. These data allow concluding only to the attendance of the Website and to the computers used to access the Website, therefore these data are not considered as personal data.These data are used only in an anonymous way.If Data Controllers transfer these data to third parties, it is done exclusively in accordance with the provisions of related rules and regulations. These data will be stored up to 2 years from the date of the visit by Data Controllers.The legal basis of data control in this case is the provision set forth in Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

In order to make the use of the Website easier, Data Controllers are using anonymous visit identifiers called ‘cookies’. Cookies are small text files and will be stored temporarily on the hard disk of the user through the browser during the visit of the Website; their function is to make the visit more comfortable. Cookies used by Data Collectors are not suitable for accessing personal data of the users or to identify the user. Most browsers automatically accept these anonymous visit identifiers. However, by modifying the settings of the browser, the user can prevent the appearance of cookies of the hard drive of the user. Furthermore, users can remove stored cookies from the computer by simply deleting the temporary internet files from the hard disk of the computer.

Website uses so-called ‘social plug-ins’ www.facebook.comon the social network operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). Plug-ins can be recognized by the Facebook logo (white F in a blue square, or a ’thumbs up’sign), or it is indicated as a ’Facebook Social Plug-in’. List of Facebook plug-ins and their appearances can be accessed by clicking on this link: If you click on a website at our page which contains the plug-in, then your browser directly contacts the Facebook server and the content of the plug-in will be transferred directly to your browser.Webshop has no influence on the data set which is extracted by Facebook plug-ins, therefore we inform our users that by plug-ins, Facebook gains information about the websites which you visited through Webshop. I fuser is logged in to Facebook, then Facebook aligns the visit of the user with the Facebook account of the user. If user uses the plug-in, e.g. if a comment is written or the ’Like’ button is activated, then the related information is transferred directly to Facebook, where these information will be stored. If user is not registered at Facebook, then it may happen that Facebook finds and saves the IP address of the Customer.More detailed description on the range of data collection, use and further processing of data, and protection of the private life of Customer and setting preferences can be found at the following link: I fuser is a registered Facebook visitor, but does not prefer Facebook gaining data through our Website or connect these data with the Facebook account of the user, then user must log out from the Facebook account before visiting our Website.

According to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, user can preliminarily and explicitly accept that Data Controllers should seek him/her using the contacts provided at registration or order (e.g. e-mail or phone) with advertisement offers or other consignments. Personal data of the user necessary to send advertisement offers are handled by Data Controllers according to the provisions of Privacy Policy. Data Controllers naturally will not send unwanted advertisement messages and users can remove themselves from the list without any limitation or need to justify by clicking on the link included in the message.


Purpose of data control

Personal data of Customer can be handled and used by Data Controllers only for the purposes of contacting and invoicing, performing the order and delivery and – if authorized by the Customer – for marketing.


Legal basis of data control

Legal basis of data control by Data Controllers is the registration of Customer or the submission of an order; and during the course of these, the explicit written consent and acceptance of the contents of Privacy Policy.

Personal data put to the disposal of Data Controllers are not handled by Data Controllers exceeding the frames stipulated by applying rules and regulations or by exceeding the consent of the Customer, and do not transfer these data to third parties, except data handling, usage or transfer is compulsory due to laws or decree of an authority or jury.

Transferring of personal data of Customer will be conducted by Data Controllers in full accordance with the provisions of the related laws and regulations.


Safety of the data

Personal data are stored by Data Controllers on a server located in Hungary and protected with enhanced security measures. Data Controllers take all necessary safety precautions to protect data –to prevent loss, unauthorized transfer, use, disclosure, modification, deletion, destructionor unauthorized data input.


Persons with right of access the data

Registry, control and transfer of data are performed by Data Controllers and employees and agents of Data Controllers.

Apart from the persons mentioned above, no one has access to the data. These persons are obliged to handle the accessed data in a confidential way and under no conditions shall use these data for other purposes than set forth herein as the purpose of access.


Duration of data control

Data Controllers store and control personal data in case of registered Consumers for unlimited period of time. In case of non-registered users, Data Controllers store and control data for a duration of one (1) year from the submission of the order. In both cases, Data Controllers can only store and handle personal data until the withdrawal of consent of data subjects.


Rights of data subjects

The data subject (user) may under the entire duration of handling of his/her personal data request from Data Controller information on his/her personal data being processed, and rectification of his/her personal data. Furthermore, user may has the right to withdraw his/her consent for the future concerning the handling of personal data, and – except the cases of mandatory data processing – blocking (permanent or temporary limitation of data handling) or erasure of his/her personal or special data from the registry of Data Controllers. Concerning these questions, Data Controllers are at the users’ disposal at this e-mail: or postal address: 1054 Budapest, Hold utca 10.

User has the right to separately withdraw his/her consent to the use of his/her data for marketing purposes, and also has the right to unsubscribe the newsletter – by using the link included in the newsletter – sent to his/her address by Data Controllers.


Available remedies

The data subject has the right to object to the processing of his/her personal data:

a)        if processing or disclosure is carried out solely for the purpose of discharging the Controller’s legal obligation or for enforcing the rights and legitimate interests of the Controller, the recipient or a third party, unless processing is mandatory;

b)        if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and

c)        in all other cases prescribed by Info Act.

In the event of objection, the controller shall investigate the cause of objection within the shortest possible time inside a fifteen-day time period, adopt a decision as to merits and shall notify the data subject in writing of its decision.If, according to the findings of the controller, the data subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection. If the data subject disagrees with the decision taken by the controller, or if the controller fails to meet the deadline specified above, the data subject shall have the right to turn to court (in a way stipulated by Info Act) within thirty (30) days of the date of delivery of the decision or from the last day of the time limit.

Data controllers shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. The data controller shall also be liable for any damage caused by data processor acting on its behalf. The data controller may be exempted from liability if he proves that the damage was caused by reasons beyond his control.No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party.

Available remedies are detailed in Sections 21-23 of Info Act.


Data Controller, responsible persons

Persons responsible for the handling of data and legality of processing: FWB Friends Szolgáltató és Kereskedelmi Korlátolt Felelősségű Társaság (seat: 1054 Budapest, Aulich utca 7, reg. no.: 01-09-895863, tax no.: 14257896-2-41) and Gerő Kata responsible party (seat: 1125 Budapest, Trencséni street 37., reg. no.: 37795897, tax no.: 66697389132)

Data Controllers have been registered at the data protection register by Nemzeti Adatvédelmi és Információszabadság Hatóságnál (NAIH – Hungarian National Authority for Data Protection and Freedom of Information).


Further questions

Data Controllers deem Privacy Policy mandatory and undertake obligation that data handling related to their services comply with the provisions of Privacy Policy.

Data Controllers maintain the right to check the data provided by users any time, especially when doubts arise concerning the accuracy or verity of such data. During the duration of this check, Data Controllers are authorized to limit or suspend access of the user to any commercial online website operated by Data Controllers – but no longer than the end of the period of the check.

If you have further questions concerning the data handling by Data Controllers, do not hesitate to contact us in e-mail: ask@fwbskin.comat our postal address: 1054 Budapest, Hold utca 10.


Related laws and regulations

By writing thisPrivacy Policy we considered the following laws and regulations:

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information

Act CVIII of 2001 on certain issues of electronic commerce services and information society services

Act XLVII of 2008 on the Prohibition of Unfair Commercial Practice against Consumers;

Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities

Act XC of 2005 on the Freedom of Information by Electronic Means

Act C of 2003 on Electronic Communications


23 July 2014, Budapest