Privacy Policy

The operator of this website,
INNOFIT INTERNATIONAL TRADE LTD
35 Stasikratous str.
1065 Nicosia,
Cyprus
Registration number 418443
email: innofitit@gmail.com
(hereinafter referred to as the Controller) declares that it will do its utmost to ensure the lawful and secure processing of its Customers’ data in accordance with the GDPR Regulation.

We are available to our Customers at this email address.
Our company is not obliged to appoint a data protection officer under the GDPR, so you can also contact us at our central contact details for data protection enquiries. Should you have any questions regarding this Policy or any other subject, please do not hesitate to contact us and we will be happy to answer them.

In order to prevent unauthorized third-party access to your personal data, we use the latest SSL technology to encrypt the ordering process.

The protection of personal data is a matter of trust – and Your trust is important to us.
We respect your privacy and your right to manage information about yourself and your person independently. Moreover, we stay strictly within the regulations concerning the processing of personal data. In this respect, we bring to our Customers’ attention the following:
Legal References
Our data management principles are in line with the applicable data protection legislation in force, so the national/international provisions applicable to the Member States of the European Union apply.
Data Processors
In order to provide a high quality service to our customers, our Company uses the following Data Processors to process data:

Financial partner

STRIPE INC
  • Seat: 354 Oyster Point Blvd South San Francisco, CA, 94080-1912 United States
  • Company registration number: RA000602

Hosting company data

GoDaddy.com, LLC
  • Seat: 14455 North Hayden Road Suite 219 Scottsdale, AZ 85260, United States 
  • Community VAT registration number: EU826010755

Newsletter and CRM service provider details

SalesAutoPilot Korlátolt Felelősségű Társaság
  • Seat: H-1016 Budapest, Zsolt utca 6/C 4. emelet 4.
  • Company registration number: 01-09-286773
  • Community VAT registration number: HU25743500

Automatic invoicing

Xero Inc.
  • Seat: 1615 Platte Street, Suite 400, Denver, CO 80202 USA

Accounting

Crystal Cyprus Corporate & Finance Services Ltd
  • 35 Stasikratous str.
  • Crystal Offices, Christou Morfaki Building
  • 3rd Floor, Office 301
  • 1065 Nicosia
  • Cyprus

Delivery

MOEDER s.r.o.
  • Seat: Komárňanská 2681/160 947 01 Hurbanovo 
  • Company registration number: 46383336
  • VAT Number: 2023360141
  • Community VAT registration number: SK2023360141
General Logistics System
  • The website and seats are available by country in the table: GLS table

Knowledge Base Provider

MemberMouse, LLc
  • Seat: 1201 Orange Street, Suite 600, Wilmington, Delaware, 19801, United States 
  • Organization Website: www.membermouse.com
  • Contact Phone Number: (302) 575-0877

SMS Notification Service

Bip Communications Szolgáltató és Tanácsadó Kft.
  • Seat: H-1134 Budapest, Bulcsú utca 23. b. ép. III. em. 8.
  • Company registration number: 01 09 947432
  • Phone Number: +36-30/493-7166
  • Website: https://sms.bipkampany.hu
We pay particular attention to working exclusively with expressly reliable partners who also consider security and legality highly important.
Scope of personal data processed, legal basis
Legal basis of the data we process, purpose, nature of the data processed, duration, data subjects.

When Visiting Our Webpages

  • Legal basis: legitimate interest of our Company
  • Data processed: IP address, time and duration of the visit, list of subpages visited, your operating system, browser type, screen resolution
  • Purpose of data processing: to provide statistical analysis to monitor and improve the quality of our services
  • Duration: 2 years
  • Data processors: Google Analytics (the Data Processor is Google)
  • Note: the data evaluated in the statistical analysis are not identified with specific individuals. (i.e. data are only analysed in bulk, in this sense completely anonymously.)
If you are interested in more information, you can find detailed information on how Google Analytics works on the following page.

Newsletter (Direct Marketing) Services

  • Legal basis: explicit consent
  • Data processed: last name, first name, e-mail address
  • Non-compulsory data processed: interests (if the website offers multiple newsletter subscription options)
  • Purpose of data processing: notification of promotions, new products, campaigns, contact for commercial purposes, general contact
  • Duration: until unsubscription / withdrawal of consent
  • Data processors: CRM

Purchase of the Product

  • Legal basis: legal obligation (certification)
  • Data processed: customer’s last name, first name, email address, telephone number, billing address, postal address, IP address, amount, date and time of the transaction, note by the customer
  • The purpose of data processing is to comply with our contractual obligations, to issue invoices, to perform our warranty obligations in certain cases, to notify you of technical changes regarding the product
  • Duration: 8 years (from the last day of the year of the order)
  • Data processors: CRM, Invoicing, Accountant, Delivery, Financial services (card payment)

Profiling

The Data Controller does not profile visitors/registrants based on their behaviour, interests or other data provided by them and does not use automated offer generation, classification or decision-making.
Of course, you can unsubscribe from our list at any time by a single click – in this case, we will physically delete your data from all of our systems.
Or you can use any of our services without subscribing to our promotional e-mails.
Cookies

What are the cookies and how are they used?

In order to make our website attractive and to allow certain features to be used, so-called cookies are used on various pages. These are small data files stored in your terminal equipment (computer, smartphone). They usually contain a distinctive string that allows the browser to uniquely identify you when you revisit the site.

Their primary objective is to make our online offers more user-friendly and efficient, and to remember the visitors’ individual preferences. The user data collected in the cookies are converted by technical precautions into pseudonyms, so it is usually no longer possible to assign the data to the accessing user.

It is not mandatory to accept cookies and you can change them at any time in the settings of your browser or you can delete them completely. However, our Company is not responsible if, in the absence of the authorization of cookies, our website does not function as expected. Of course, we strive to deliver the maximum user experience even without you having to accept cookies.

How to Switch Off Cookies

What cookies do we use?

Some cookies do not require your prior consent. Our website will give you brief information about these when you first visit our website. Our Company will inform you of the cookies that require your consent at the start of your first visit and ask for your consent.
Our Company does not use or allow cookies that enable third parties to collect data without your consent.
System Cookies
Most of the cookies we use are called “session cookies” that are automatically deleted when your browser session ends. The purpose of these cookies is to make our website safer, more efficient and user-friendly. This type of cookie does not require consent.
Permanent cookies
Persistent or permanent cookies are saved even after the browser is closed, so e.g. the search criteria you entered can be saved. The persistent cookies are automatically deleted after a certain time, which may differ depending on the cookies. However, you can also delete these cookies at any time in your browser’s security settings.
Tracking Cookies (Third Party Cookies)
Cookies stored on your computer or mobile device may also come from partner companies (e.g. Google Analytics, Google Remarketing, Facebook Remarketing) and require explicit consent. We use these cookies to ensure the ongoing optimisation and customisation of our website. We also use tracking measures to collect information about how visitors use the websites.
The partner company’s cookies are stored on your browsing device for up to 180 days or until they are deleted.
For further information on third-party cookies, see https://www.google.com/policies/technologies/types/, on data protection, see https://www.google.com/analytics/learn/privacy.html?hl=hu.
Receiving Advertising Messages

What do you need to know about our data management for direct marketing and newsletter purposes?

By modifying your personal data stored in the newsletter and/or direct marketing registration area (i.e. by clearly indicating your consent), you can give your consent for us to use your personal data for marketing purposes. In this case, we will also process your data for the purposes of direct marketing and/or sending you newsletters, promotional and other mailings, information and offers and/or newsletters until your consent is withdrawn (Hungarian Act on Commercial Advertising, Article 6).
You may give your consent to direct marketing and the newsletter together or separately, or withdraw your consent(s) free of charge and at any time.
Withdrawal of consent to data processing for direct marketing and/or newsletter purposes shall not be construed as withdrawal of consent to data processing in relation to our website.

Other data management issues

We may only transfer your data to the extent outlined in the legislation, and, as far our data processors are concerned, we shall ensure by contractual specifications that your personal data may not be used by them for purposes other than those included in your consent.

Courts, public prosecutors’ offices and other authorities (e.g. police, tax office, National Authority for Data Protection and Freedom of Information) may contact us for information, data or documents. In these cases, we must fulfill our duty of disclosure, but only to the extent strictly necessary to achieve the purpose of the request.

We protect your personal data by appropriate technical and other measures, and ensure the security and availability of your data, moreover, we protect them from unauthorized access, alteration, damages, disclosure and any other unauthorized use.
Rights of data subjects

Right to information

The Controller shall take appropriate measures to provide the data subjects with all the information referred to in Articles 13 and 14 of the GDPR concerning the processing of personal data, and to provide any information referred to in Articles 15 to 22 and 34 in a concise, transparent, comprehensible and easily accessible form, using clear and comprehensible language.

We will provide you with information within 14 days (but not more than 1 month) of the request. The information is free of charge unless you have already submitted an information request for the same data set in current year. Your expenses paid will be reimbursed if your data have been unlawfully processed or if your request for information has resulted in a correction. We may refuse to provide information only in cases provided for by law, by indicating the place where the information is provided and by informing you of the possibility of judicial remedy or recourse to the authorities.

You, and any person to whom the data has been previously transmitted for the purpose of data processing, shall be informed by our Company about any rectification, blocking, marking and deletion of personal data, unless your legitimate interest is not prejudiced by the failure to give such notification.

Right of Access

The data subject shall have the right to request information on the data we process in accordance with Article 15 of the GDPR, in particular regarding the following:
  • purposes of the processing;
  • categories of personal data concerned;
  • the categories of recipients to whom your data have been or will be disclosed;
  • intended storage period;
  • right to rectification, deletion or restriction of processing of data and right to object;
  • existence of the right to complain;
  • information on data sources;
  • automated decision-making, including profiling, and, where appropriate, substantive information concerning the data.
The Controller shall provide the information within a maximum period of one month from the submission of the application.

The right to rectification of data (Article 16 of the GDPR)

The data subject may request the correction of inaccurate personal data relating to him or her processed by the Controller and the completion of incomplete data.

The right to deletion (Article 17 of the GDPR)

The data subject shall have the right to request the deletion of their personal data if the requirements of Article 17(1) of the GDPR are met. The deletion of data cannot be initiated if data processing is necessary:
  • for the purpose of exercising the right to freedom of expression and information;
  • with the purpose of performing any obligation requiring the processing of personal data applicable to the Controller as per EU or member state law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • with a purpose concerning the area of public health or for archiving, scientific and historical research or statistical purposes on grounds of public interest;
  • to make, enforce or protect legal claims.
We undertake the registration of the withdrawal of the consent with a deadline of 14 days, but we point out that we are allowed to process certain data even after the consent has been withdrawn in order to fulfill our legal obligation or to exercise our legitimate interests.

The right to the restriction and withdrawal of data processing (Article 18 of the GDPR)

The Controller shall, at the data subject’s request, limit the data processing where any of the following conditions is met:
  • the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for the period of time which enables the verification of the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the deletion of the personal data and requests the restriction of their use instead;
  • the Controller no longer needs the personal data for the purpose of data processing, but the data subject requires them for the purpose of submitting, enforcing or protecting legal claims; or
  • the data subject has objected to the processing of data; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.
Where the processing is restricted, personal data may be processed only with the data subject’s consent (except for storage), or for the submission, validation or protection of legal claims, or for the protection of the rights of other natural or legal persons, or for the important public interest of the EU or a member state.

The right to data portability (Article 20 of the GDPR)

The data subject shall have the right to receive the personal data relating to them or made available by them to the controller in a structured, widely used, machine-readable format and to transmit such data to another controller.

The right to object (Article 21 of the GDPR)

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, including profiling based on those provisions.

In the event of an objection, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If you object to the processing of your personal data, the objection will be examined as soon as possible, within 14 days (but no later than 1 month) from the submission of your request, and you will be informed in writing of our decision. If we decide that your objection is justified, we will stop the processing, including any further collection and transfer, and block the data, and notify the objection and any action taken in response to it to all those to whom we have previously disclosed the personal data to which the objection relates and who are required to take action to enforce the right to object.

We refuse to comply with a request if we prove that the processing of data is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms or which relate to the submission, validation or protection of legal claims. If you disagree with our decision or if we miss the deadline, you may initiate legal proceedings within 30 days from the date of the notification of the decision or from the last day of the deadline.

Automated individual decision-making and profiling (Article 22 of the GDPR)

The data subject shall have the right not to be subject to a decision based solely on automated data processing, including profiling, which would have legal effects on him or would similarly significantly affect them.

The right of revocation

Data subjects have the right to withdraw their consent to the processing of their personal data at any time.

The right to apply to the courts

The data subject, in the event of a breach of their rights, may apply to court against the Controller. The court will proceed in the matter out of turn.
The court of justice shall have jurisdiction to adjudge litigations on data protection, and the lawsuit can be initiated at the court of justice of data subject’s place of residence or stay. A foreign citizen may lodge a complaint with the supervisory authority of their place of residence.

Before you apply to the surveillance authority or the court with your complaint to be consulted and to address the problem arisen as soon as possible, please contact our Company at this e-mail address or by postal service with registered delivery with acknowledgment of receipt addressed to the seat of our Company.

Right to Lodge a Complaint

Final Provisions
The Controller points out that the data subject is responsible for the accuracy of the personal data. If the data subject does not provide his/her own personal data or provides incorrect data/personal data, he/she shall fully indemnify the Controller in the event of a third party claim against the Controller. For matters not covered by this Privacy Notice, data processing is governed by applicable law, in particular the GDPR.
Modification of the Privacy Policy
Our company reserves the right to make unilateral changes to this Privacy Policy, about which it shall adequately inform the parties concerned.

The modified provisions shall apply after their entry into force.
1 February 2022